Yahoo toolbar problem

Yahoo toolbar problem

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

Pri otvaranju novih jezicaka preko mozille stalno mi se pojavljuje zlonamerni Yahoo,sve sam probao ali ne mogu da ga sklonim,hvala unapred.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Dragan (administrator) on DRAGAN-PC on 11-07-2015 17:16:16
Running from C:\Users\Dragan\Downloads
Loaded Profiles: Dragan (Available Profiles: Dragan)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
() C:\ProgramData\mts mobilni internet\OnlineUpdate\ouc.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {530f59ea-605f-11e4-9828-001fc6c9bc70} - G:\AutoRun.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {530f59fc-605f-11e4-9828-001fc6c9bc70} - G:\AutoRun.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {777b97e2-2b6c-11e4-9fb8-001fc6c9bc70} - G:\LaunchU3.exe -a
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {95bd33f9-2a8f-11e4-aefd-001fc6c9bc70} - J:\SISetup.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {ea416451-2288-11e4-bcc4-001fc6c9bc70} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-01] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/?fr=vmn&type=vmn__webcom.....0711__yaie
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-176771822-3750400308-4198563939-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-176771822-3750400308-4198563939-1000 -> {D3978C80-D963-42B6-988D-DF34538FA326} URL = google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{83FCABE9-1765-46FC-9993-73CA0CB48EC7}: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\uyg8117e.default
FF NewTab: yahoo.com/?fr=vmn&type=vmn__webcom.....0711__yaff
FF DefaultSearchEngine: Google Default
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\uyg8117e.default\searchplugins\google-default.xml [2015-07-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 mts mobilni internet. RunOuc; C:\Program Files\mts mobilni internet\UpdateDog\ouc.exe [239968 2014-10-30] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2014-05-27] (LG Electronics Inc.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-02] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-01] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90112 2014-10-30] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2014-06-18] (Duplex Secure Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 yonsu; System32\drivers\pgfasp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 17:16 - 2015-07-11 17:16 - 00010673 _____ C:\Users\Dragan\Downloads\FRST.txt
2015-07-11 17:16 - 2015-07-11 17:16 - 00000000 ____D C:\FRST
2015-07-11 17:15 - 2015-07-11 17:15 - 01634816 _____ (Farbar) C:\Users\Dragan\Downloads\FRST.exe
2015-07-11 17:14 - 2015-07-11 17:14 - 02130944 _____ (Farbar) C:\Users\Dragan\Downloads\FRST64.exe
2015-07-11 16:41 - 2015-07-11 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hik_DSFilters
2015-07-11 16:41 - 2015-07-11 16:41 - 00000000 ____D C:\Program Files\Hik_DSFilters
2015-07-11 14:45 - 2015-07-11 16:12 - 00000000 ____D C:\AdwCleaner
2015-07-11 14:45 - 2015-07-11 14:45 - 02248704 _____ C:\Users\Dragan\Downloads\AdwCleaner.exe
2015-07-11 13:54 - 2015-07-11 13:55 - 05530096 _____ (Advanced System Protector ) C:\Users\Dragan\Downloads\aspsetup.exe
2015-07-11 11:28 - 2015-07-11 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-11 11:27 - 2015-07-11 11:27 - 00342016 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-07-11 11:27 - 2015-07-11 11:27 - 00002856 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-07-11 11:23 - 2015-07-11 11:32 - 00000000 ____D C:\Users\Dragan\AppData\Roaming\DVDVideoSoft
2015-07-11 11:21 - 2015-07-11 11:23 - 30201872 _____ (DVDVideoSoft Ltd. ) C:\Users\Dragan\Downloads\FreeVideoEditor.exe
2015-07-11 11:20 - 2015-07-11 11:21 - 00231912 _____ C:\Users\Dragan\Downloads\FreeVideoEditor-48238618.exe
2015-07-11 11:16 - 2015-07-11 11:19 - 00000000 ____D C:\Users\Dragan\AppData\Roaming\Machete
2015-07-11 11:14 - 2015-07-11 11:14 - 03994624 _____ C:\Users\Dragan\Downloads\MacheteInst.msi
2015-07-11 11:10 - 2015-07-10 12:52 - 134217728 _____ C:\Users\Dragan\Desktop\brajkovac lopovi 035448.mp4
2015-07-11 11:10 - 2015-07-10 12:52 - 134217728 _____ C:\Users\Dragan\Desktop\brajkovac lopovi 035448 (2).mp4
2015-07-11 10:56 - 2014-11-07 10:16 - 10010162 _____ ( ) C:\Users\Dragan\Downloads\Hik_DSFilters_Setup.exe
2015-07-11 10:55 - 2015-07-11 10:56 - 10009672 _____ C:\Users\Dragan\Downloads\Hik_DSFilters_Setup.rar
2015-07-03 20:04 - 2015-07-11 13:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-01 22:56 - 2015-07-01 22:56 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-01 22:54 - 2015-07-01 22:54 - 00561248 _____ (Oracle Corporation) C:\Users\Dragan\Downloads\jxpiinstall(1).exe
2015-07-01 18:19 - 2015-07-01 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-01 18:18 - 2015-07-01 18:18 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-07-01 18:18 - 2015-07-01 18:18 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-28 12:59 - 2015-06-28 12:59 - 00131072 ____N C:\Windows\Minidump\062815-27066-01.dmp
2015-06-21 17:14 - 2015-06-21 17:14 - 00131072 ____N C:\Windows\Minidump\062115-19203-01.dmp
2015-06-20 18:44 - 2015-06-20 18:44 - 00131072 ____N C:\Windows\Minidump\062015-20264-01.dmp
2015-06-19 15:37 - 2015-06-19 15:37 - 00131072 ____N C:\Windows\Minidump\061915-23587-01.dmp
2015-06-18 20:32 - 2015-06-18 20:32 - 00000000 ____D C:\Users\Dragan\Desktop\Milorad Savic_подаци
2015-06-18 17:11 - 2015-06-18 17:11 - 00131072 ____N C:\Windows\Minidump\061815-24710-01.dmp
2015-06-17 15:47 - 2015-06-17 15:47 - 00131072 ____N C:\Windows\Minidump\061715-26317-01.dmp
2015-06-16 15:43 - 2015-06-16 15:43 - 00131072 ____N C:\Windows\Minidump\061615-25677-01.dmp
2015-06-15 18:04 - 2015-06-15 18:04 - 00131072 ____N C:\Windows\Minidump\061515-27690-01.dmp
2015-06-14 23:25 - 2015-06-14 23:25 - 00131072 ____N C:\Windows\Minidump\061415-27674-01.dmp
2015-06-12 06:56 - 2015-06-12 06:56 - 00002074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 17:04 - 2015-04-08 13:53 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 16:58 - 2014-06-16 22:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 16:23 - 2009-07-14 06:34 - 00020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 16:23 - 2009-07-14 06:34 - 00020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 16:18 - 2014-06-17 04:32 - 01161475 _____ C:\Windows\WindowsUpdate.log
2015-07-11 16:13 - 2015-05-29 16:56 - 00005788 _____ C:\Windows\setupact.log
2015-07-11 16:13 - 2015-04-08 13:53 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 16:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 14:31 - 2015-06-06 07:02 - 00027642 _____ C:\Windows\PFRO.log
2015-07-11 13:30 - 2014-06-16 21:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-11 13:11 - 2014-11-29 15:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 13:10 - 2014-11-29 15:44 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 13:10 - 2014-11-29 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 13:10 - 2014-11-29 15:44 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-11 11:16 - 2014-06-18 09:50 - 00000000 ____D C:\ProgramData\TEMP
2015-07-11 10:53 - 2014-06-16 19:44 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 20:59 - 2014-06-16 22:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-09 20:59 - 2014-06-16 22:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-06 07:25 - 2014-10-08 05:40 - 00000000 ____D C:\Users\Dragan\Desktop\Assimil-Novi_Engleski_bez_muke_knjiga
2015-07-06 07:24 - 2014-12-25 09:35 - 00000000 ____D C:\Users\Dragan\Desktop\Drug Rasa pesme
2015-07-02 06:53 - 2014-07-20 17:34 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-01 22:58 - 2014-10-16 20:40 - 00000000 ____D C:\Program Files\Java
2015-07-01 22:58 - 2014-06-17 07:14 - 00000000 ____D C:\ProgramData\Oracle
2015-07-01 22:56 - 2014-10-16 20:40 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-01 18:18 - 2014-08-01 18:10 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-07-01 18:18 - 2014-08-01 18:10 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-07-01 18:18 - 2014-07-20 17:34 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-01 18:18 - 2014-07-20 17:34 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-07-01 18:18 - 2014-07-20 17:34 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-01 18:18 - 2014-07-20 17:34 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-01 18:18 - 2014-07-20 17:34 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-28 12:59 - 2014-06-21 08:42 - 00000000 ____D C:\Windows\Minidump
2015-06-23 13:27 - 2014-06-16 21:02 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-19 15:39 - 2014-08-24 14:32 - 00000000 ____D C:\Users\Dragan\AppData\Local\Adobe
2015-06-19 15:38 - 2014-11-19 23:48 - 00000000 __SHD C:\Users\Dragan\AppData\Local\EmieBrowserModeList
2015-06-19 15:38 - 2014-09-09 20:54 - 00000000 __SHD C:\Users\Dragan\AppData\Local\EmieUserList
2015-06-19 15:38 - 2014-09-09 20:54 - 00000000 __SHD C:\Users\Dragan\AppData\Local\EmieSiteList
2015-06-12 06:55 - 2014-06-17 06:55 - 00000000 ____D C:\Program Files\Google
2015-06-11 11:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-11 06:14 - 2009-07-14 06:33 - 00411648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:05 - 2014-06-20 16:55 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2014-06-20 16:55 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Dragan\AppData\Roaming\OEM

Some files in TEMP:
====================
C:\Users\Dragan\AppData\Local\Temp\Quarantine.exe
C:\Users\Dragan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-04 10:26

==================== End of log ============================
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav. Nisi pokrenuo FRST sa Desktopa već iz Download foldera. Premjesti FRST.exe na Desktop.


Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start

HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {530f59ea-605f-11e4-9828-001fc6c9bc70} - G:\AutoRun.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {530f59fc-605f-11e4-9828-001fc6c9bc70} - G:\AutoRun.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {777b97e2-2b6c-11e4-9fb8-001fc6c9bc70} - G:\LaunchU3.exe -a
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {95bd33f9-2a8f-11e4-aefd-001fc6c9bc70} - J:\SISetup.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {ea416451-2288-11e4-bcc4-001fc6c9bc70} - F:\LG_PC_Programs.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150711__yaie
SearchScopes: HKU\S-1-5-21-176771822-3750400308-4198563939-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150711__yaie&p={searchTerms}
FF NewTab: https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150711__yaff
FF SearchPlugin: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\uyg8117e.default\searchplugins\google-default.xml [2015-07-11]
S0 yonsu; System32\drivers\pgfasp.sys [X]

C:\Program Files\Lavasoft\Web Companion

Task: {2A07AE9A-A6F5-483B-A672-AE7B47DB2EEC} - System32\Tasks\{409CD9FE-53E7-445F-8CC8-17A19DD3EA60} => pcalua.exe -a C:\Users\Dragan\Downloads\dxwebsetup(2).exe -d C:\Users\Dragan\Downloads
Task: {4DD86F61-1A99-44FF-86CF-068B8C499725} - System32\Tasks\{9F90002B-90EF-4C0E-96D7-05D45DC7D209} => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: {599D4D43-A769-4C47-B628-3C40CA171220} - System32\Tasks\{A87491B5-271B-4B5D-B289-465D601A32D0} => pcalua.exe -a C:\Users\Dragan\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {D885624B-288F-430D-A468-AB822205D01D} - System32\Tasks\{973B9D27-A5A2-42B7-96D1-F035A17E1583} => pcalua.exe -a C:\Users\Dragan\Desktop\Yamb-1.6.exe -d C:\Users\Dragan\Desktop
FirewallRules: [{068C76CF-7716-402F-AC15-47DE1DD3AF17}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{63A2C24F-3B2D-491C-B20D-7C47128F9676}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8733FA77-5299-45E7-BA2A-0B08C1F93F97}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4EF188A6-E169-4FB0-BCD3-AB333244A944}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8CF92D75-410F-4A1D-8674-8E805CD2D0E6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5E244C6D-C4E6-4777-A3A9-CAC469B6EE55}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3E8AAB00-FE0C-44F2-95D9-E9227FFA207D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D580B1EF-9E47-41F0-998C-12CDC3701341}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EDD32AE7-6D0C-445A-8A06-46DB928E4289}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CD8A75D1-8756-4891-9843-1DA5BA262DBC}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{42617D7A-43B5-4513-8527-14ABD4BAFCD8}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F66B68B8-9B0A-43B7-BCE4-157103AF6209}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{66D86B44-7948-41A5-B339-7A28041A7155}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4CE971C6-B8BF-4FDE-8F1F-B971CDA43B45}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{10FE0C0B-776F-456E-9838-FE865A28B2C6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DDB6ED11-5B54-483F-9831-57AF4F7BC1C9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2F22A652-CC30-451A-9448-BE70E249F6BB}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6E94FD5F-4888-4A6E-A297-1C05ACA5C4FC}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{294DE71B-60E2-4E89-9F84-8B8509922288}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5E5F4E31-C971-4C25-9A88-D91730E7583E}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{01D2FB6F-DF6F-45F6-9021-E4916C2C75EA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8D9A295C-D5EC-402C-9887-C14E8B6C71ED}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8EFB6DC0-553C-4BF4-A3C4-683EA266E224}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF6416A2-C7E7-4F07-9B2B-4C3B09A97AD0}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B9299AE1-7F22-4A3E-8A37-DFE496209FFF}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{515619B2-9D16-409D-B361-B541BAF29EEE}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D1DB45CE-74F4-4DB7-84EB-D67C45284349}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3A72CAAB-F613-480D-AEED-1C823A101680}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{51F26226-4D9D-4908-BDB1-874220C92B0F}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1117AC8C-6AA8-427A-977A-7B4116A37E3F}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{92018435-0A95-42A6-8AFA-4095825E216E}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2FA901A6-8698-4509-82A6-7A18545999D6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D782F830-2F7E-4333-9241-D768F0FBF5CD}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4BAE6757-2E8D-4C65-964C-068648755CAE}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{388A579C-3D74-4E81-A97D-AA85D4F46DB2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DE46BBE1-8C8A-4978-84BB-50DA7F5F9206}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{ED0E43AF-B9DD-4F17-8815-91446B57B602}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E6007129-631B-4774-B5EF-D0EA022FF440}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A763788D-A9D5-485C-9F53-A1F137EB855C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E89745EC-83E4-4760-88EE-914E00A6CA9D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{96872F8F-4DB0-4BA7-8704-F912C2EC88C9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9C707D8C-B942-4D96-BFD6-8D7CDD7AEBA8}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{298549EE-79E5-499F-B613-72A47FE8B842}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DE0C714A-AEE5-4439-9474-ECB8C449D70D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0491262C-04C0-4F20-8CEF-75F8D038A7D6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1E9B0D31-B7A8-46E3-B309-9B27CF940E2A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5917D748-FE77-42A4-BD95-FBE0C41A3F23}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D9CF580D-8A2F-43CF-B813-46852A56A748}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FC2BD6C9-C627-4F26-9871-C2EA86196BF2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E1F12AA9-56BB-4270-A698-F6F1715A81A3}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DE95D4D2-300F-4C07-AF79-3F2A4C4FF64E}] => (Allow) C:\Users\Dragan\AppData\Local\Temp\nsg1102.tmp\Installer-10780608.exe
FirewallRules: [{5B059217-32D4-46E3-9C23-2C930511ABE3}] => (Allow) C:\Users\Dragan\AppData\Local\Temp\nsg1102.tmp\Installer-10780608.exe

EmptyTemp:

End


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).



Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

Danas sam nesto pokusavao sa ADW pa imam dva izvestaja od danas i od sada pa saljem oba,pozdrav.

Fix result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015
Ran by Dragan at 2015-07-11 20:27:16 Run:1
Running from C:\Users\Dragan\Desktop
Loaded Profiles: Dragan (Available Profiles: Dragan)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {530f59ea-605f-11e4-9828-001fc6c9bc70} - G:\AutoRun.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {530f59fc-605f-11e4-9828-001fc6c9bc70} - G:\AutoRun.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {777b97e2-2b6c-11e4-9fb8-001fc6c9bc70} - G:\LaunchU3.exe -a
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {95bd33f9-2a8f-11e4-aefd-001fc6c9bc70} - J:\SISetup.exe
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\...\MountPoints2: {ea416451-2288-11e4-bcc4-001fc6c9bc70} - F:\LG_PC_Programs.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/?fr=vmn&type=vmn__webcompa__.....0711__yaie
SearchScopes: HKU\S-1-5-21-176771822-3750400308-4198563939-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vmn__w.....1__yaie&p={searchTerms}
FF NewTab: yahoo.com/?fr=vmn&type=vmn__webcompa__.....0711__yaff
FF SearchPlugin: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\uyg8117e.default\searchplugins\google-default.xml [2015-07-11]
S0 yonsu; System32\drivers\pgfasp.sys [X]

C:\Program Files\Lavasoft\Web Companion

Task: {2A07AE9A-A6F5-483B-A672-AE7B47DB2EEC} - System32\Tasks\{409CD9FE-53E7-445F-8CC8-17A19DD3EA60} => pcalua.exe -a C:\Users\Dragan\Downloads\dxwebsetup(2).exe -d C:\Users\Dragan\Downloads
Task: {4DD86F61-1A99-44FF-86CF-068B8C499725} - System32\Tasks\{9F90002B-90EF-4C0E-96D7-05D45DC7D209} => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: {599D4D43-A769-4C47-B628-3C40CA171220} - System32\Tasks\{A87491B5-271B-4B5D-B289-465D601A32D0} => pcalua.exe -a C:\Users\Dragan\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {D885624B-288F-430D-A468-AB822205D01D} - System32\Tasks\{973B9D27-A5A2-42B7-96D1-F035A17E1583} => pcalua.exe -a C:\Users\Dragan\Desktop\Yamb-1.6.exe -d C:\Users\Dragan\Desktop
FirewallRules: [{068C76CF-7716-402F-AC15-47DE1DD3AF17}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{63A2C24F-3B2D-491C-B20D-7C47128F9676}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8733FA77-5299-45E7-BA2A-0B08C1F93F97}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4EF188A6-E169-4FB0-BCD3-AB333244A944}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8CF92D75-410F-4A1D-8674-8E805CD2D0E6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5E244C6D-C4E6-4777-A3A9-CAC469B6EE55}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3E8AAB00-FE0C-44F2-95D9-E9227FFA207D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D580B1EF-9E47-41F0-998C-12CDC3701341}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EDD32AE7-6D0C-445A-8A06-46DB928E4289}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CD8A75D1-8756-4891-9843-1DA5BA262DBC}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{42617D7A-43B5-4513-8527-14ABD4BAFCD8}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F66B68B8-9B0A-43B7-BCE4-157103AF6209}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{66D86B44-7948-41A5-B339-7A28041A7155}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4CE971C6-B8BF-4FDE-8F1F-B971CDA43B45}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{10FE0C0B-776F-456E-9838-FE865A28B2C6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DDB6ED11-5B54-483F-9831-57AF4F7BC1C9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2F22A652-CC30-451A-9448-BE70E249F6BB}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6E94FD5F-4888-4A6E-A297-1C05ACA5C4FC}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{294DE71B-60E2-4E89-9F84-8B8509922288}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5E5F4E31-C971-4C25-9A88-D91730E7583E}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{01D2FB6F-DF6F-45F6-9021-E4916C2C75EA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8D9A295C-D5EC-402C-9887-C14E8B6C71ED}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8EFB6DC0-553C-4BF4-A3C4-683EA266E224}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF6416A2-C7E7-4F07-9B2B-4C3B09A97AD0}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B9299AE1-7F22-4A3E-8A37-DFE496209FFF}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{515619B2-9D16-409D-B361-B541BAF29EEE}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D1DB45CE-74F4-4DB7-84EB-D67C45284349}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3A72CAAB-F613-480D-AEED-1C823A101680}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{51F26226-4D9D-4908-BDB1-874220C92B0F}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1117AC8C-6AA8-427A-977A-7B4116A37E3F}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{92018435-0A95-42A6-8AFA-4095825E216E}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2FA901A6-8698-4509-82A6-7A18545999D6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D782F830-2F7E-4333-9241-D768F0FBF5CD}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4BAE6757-2E8D-4C65-964C-068648755CAE}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{388A579C-3D74-4E81-A97D-AA85D4F46DB2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DE46BBE1-8C8A-4978-84BB-50DA7F5F9206}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{ED0E43AF-B9DD-4F17-8815-91446B57B602}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E6007129-631B-4774-B5EF-D0EA022FF440}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A763788D-A9D5-485C-9F53-A1F137EB855C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E89745EC-83E4-4760-88EE-914E00A6CA9D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{96872F8F-4DB0-4BA7-8704-F912C2EC88C9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9C707D8C-B942-4D96-BFD6-8D7CDD7AEBA8}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{298549EE-79E5-499F-B613-72A47FE8B842}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DE0C714A-AEE5-4439-9474-ECB8C449D70D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0491262C-04C0-4F20-8CEF-75F8D038A7D6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1E9B0D31-B7A8-46E3-B309-9B27CF940E2A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5917D748-FE77-42A4-BD95-FBE0C41A3F23}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D9CF580D-8A2F-43CF-B813-46852A56A748}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FC2BD6C9-C627-4F26-9871-C2EA86196BF2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E1F12AA9-56BB-4270-A698-F6F1715A81A3}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DE95D4D2-300F-4C07-AF79-3F2A4C4FF64E}] => (Allow) C:\Users\Dragan\AppData\Local\Temp\nsg1102.tmp\Installer-10780608.exe
FirewallRules: [{5B059217-32D4-46E3-9C23-2C930511ABE3}] => (Allow) C:\Users\Dragan\AppData\Local\Temp\nsg1102.tmp\Installer-10780608.exe

EmptyTemp:

End
*****************

HKU\S-1-5-21-176771822-3750400308-4198563939-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value removed successfully.
"HKU\S-1-5-21-176771822-3750400308-4198563939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{530f59ea-605f-11e4-9828-001fc6c9bc70}" => key removed successfully.
HKCR\CLSID\{530f59ea-605f-11e4-9828-001fc6c9bc70} => key not found.
"HKU\S-1-5-21-176771822-3750400308-4198563939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{530f59fc-605f-11e4-9828-001fc6c9bc70}" => key removed successfully.
HKCR\CLSID\{530f59fc-605f-11e4-9828-001fc6c9bc70} => key not found.
"HKU\S-1-5-21-176771822-3750400308-4198563939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{777b97e2-2b6c-11e4-9fb8-001fc6c9bc70}" => key removed successfully.
HKCR\CLSID\{777b97e2-2b6c-11e4-9fb8-001fc6c9bc70} => key not found.
"HKU\S-1-5-21-176771822-3750400308-4198563939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95bd33f9-2a8f-11e4-aefd-001fc6c9bc70}" => key removed successfully.
HKCR\CLSID\{95bd33f9-2a8f-11e4-aefd-001fc6c9bc70} => key not found.
"HKU\S-1-5-21-176771822-3750400308-4198563939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea416451-2288-11e4-bcc4-001fc6c9bc70}" => key removed successfully.
HKCR\CLSID\{ea416451-2288-11e4-bcc4-001fc6c9bc70} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\S-1-5-21-176771822-3750400308-4198563939-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-176771822-3750400308-4198563939-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => key removed successfully.
HKCR\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found.
Firefox newtab removed successfully.
C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\uyg8117e.default\searchplugins\google-default.xml => moved successfully.
yonsu => Service removed successfully.
"C:\Program Files\Lavasoft\Web Companion" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A07AE9A-A6F5-483B-A672-AE7B47DB2EEC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A07AE9A-A6F5-483B-A672-AE7B47DB2EEC}" => key removed successfully.
C:\Windows\System32\Tasks\{409CD9FE-53E7-445F-8CC8-17A19DD3EA60} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{409CD9FE-53E7-445F-8CC8-17A19DD3EA60}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DD86F61-1A99-44FF-86CF-068B8C499725}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DD86F61-1A99-44FF-86CF-068B8C499725}" => key removed successfully.
C:\Windows\System32\Tasks\{9F90002B-90EF-4C0E-96D7-05D45DC7D209} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F90002B-90EF-4C0E-96D7-05D45DC7D209}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{599D4D43-A769-4C47-B628-3C40CA171220}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599D4D43-A769-4C47-B628-3C40CA171220}" => key removed successfully.
C:\Windows\System32\Tasks\{A87491B5-271B-4B5D-B289-465D601A32D0} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A87491B5-271B-4B5D-B289-465D601A32D0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D885624B-288F-430D-A468-AB822205D01D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D885624B-288F-430D-A468-AB822205D01D}" => key removed successfully.
C:\Windows\System32\Tasks\{973B9D27-A5A2-42B7-96D1-F035A17E1583} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{973B9D27-A5A2-42B7-96D1-F035A17E1583}" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{068C76CF-7716-402F-AC15-47DE1DD3AF17} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63A2C24F-3B2D-491C-B20D-7C47128F9676} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8733FA77-5299-45E7-BA2A-0B08C1F93F97} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4EF188A6-E169-4FB0-BCD3-AB333244A944} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8CF92D75-410F-4A1D-8674-8E805CD2D0E6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E244C6D-C4E6-4777-A3A9-CAC469B6EE55} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E8AAB00-FE0C-44F2-95D9-E9227FFA207D} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D580B1EF-9E47-41F0-998C-12CDC3701341} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDD32AE7-6D0C-445A-8A06-46DB928E4289} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD8A75D1-8756-4891-9843-1DA5BA262DBC} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42617D7A-43B5-4513-8527-14ABD4BAFCD8} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F66B68B8-9B0A-43B7-BCE4-157103AF6209} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66D86B44-7948-41A5-B339-7A28041A7155} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CE971C6-B8BF-4FDE-8F1F-B971CDA43B45} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10FE0C0B-776F-456E-9838-FE865A28B2C6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDB6ED11-5B54-483F-9831-57AF4F7BC1C9} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F22A652-CC30-451A-9448-BE70E249F6BB} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E94FD5F-4888-4A6E-A297-1C05ACA5C4FC} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{294DE71B-60E2-4E89-9F84-8B8509922288} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E5F4E31-C971-4C25-9A88-D91730E7583E} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01D2FB6F-DF6F-45F6-9021-E4916C2C75EA} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D9A295C-D5EC-402C-9887-C14E8B6C71ED} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8EFB6DC0-553C-4BF4-A3C4-683EA266E224} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF6416A2-C7E7-4F07-9B2B-4C3B09A97AD0} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9299AE1-7F22-4A3E-8A37-DFE496209FFF} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{515619B2-9D16-409D-B361-B541BAF29EEE} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1DB45CE-74F4-4DB7-84EB-D67C45284349} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A72CAAB-F613-480D-AEED-1C823A101680} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51F26226-4D9D-4908-BDB1-874220C92B0F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1117AC8C-6AA8-427A-977A-7B4116A37E3F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92018435-0A95-42A6-8AFA-4095825E216E} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FA901A6-8698-4509-82A6-7A18545999D6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D782F830-2F7E-4333-9241-D768F0FBF5CD} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BAE6757-2E8D-4C65-964C-068648755CAE} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{388A579C-3D74-4E81-A97D-AA85D4F46DB2} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE46BBE1-8C8A-4978-84BB-50DA7F5F9206} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED0E43AF-B9DD-4F17-8815-91446B57B602} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6007129-631B-4774-B5EF-D0EA022FF440} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A763788D-A9D5-485C-9F53-A1F137EB855C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E89745EC-83E4-4760-88EE-914E00A6CA9D} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96872F8F-4DB0-4BA7-8704-F912C2EC88C9} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C707D8C-B942-4D96-BFD6-8D7CDD7AEBA8} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{298549EE-79E5-499F-B613-72A47FE8B842} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE0C714A-AEE5-4439-9474-ECB8C449D70D} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0491262C-04C0-4F20-8CEF-75F8D038A7D6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E9B0D31-B7A8-46E3-B309-9B27CF940E2A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5917D748-FE77-42A4-BD95-FBE0C41A3F23} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9CF580D-8A2F-43CF-B813-46852A56A748} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC2BD6C9-C627-4F26-9871-C2EA86196BF2} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1F12AA9-56BB-4270-A698-F6F1715A81A3} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE95D4D2-300F-4C07-AF79-3F2A4C4FF64E} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B059217-32D4-46E3-9C23-2C930511ABE3} => value removed successfully.
EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:27:57 ====
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Kakvo je sada stanje?


Arrow

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

Sada je sve ok. ADW kada zipujem preveliki je za uploaod (117 mb),a FRST sam poslao.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

Napisano: 12 Jul 2015 20:26

Hvala puno!

Dopuna: 12 Jul 2015 20:56

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
malwarebytes.org

Database version:
main: v2015.07.12.03
rootkit: v2015.07.10.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17843
Dragan :: DRAGAN-PC [administrator]

12.7.2015 20:34:20
mbar-log-2015-07-12 (20-34-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 302819
Time elapsed: 15 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sada si čist.


Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

HVALA!!!!!!!!

Ko je trenutno na forumu
 

Ukupno su 732 korisnika na forumu :: 22 registrovanih, 2 sakrivenih i 708 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, bankulen, bojank, branko7, Doca, dragonserbia, dule clio, Krusarac, kuntalo, Leonardo, LUDI, mane123, Nebo_M, nemkea71, Ognjen D., pein, Rakenica, sabros, Srki98, USSVoyager, Vezista, zljubomir