Trojanac i jos ko zna sta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 11 Apr 2018 18:23

U potrazi za nekim programima, uspeo sam da zarazim racunar sa trojancem i jos necim. Racunar je dosta usporen, pogledom na task menadzer vidljivo je da aplikacija websock.exe dominira. Takodje je promenjen search u browseru (Mozilla Firefox). Pretragom na netu sam dosao do nekog programa koji je detektovao i trojanca i jos stosta, a pesice u safe modu sam pobrisao dosta toga i sa racunara i iz registra, ali nisam uspeo sve, sto se vidi i nakon toga jer je websock ponovo aktivan. Internetu pristupam preko mobilne mreze (telenor).
Prilazem fajlove skeniranja sa FRST.
mycity.rs/must-login.png
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by ZokiVale (administrator) on ZOKIVALE-PC (11-04-2018 17:24:20)
Running from C:\Users\ZokiVale\Desktop
Loaded Profiles: ZokiVale (Available Profiles: ZokiVale)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\mts mobilni internet\OnlineUpdate\ouc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Web Browser) C:\Browse\Browse.exe
(Web Service Inc.) C:\Applications\Service.exe
(Secrypt Inc.) C:\Browse\cmdsrvs.exe
(Secrypt Inc.) C:\Browse\cmdsrvs.exe
(Web Browser) C:\Browse\Browse.exe
(Web Service Inc.) C:\Applications\Service.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(App Studio Inc.) C:\Applications\websock.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe
(BitTorrent Inc.) C:\Users\ZokiVale\AppData\Roaming\uTorrent\uTorrent.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(BitTorrent Inc.) C:\Users\ZokiVale\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\ZokiVale\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(CodeLathe LLC) C:\Users\ZokiVale\AppData\Roaming\Tonido\tonido.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(IO3O LLC) C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(The Chromium Authors) C:\Browse\Browser\ChromiumPortable.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [ACUW09EN] => C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe [2090952 2016-05-09] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3639616 2018-03-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318112 2017-11-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2740702198-154648627-4041826751-1000\...\Run: [uTorrent] => C:\Users\ZokiVale\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-06-30] (BitTorrent Inc.)
HKU\S-1-5-21-2740702198-154648627-4041826751-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2740702198-154648627-4041826751-1000\...\Run: [ACDSeeCommanderUltimate9] => C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe [3146936 2016-05-09] ()
HKU\S-1-5-21-2740702198-154648627-4041826751-1000\...\Run: [Tonido] => C:\Users\ZokiVale\AppData\Roaming\Tonido\launcher.exe [197120 2017-01-12] (CodeLathe LLC)
HKU\S-1-5-21-2740702198-154648627-4041826751-1000\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe [827904 2017-10-06] (Filipe Lourenço)
HKU\S-1-5-21-2740702198-154648627-4041826751-1000\...\MountPoints2: {64bfebf9-9823-11e7-9034-c01885794988} - V:\Autoplay.exe -auto
HKU\S-1-5-21-2740702198-154648627-4041826751-1000\...\MountPoints2: {8839018f-aeec-11e7-9f6d-c01885794988} - V:\SETUP.EXE
HKU\S-1-5-21-2740702198-154648627-4041826751-1000\...\MountPoints2: {c10c2ab8-119f-11e8-a6b7-c01885794988} - H:\AutoRun.exe
AppInit_DLLs: C:\ProgramData\Quoteex\Qvotip.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Zentraxfind.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2017-12-18]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk [2017-09-21]
ShortcutTarget: Who Is On My Wifi.lnk -> C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe (IO3O LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{06AE81D5-265D-465A-914D-5B9481C00F82}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{3B86353A-09B6-46F8-B961-85CA958D72F9}: [NameServer] 109.245.224.101 109.245.224.102
Tcpip\..\Interfaces\{733DF153-3A3F-4EB3-A3C0-CCAC7A146B06}: [NameServer] 217.65.192.102 217.65.192.101
Tcpip\..\Interfaces\{D370B43B-37E8-4397-AD68-2DED0E2A8452}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2740702198-154648627-4041826751-1000 -> {ielnksrch} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-02] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-05-20] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-02] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: duj6dd9t.default-1492194392001-1515750685026
FF ProfilePath: C:\Users\ZokiVale\AppData\Roaming\Mozilla\Firefox\Profiles\duj6dd9t.default-1492194392001-1515750685026 [2018-04-11]
FF Homepage: Mozilla\Firefox\Profiles\duj6dd9t.default-1492194392001-1515750685026 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\duj6dd9t.default-1492194392001-1515750685026 -> C:\\ProgramData\\Quoteexs\\ff.NT
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2015-04-06] (Verimatrix, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2740702198-154648627-4041826751-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2015-04-06] (Verimatrix, Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2018-04-10]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-03-28] (Dropbox, Inc.)
R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-08] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-12-02] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 mts mobilni internet. RunOuc; C:\Program Files (x86)\mts mobilni internet\UpdateDog\ouc.exe [239968 2016-09-19] ()
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-11-21] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-11-21] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-10-23] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-11-21] (National Instruments Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [413696 2016-09-12] () [File not signed]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2018-04-11] (Enigma Software Group USA, LLC.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-10-31] (Intel(R) Corporation)
S2 MBAMScheduler; "\mbamscheduler.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 butldsk; C:\Windows\System32\drivers\butldsk.sys [192408 2018-03-21] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2018-04-11] ()
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [196040 2017-10-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206976 2017-10-16] (Oracle Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2008-07-27] (OpenLibSys.org)
R3 ALSysIO; \??\C:\Users\ZokiVale\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-11 17:24 - 2018-04-11 17:30 - 000022854 _____ C:\Users\ZokiVale\Desktop\FRST.txt
2018-04-11 17:23 - 2018-04-11 17:24 - 000000000 ____D C:\FRST
2018-04-11 17:22 - 2018-04-11 17:23 - 002403328 _____ (Farbar) C:\Users\ZokiVale\Desktop\FRST64.exe
2018-04-11 16:53 - 2018-04-11 16:53 - 000000000 ___RD C:\Users\ZokiVale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2018-04-11 11:41 - 2018-04-11 16:52 - 000162044 _____ C:\Windows\ntbtlog.txt
2018-04-11 11:40 - 2018-04-11 11:40 - 000003168 ____N C:\bootsqm.dat
2018-04-11 11:01 - 2018-04-11 11:01 - 000000000 _____ C:\autoexec.bat
2018-04-11 11:00 - 2018-04-11 11:00 - 000117358 _____ C:\Users\ZokiVale\Downloads\Websock.exe Virus Removal (April 2018 Update) - Virus Removal.htm
2018-04-11 11:00 - 2018-04-11 11:00 - 000000000 ____D C:\Users\ZokiVale\Downloads\Websock.exe Virus Removal (April 2018 Update) - Virus Removal_подаци
2018-04-11 10:59 - 2018-04-11 10:59 - 000000000 ____D C:\ProgramData\Enigma Software Group
2018-04-11 10:58 - 2018-04-11 10:59 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2018-04-11 10:58 - 2018-04-11 10:58 - 000001087 _____ C:\Users\ZokiVale\Desktop\SpyHunter.lnk
2018-04-11 10:58 - 2018-04-11 10:58 - 000000000 ____D C:\sh4ldr
2018-04-11 10:57 - 2018-04-11 10:57 - 000022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2018-04-11 10:57 - 2018-04-11 10:57 - 000000000 ____D C:\Program Files\Enigma Software Group
2018-04-11 10:56 - 2018-04-11 10:56 - 005800224 _____ (Enigma Software Group USA, LLC.) C:\Users\ZokiVale\Downloads\SpyHunter-Installer.exe
2018-04-10 22:04 - 2018-04-10 22:04 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Chromium
2018-04-10 22:03 - 2018-04-10 22:03 - 000000000 ____D C:\Program Files (x86)\Pipe
2018-04-10 21:59 - 2018-04-11 16:53 - 000000000 ____D C:\Applications
2018-04-10 21:59 - 2018-04-10 22:02 - 000000000 ____D C:\Browse
2018-04-10 21:59 - 2018-04-10 21:59 - 000003262 _____ C:\Windows\System32\Tasks\ShadowsocksS
2018-04-10 21:59 - 2018-04-10 21:59 - 000003250 _____ C:\Windows\System32\Tasks\cmdsrv
2018-04-10 21:59 - 2018-04-10 21:59 - 000003248 _____ C:\Windows\System32\Tasks\Browse
2018-04-10 21:59 - 2018-04-10 21:59 - 000000000 ____D C:\WinSys
2018-04-10 21:58 - 2018-04-11 11:58 - 000929792 _____ C:\Users\ZokiVale\AppData\Local\sham.db
2018-04-10 21:56 - 2018-04-10 21:56 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-04-10 21:41 - 2018-04-11 16:53 - 000000000 ____D C:\Users\ZokiVale\AppData\LocalLow\uTorrent
2018-04-10 12:37 - 2018-04-10 22:04 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\Downloaded Installations
2018-04-07 15:29 - 2018-03-14 19:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-07 15:29 - 2018-03-14 19:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-07 15:29 - 2018-03-14 15:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-07 15:29 - 2018-03-14 15:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-07 15:29 - 2018-03-14 15:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-07 15:29 - 2018-03-14 15:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-07 15:29 - 2018-03-14 15:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-07 15:29 - 2018-03-14 15:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-07 15:29 - 2018-03-14 15:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-07 15:29 - 2018-03-14 15:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-03 22:14 - 2018-04-03 22:14 - 000000078 _____ C:\Users\ZokiVale\AppData\Roaming\.ettercap_gtk
2018-04-03 22:13 - 2018-04-03 22:18 - 000000000 ____D C:\Program Files (x86)\EttercapNG
2018-04-03 22:13 - 2018-04-03 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ettercap NG
2018-04-03 22:12 - 2018-04-03 22:12 - 003499382 _____ C:\Users\ZokiVale\Downloads\ettercap-NG-0.7.3-win32.exe
2018-04-03 22:08 - 2018-04-03 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2018-04-03 22:08 - 2018-04-03 22:08 - 000000000 ____D C:\Program Files (x86)\WinPcap
2018-04-03 22:07 - 2018-04-03 22:07 - 000915128 _____ (Riverbed Technology, Inc.) C:\Users\ZokiVale\Downloads\WinPcap_4_1_3.exe
2018-04-03 21:54 - 2018-04-03 21:54 - 000000000 ____D C:\Users\ZokiVale\Downloads\ettercap-0.8.2
2018-04-03 21:53 - 2018-04-03 21:59 - 001028471 _____ C:\Users\ZokiVale\Downloads\ettercap-0.8.2.tar.gz
2018-04-03 20:25 - 2018-04-03 20:25 - 000441599 _____ C:\Users\ZokiVale\Downloads\Jun2013SpisakCenaLekova.pdf
2018-03-29 21:10 - 2018-03-29 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-28 16:31 - 2018-03-28 16:31 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-03-28 16:31 - 2018-03-28 16:31 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-03-28 16:31 - 2018-03-28 16:31 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-03-28 16:31 - 2018-03-28 16:31 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-03-21 10:38 - 2018-03-21 10:38 - 000192408 _____ C:\Windows\system32\Drivers\butldsk.sys
2018-03-17 20:30 - 2018-01-13 20:43 - 000069161 _____ C:\Users\ZokiVale\Downloads\The.Shape.of.Water.2017.DVDScr.XVID.AC3.HQ.Hive-CM8.srt
2018-03-17 20:09 - 2018-03-17 20:09 - 003531400 _____ (Irfan Skiljan) C:\Users\ZokiVale\Downloads\iview451_x64_setup.exe
2018-03-17 20:09 - 2018-03-17 20:09 - 000001848 _____ C:\Users\Public\Desktop\IrfanView 64 Thumbnails.lnk
2018-03-17 20:09 - 2018-03-17 20:09 - 000000974 _____ C:\Users\Public\Desktop\IrfanView 64.lnk
2018-03-17 20:09 - 2018-03-17 20:09 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\IrfanView
2018-03-17 20:09 - 2018-03-17 20:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2018-03-17 20:09 - 2018-03-17 20:09 - 000000000 ____D C:\Program Files\IrfanView
2018-03-17 19:59 - 2018-03-17 19:59 - 000030010 _____ C:\Users\ZokiVale\Downloads\257847-kong_skull_island_2017_brrip.lat.zip
2018-03-17 19:59 - 2017-06-23 18:36 - 000070929 _____ C:\Users\ZokiVale\Downloads\Kong Skull Island 2017 BRRip.lat.srt
2018-03-14 09:24 - 2018-04-11 10:25 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-11 17:45 - 2016-07-24 16:21 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\uTorrent
2018-04-11 17:28 - 2016-09-14 18:43 - 000000000 ____D C:\wifidata
2018-04-11 17:10 - 2016-11-19 20:31 - 000000000 ____D C:\Users\ZokiVale\AppData\LocalLow\Mozilla
2018-04-11 17:07 - 2009-07-14 06:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-11 17:07 - 2009-07-14 06:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-11 16:56 - 2016-07-15 18:34 - 000000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-04-11 16:54 - 2016-09-21 00:46 - 000000000 ____D C:\ProgramData\MCShield
2018-04-11 16:53 - 2016-07-15 18:34 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-04-11 16:53 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-11 11:30 - 2017-12-26 15:40 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-04-11 10:44 - 2017-12-26 15:40 - 000000000 ____D C:\ProgramData\BlueStacks
2018-04-11 10:44 - 2017-12-26 15:39 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Bluestacks
2018-04-11 10:36 - 2009-07-14 07:08 - 000032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-11 10:25 - 2016-07-16 11:21 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-11 10:25 - 2016-07-16 11:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-11 10:25 - 2016-07-16 11:21 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-11 10:25 - 2016-07-16 11:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-11 10:25 - 2016-07-16 11:21 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-10 22:02 - 2016-07-25 22:54 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\CrashDumps
2018-04-10 22:00 - 2016-07-10 16:06 - 000001401 _____ C:\Users\ZokiVale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-07 15:53 - 2009-07-14 07:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-07 15:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-07 15:47 - 2017-02-21 19:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-07 15:47 - 2016-07-10 16:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-07 15:45 - 2016-07-16 12:01 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-07 11:28 - 2017-06-11 12:34 - 000000000 ____D C:\Users\ZokiVale\Documents\Bluetooth Folder
2018-04-06 14:44 - 2017-01-26 01:49 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\vlc
2018-04-04 00:15 - 2017-07-27 09:25 - 000003184 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2740702198-154648627-4041826751-1000
2018-04-04 00:15 - 2016-07-15 18:45 - 000002168 _____ C:\Users\ZokiVale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-04-04 00:15 - 2016-07-15 18:45 - 000000000 ___RD C:\Users\ZokiVale\OneDrive
2018-03-29 21:11 - 2016-07-15 18:34 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Dropbox
2018-03-29 21:11 - 2016-07-15 18:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-29 16:31 - 2017-09-27 22:42 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\Eagle
2018-03-18 12:33 - 2016-07-16 10:22 - 000000000 ____D C:\Windows\system32\MRT
2018-03-18 12:28 - 2017-10-12 03:04 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-18 12:28 - 2016-07-16 10:22 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-18 02:00 - 2017-10-15 15:58 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\ElevatedDiagnostics
2018-03-12 19:16 - 2018-03-01 20:27 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Microsoft Games

==================== Files in the root of some directories =======

2017-06-13 00:27 - 2017-06-13 00:27 - 000000069 _____ () C:\Program Files (x86)\dialogysclip.bat
2017-06-13 00:27 - 2017-06-15 11:58 - 000001815 _____ () C:\Program Files (x86)\DialogysUninstWPS.bat
2016-11-12 11:52 - 2017-06-13 00:27 - 000001679 _____ () C:\Program Files (x86)\INSTALL.LOG
2017-06-13 00:27 - 2014-09-12 13:01 - 000176055 _____ () C:\Program Files (x86)\UninstScript.EXE
2018-04-03 22:14 - 2018-04-03 22:14 - 000000078 _____ () C:\Users\ZokiVale\AppData\Roaming\.ettercap_gtk
2018-04-10 21:58 - 2018-04-11 11:58 - 000929792 _____ () C:\Users\ZokiVale\AppData\Local\sham.db

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-08 00:45

==================== End of FRST.txt ============================

mycity.rs/must-login.png
Svaka pomoc je dobrodosla!

Dopuna: 11 Apr 2018 19:43

Da dodam jos jedno zapazanje, kad editujem celiju u MS Excel-u, vrlo brzo se desi da ze zamrzne i pojavi se u zaglavlju `Not responding`,

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

FF NewTab: Mozilla\Firefox\Profiles\duj6dd9t.default-1492194392001-1515750685026 -> C:\\ProgramData\\Quoteexs\\ff.NT
Task: {2DC5B861-A9E2-4E6C-8C84-F4E4DB999F1F} - System32\Tasks\ShadowsocksS => C:\Applications\Service.exe [2018-04-07] (Web Service Inc.)
Task: {58533D2A-0D40-43D8-8E4F-9EC5BE4C212F} - System32\Tasks\Browse => C:\Browse\Browse.exe [2018-04-07] (Web Browser)
Task: {F4E0D8B2-E77F-4DF4-A430-BBC7E9D67933} - System32\Tasks\cmdsrv => C:\Browse\cmdsrvs.exe [2018-03-13] (Secrypt Inc.)
ShortcutWithArgument: C:\Users\ZokiVale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\ZokiVale\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\ZokiVale\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\ZokiVale\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
C:\Users\ZokiVale\AppData\Local\Chromium
C:\Browse
C:\Applications
C:\WinSys
C:\wifidata


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo, odradjeno.
Tokom restarta, tj. ponovnog startovanja se pojavilo nekoliko prozora sa obavestenjem da nesto fali i ne moze da se startuje. Smatram da je to dobro, i rezultat ciscenja registra.
Fixlog u prilogu.
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 12 Apr 2018 22:29

Kakvo je sad stanje?

Dopuna: 12 Apr 2018 22:31

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 12 Apr 2018 23:28

Kad se restartuje racunar, isto se desava prilikom startovanja, iskoci par prozora sa obavestenjima, i nista vise. MBAM je bacio 16 malware-a u karantin. Prvi utisak je dobar, smanjilo se angazovanje procesora, nema trojanca, bar tako izgleda.
mycity.rs/must-login.png

Dopuna: 12 Apr 2018 23:29

Zahvaljujem na trudu, svaka cast!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Možeš li uslikati ta obaveštenja?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 13 Apr 2018 11:54

Slikao sam, evo kako se pojavljuju, redom, u prilogu.
Verovatno su zaostatak brisanja iz registra, pre nego sto sam se ovde obratio.







Dopuna: 13 Apr 2018 11:54

Na zalost, nekako su ispale naopacke.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi nove FRST izvještaje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo, u prilogu.
mycity.rs/must-login.png


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Čist si. Greške koje dobijaš prilikom startupa su vezane za programe koje imaš instalirane, moja pretpostavka je "Who is on my Wi-Fi" pa ga probaj reinstalirati.


• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.