searches.omiga

searches.omiga

offline
  • Pridružio: 25 Jan 2015
  • Poruke: 33

Napisano: 25 Jan 2015 12:07

Pozdrav svima Ziveli
Hteo sam da instaliram neki dodatak za igricu, ali sam instalirao neku glupost (do sada me je uvek Avast na vreme upozoravao) i umesto Google-a, pretrazivac mi je omiga-plus GUZ - Glavom U Zid
Cime sada da ga skeniram?

Dopuna: 25 Jan 2015 12:10

Zaboravio sam da napisem da sam hteo da skinem Farbar i da postavim izvestaj, ali mi ne da Avast.
Da li da ga iskljucim?

Dopuna: 25 Jan 2015 14:04
Evo, iskljucio sam avast pa sam odradio skeniranje.
mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by BOKI (administrator) on BOKI-PC on 25-01-2015 13:56:41
Running from C:\Users\BOKI\Downloads
Loaded Profiles: BOKI (Available profiles: BOKI)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\UCA\UCA.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(BitTorrent Inc.) C:\Users\BOKI\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6155336 2013-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [12288 2012-04-20] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-10-03] (AVAST Software)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\BOKI\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [uTorrent] => C:\Users\BOKI\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd)
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {6085d8f1-07cf-11e3-9f37-d43d7ebd7db3} - H:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3} - G:\Startme.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c555-092c-11e3-9e96-d43d7ebd7db3} - I:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c87f-092c-11e3-9e96-d43d7ebd7db3} - E:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {8463bdfb-284e-11e3-a466-d43d7ebd7db3} - E:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3776892106-3194915494-1832249852-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014-10-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-09-10]
CHR Extension: (Media Hint) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-01-13]
CHR Extension: (Google документи) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-18]
CHR Extension: (Google диск) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-18]
CHR Extension: (YouTube) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-18]
CHR Extension: (Google претрага) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-18]
CHR Extension: (Video Downloader professional) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2013-10-21]
CHR Extension: (Avast Online Security) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-02]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-05]
CHR Extension: (HD Facebook Video Downloader) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg [2013-10-21]
CHR Extension: (Google новчаник) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-10-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-02] (AVAST Software)
R3 Disc Soft Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-10-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-02] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2013-08-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 13:56 - 2015-01-25 13:57 - 00016266 _____ () C:\Users\BOKI\Downloads\FRST.txt
2015-01-25 13:55 - 2015-01-25 13:56 - 00000000 ____D () C:\FRST
2015-01-25 13:53 - 2015-01-25 13:53 - 00041172 _____ () C:\Windows\PFRO.log
2015-01-25 13:50 - 2015-01-25 13:51 - 02129920 _____ (Farbar) C:\Users\BOKI\Downloads\FRST64.exe
2015-01-25 13:48 - 2015-01-25 13:48 - 01120768 _____ (Farbar) C:\Users\BOKI\Downloads\FRST.exe
2015-01-25 12:12 - 2015-01-25 13:54 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 12:04 - 2015-01-25 12:04 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-25 12:04 - 2015-01-25 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-25 12:04 - 2015-01-25 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 12:04 - 2015-01-25 12:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-25 12:04 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 12:04 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 12:04 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 11:48 - 2015-01-25 11:48 - 00000079 _____ () C:\Windows\wininit.ini
2015-01-25 11:21 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150125-112141.backup
2015-01-24 20:58 - 2015-01-25 11:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-22 21:08 - 2015-01-25 13:53 - 00001008 _____ () C:\Windows\setupact.log
2015-01-22 21:08 - 2015-01-22 21:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-21 22:12 - 2015-01-21 22:20 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\omiga-plus
2015-01-21 22:12 - 2015-01-21 22:20 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\MailUpdate
2015-01-21 22:12 - 2015-01-21 22:12 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-01-20 23:40 - 2015-01-20 23:40 - 00000000 ____D () C:\Users\BOKI\Documents\KONAMI
2015-01-20 23:35 - 2015-01-20 23:35 - 00000000 ____D () C:\ProgramData\KONAMI
2015-01-20 23:35 - 2015-01-20 23:35 - 00000000 ____D () C:\Program Files\KONAMI
2015-01-20 23:00 - 2015-01-20 23:16 - 00000000 ____D () C:\Users\BOKI\Desktop\Pro.Evolution.Soccer.2013.Pavke-RELOADED
2015-01-16 01:05 - 2015-01-16 01:05 - 00952577 _____ () C:\Users\BOKI\Desktop\URGENTNI CENTAR Lekari uspešno obavili transplataciju jetre - Kurir.html
2015-01-16 01:05 - 2015-01-16 01:05 - 00038790 _____ () C:\Users\BOKI\Desktop\Нова успешна трансплантација јетре.html
2015-01-16 01:05 - 2015-01-16 01:05 - 00000000 ____D () C:\Users\BOKI\Desktop\Нова успешна трансплантација јетре_files
2015-01-16 01:05 - 2015-01-16 01:05 - 00000000 ____D () C:\Users\BOKI\Desktop\URGENTNI CENTAR Lekari uspešno obavili transplataciju jetre - Kurir_files
2015-01-14 12:37 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:37 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:37 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:37 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-11 18:05 - 2015-01-11 18:05 - 00000112 _____ () C:\Users\BOKI\AppData\Roaming\JP2K CS6 Prefs
2015-01-11 17:13 - 2015-01-11 18:05 - 00000000 ____D () C:\Users\BOKI\Desktop\mm
2015-01-11 16:20 - 2015-01-11 16:21 - 00000000 ____D () C:\Users\BOKI\Desktop\Ozpedia
2015-01-10 03:04 - 2015-01-10 03:57 - 00000000 ____D () C:\Users\BOKI\Desktop\Hocek
2015-01-10 01:17 - 2015-01-10 02:41 - 00000000 ____D () C:\Program Files\Recuva
2015-01-10 01:17 - 2015-01-10 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-01-08 20:30 - 2015-01-08 20:31 - 00000000 ____D () C:\Users\BOKI\Desktop\Jane Birkin & Serge Gainsbourg - 1969 - Jane Birkin - Serge Gainsbourg
2015-01-08 19:37 - 2015-01-08 19:38 - 00000000 ____D () C:\Users\BOKI\Desktop\The Best Of Disco 80 (2008)[www.By.Garfiel.com]
2015-01-08 01:17 - 2015-01-08 01:17 - 20947994 _____ () C:\Users\BOKI\Desktop\nije-smrt-biciklo-.psd
2015-01-06 23:50 - 2015-01-06 23:50 - 463373885 _____ () C:\Users\BOKI\Desktop\Partizan NIS - Cedevita.mp4
2015-01-03 02:41 - 2015-01-03 23:03 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2015-01-03 02:41 - 2015-01-03 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2015-01-03 02:39 - 2015-01-03 23:03 - 00000000 ____D () C:\Program Files\Topaz Labs
2015-01-03 02:39 - 2015-01-03 02:41 - 00000000 ____D () C:\Program Files\Common Files\Topaz Labs
2015-01-03 01:38 - 2015-01-03 01:39 - 00000000 ____D () C:\Users\BOKI\Desktop\Topaz Photoshop Plugins Bundle July 2014 (32-64 bit) [ChingLiu]
2015-01-02 14:05 - 2015-01-02 14:16 - 3038286450 _____ () C:\Users\BOKI\Desktop\The Interview (1080p).mp4
2014-12-28 01:44 - 2014-12-28 01:44 - 00000000 ____D () C:\Users\BOKI\Desktop\kursevi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 13:57 - 2014-02-04 17:02 - 02038183 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 13:54 - 2014-07-20 21:07 - 00000000 ____D () C:\ProgramData\UCA
2015-01-25 13:54 - 2013-08-18 04:07 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\uTorrent
2015-01-25 13:53 - 2014-09-01 20:15 - 00000000 ____D () C:\Windows\Sun
2015-01-25 13:53 - 2014-08-28 21:40 - 00000000 ____D () C:\Program Files\globalUpdate
2015-01-25 13:53 - 2013-08-18 01:58 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 13:53 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 13:47 - 2013-11-04 18:44 - 00000000 __SHD () C:\Program Files\MPK
2015-01-25 13:47 - 2013-08-21 06:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-25 11:58 - 2013-08-18 01:58 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 11:15 - 2013-08-18 03:02 - 00000000 ____D () C:\Users\BOKI\AppData\Local\Adobe
2015-01-24 17:31 - 2009-07-14 05:34 - 00020544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 17:31 - 2009-07-14 05:34 - 00020544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 22:22 - 2013-08-17 06:10 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-21 22:20 - 2013-08-18 02:03 - 00002091 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-21 22:20 - 2013-08-17 06:00 - 00001417 _____ () C:\Users\BOKI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-21 01:54 - 2013-08-17 06:00 - 00000000 ____D () C:\Users\BOKI
2015-01-20 23:38 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 21:56 - 2013-08-17 21:56 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\Adobe
2015-01-17 13:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 00:39 - 2014-08-30 14:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:32 - 2014-08-30 14:26 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 00:30 - 2013-08-17 06:01 - 00787764 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 22:02 - 2014-12-08 21:48 - 00000000 ____D () C:\Users\BOKI\Desktop\Kalendar, baneri itd
2015-01-13 18:15 - 2014-11-16 16:53 - 00000000 ____D () C:\Users\BOKI\Desktop\Adobe Photoshop CC 2014 (32 bit) ((zabranjeno)) [ChingLiu]
2015-01-11 17:16 - 2014-11-09 11:27 - 00001456 _____ () C:\Users\BOKI\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-09 01:05 - 2009-07-14 05:33 - 03808232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 19:59 - 2013-08-17 06:20 - 00091568 _____ () C:\Users\BOKI\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-06 04:36 - 2013-08-17 06:32 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 19:41 - 2014-05-18 23:26 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-03 19:41 - 2013-10-14 16:43 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-01-03 19:41 - 2013-08-17 07:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-03 19:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-02 21:31 - 2014-11-06 18:35 - 00000000 ____D () C:\Users\BOKI\Desktop\IT Akademija
2015-01-02 02:11 - 2013-10-14 16:44 - 00000000 ____D () C:\Users\BOKI\Documents\Visual Studio 2008
2015-01-01 02:39 - 2013-08-17 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-28 01:45 - 2014-10-20 21:33 - 00000000 ____D () C:\Users\BOKI\Desktop\GRUPA JNA - CRNO-BELI RANDEVU

==================== Files in the root of some directories =======

2014-02-24 00:47 - 2014-02-24 21:23 - 0000132 _____ () C:\Users\BOKI\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-10-18 22:24 - 2013-10-18 22:24 - 0000052 _____ () C:\Users\BOKI\AppData\Roaming\Camdata.ini
2013-10-18 22:24 - 2013-10-18 22:24 - 0000408 _____ () C:\Users\BOKI\AppData\Roaming\CamLayout.ini
2013-10-18 22:24 - 2013-10-18 22:24 - 0000408 _____ () C:\Users\BOKI\AppData\Roaming\CamShapes.ini
2013-10-18 22:24 - 2013-10-18 22:24 - 0004510 _____ () C:\Users\BOKI\AppData\Roaming\CamStudio.cfg
2015-01-11 18:05 - 2015-01-11 18:05 - 0000112 _____ () C:\Users\BOKI\AppData\Roaming\JP2K CS6 Prefs
2014-11-09 11:27 - 2015-01-11 17:16 - 0001456 _____ () C:\Users\BOKI\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-27 12:13 - 2013-12-27 12:13 - 0000000 ___SH () C:\Users\BOKI\AppData\Local\LumaEmu
2013-09-10 21:55 - 2013-11-04 20:54 - 0000722 _____ () C:\ProgramData\hpzinstall.log
2014-06-13 19:26 - 2014-09-17 16:41 - 11224242 _____ () C:\ProgramData\OfflineCatalogue_1_2014_FEBI_CD.log

Files to move or delete:
====================
C:\Users\BOKI\jagex_cl_runescape_LIVE.dat
C:\Users\BOKI\random.dat


Some content of TEMP:
====================
C:\Users\BOKI\AppData\Local\Temp\drm_dialogs.dll
C:\Users\BOKI\AppData\Local\Temp\DSSExp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-12-10 15:16

==================== End Of Log ============================

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

() C:\ProgramData\UCA\UCA.exe
HKLM\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {6085d8f1-07cf-11e3-9f37-d43d7ebd7db3} - H:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3} - G:\Startme.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c555-092c-11e3-9e96-d43d7ebd7db3} - I:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c87f-092c-11e3-9e96-d43d7ebd7db3} - E:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {8463bdfb-284e-11e3-a466-d43d7ebd7db3} - E:\Startme.exe
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR Extension: (HP Product Detection Plugin) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-09-10]
CHR Extension: (Media Hint) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-01-13]
CHR Extension: (HD Facebook Video Downloader) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg [2013-10-21]
Task: {B8BD969A-759D-4198-AF8B-9969D558CC05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
AlternateDataStreams: C:\ProgramData\Temp:456A69E6
AlternateDataStreams: C:\ProgramData\Temp:FF566C71
C:\ProgramData\UCA
C:\Program Files\globalUpdate
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 25 Jan 2015
  • Poruke: 33

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by BOKI at 2015-01-25 20:30:24 Run:1
Running from C:\Users\BOKI\Desktop
Loaded Profiles: BOKI (Available profiles: BOKI)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\ProgramData\UCA\UCA.exe
HKLM\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {6085d8f1-07cf-11e3-9f37-d43d7ebd7db3} - H:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3} - G:\Startme.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c555-092c-11e3-9e96-d43d7ebd7db3} - I:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c87f-092c-11e3-9e96-d43d7ebd7db3} - E:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {8463bdfb-284e-11e3-a466-d43d7ebd7db3} - E:\Startme.exe
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR Extension: (HP Product Detection Plugin) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-09-10]
CHR Extension: (Media Hint) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-01-13]
CHR Extension: (HD Facebook Video Downloader) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg [2013-10-21]
Task: {B8BD969A-759D-4198-AF8B-9969D558CC05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
AlternateDataStreams: C:\ProgramData\Temp:456A69E6
AlternateDataStreams: C:\ProgramData\Temp:FF566C71
C:\ProgramData\UCA
C:\Program Files\globalUpdate
EmptyTemp:
*****************

[3692] C:\ProgramData\UCA\UCA.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UCA Start => value deleted successfully.
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UCA Start => value deleted successfully.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6085d8f1-07cf-11e3-9f37-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{6085d8f1-07cf-11e3-9f37-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69d3c555-092c-11e3-9e96-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{69d3c555-092c-11e3-9e96-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69d3c87f-092c-11e3-9e96-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{69d3c87f-092c-11e3-9e96-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463bdfb-284e-11e3-a466-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{8463bdfb-284e-11e3-a466-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
Chrome DefaultSearchKeyword deleted successfully.
C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp => Moved successfully.
C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja => Moved successfully.
C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8BD969A-759D-4198-AF8B-9969D558CC05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8BD969A-759D-4198-AF8B-9969D558CC05}" => Key deleted successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => Key deleted successfully.
C:\ProgramData\Temp => ":456A69E6" ADS removed successfully.
C:\ProgramData\Temp => ":FF566C71" ADS removed successfully.
C:\ProgramData\UCA => Moved successfully.
C:\Program Files\globalUpdate => Moved successfully.
EmptyTemp: => Removed 436.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:31:00 ====

mycity.rs/must-login.png
Odradjeno sve, sada mi je pretrazivac Google Ziveli
Sada mi pretrazuje preko Google-a Ziveli
Desavalo mi se da samo odjednom izadje iz svega, videcu da li ce se desavati sada...
Hvala puno smešak

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Odradićemo još i ARK provjeru.


Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 25 Jan 2015
  • Poruke: 33

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
malwarebytes.org

Database version:
main: v2015.01.25.10
rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
BOKI :: BOKI-PC [administrator]

25.1.2015 21:11:28
mbar-log-2015-01-25 (21-11-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 308029
Time elapsed: 12 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


mycity.rs/must-login.png

Nije pronasao nista, postavio sam izvestaje.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 25 Jan 2015
  • Poruke: 33

Odradjeno sve, hvala puno!

Ko je trenutno na forumu
 

Ukupno su 763 korisnika na forumu :: 42 registrovanih, 5 sakrivenih i 716 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Altay, altec.gs, amstel2, Arhiv, awathorn, Bane san, bankulen, Battlehammer, Botovac, cira357, crnitrn, darkstar101, djo97, dragon986, dule clio, Georgius, ILGromovnik, LjubisaR, louderick, mane123, Marko Marković, Milan A. Nikolic, mushroom, nemkea71, Outis, Pavac, pein, Regrut Boskica, rovac, sabros, shone34, Snorks, srecko81, Terplederp, Toni, Username1000, Van, wolf431, wolverined4, z.milosh, zlaya011