Poslao: 21 Avg 2014 01:50
- Pridružio: 01 Sep 2007
- Poruke: 137
Ja sam postao vas cest posetilac.
Zelio bih da ponovo obaviomo ciscenje i da ubrzamo laptop ako je to moguce.
Nema nekih preteranih problema al zna nekad da zeza kad igram nesto online,ne prihvata moje komande, a net mi je brz.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2014
Ran by momo (administrator) on MOMO-PC on 21-08-2014 01:39:40
Running from C:\Users\momo\Desktop\AMBULANTA
Platform: Microsoft Windows 7 Édition Starter (X86) OS Language: Français (France)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(SFR) C:\Program Files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe
() C:\Program Files\T-Mobile Internet Manager\UIExec.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Telenor Internet\BackgroundService\ModemListener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Update\\GoogleCrashHandler.exe
() C:\Program Files\Telenor Internet\BackgroundService\ServiceManager.exe
() C:\Program Files\T-Mobile Internet Manager\AssistantServices.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Chris Pietschmann (http://pietschsoft.com)) C:\Program Files\Virtual Router\VirtualRouterService.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Telenor Internet\ModemApplication.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [UIExec] => C:\Program Files\T-Mobile Internet Manager\UIExec.exe [136328 2010-03-02] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Telenor_Montenegro Imola ModemListener] => C:\Program Files\Telenor Internet\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2198749600-2772488607-3266564224-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-2198749600-2772488607-3266564224-1000\...\Run: [Mobile Partner] => C:\Program Files\Telenor Internet\Telenor Internet
HKU\S-1-5-21-2198749600-2772488607-3266564224-1000\...\Run: [DU Meter] => "C:\Program Files\DU Meter\DUMeter.exe" /autostart
HKU\S-1-5-21-2198749600-2772488607-3266564224-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-2198749600-2772488607-3266564224-1000\...\Run: [Easy-Hide-IP] => C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
HKU\S-1-5-21-2198749600-2772488607-3266564224-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-17] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
ShortcutTarget: Virtual Router Manager.lnk -> C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x56FCA23C63BCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{5DF0D3B9-A960-47A1-A735-388DE131EE72}: [NameServer]
FF ProfilePath: C:\Users\momo\AppData\Roaming\Mozilla\Firefox\Profiles\om3flhal.default
FF SelectedSearchEngine: StartWeb
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\momo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\momo\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml
FF Extension: SaveFrom.net helper - C:\Users\momo\AppData\Roaming\Mozilla\Firefox\Profiles\om3flhal.default\Extensions\helper@savefrom.net.xpi [2014-02-06]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile Internet Manager\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile Internet Manager\addon [2014-02-14]
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://start.iminent.com/?appId=846E73D4-B281-4D42-A153-43CB1A9C1CB3"
CHR DefaultSearchProvider: StartWeb
CHR DefaultSearchURL: google.com
CHR DefaultSuggestURL:
CHR Extension: (Iminent) - C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2014-07-24]
CHR Extension: (SaveFrom.net helper) - C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2014-07-24]
CHR Extension: (Google Wallet) - C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR Extension: (Feven 1.2) - C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigkdicgnehbfjnaopalgpelkbkcnbfa [2013-12-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-02-06] ()
R2 SFR.Dashboard.Service; C:\Program Files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe [28632 2012-11-12] (SFR)
R2 Telenor_Montenegro Imola Modem Device Helper; C:\Program Files\Telenor Internet\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 UI Assistant Service; C:\Program Files\T-Mobile Internet Manager\AssistantServices.exe [245384 2010-03-02] () [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [107624 2014-07-30] (RaMMicHaeL)
R2 Virtual Router; C:\Program Files\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com)) [File not signed]
S2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2013-11-03] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2010-02-10] (Bytemobile, Inc.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-09-30] (Disc Soft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70528 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.)
R3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2013-11-03] () [File not signed]
S3 ogtap100; C:\Windows\System32\DRIVERS\ogtap100.sys [31360 2014-05-05] (The OpenVPN Project)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [18816 2010-02-10] (Bytemobile, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\momo\AppData\Local\Temp\catchme.sys [X]
S3 DUMeterDrv; \??\C:\Program Files\DU Meter\DUMETR32.SYS [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\momo\AppData\Local\Temp\Rar$EXa0.961\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 01:39 - 2014-08-21 01:39 - 00000000 ____D () C:\FRST
2014-08-21 01:36 - 2014-08-21 01:39 - 00000000 ____D () C:\Users\momo\Desktop\AMBULANTA
2014-08-21 01:24 - 2014-08-21 01:24 - 00000201 _____ () C:\Users\momo\Documents\CETVRTAK21.8.14.txt
2014-08-19 01:00 - 2014-08-19 23:56 - 00000250 _____ () C:\Users\momo\Documents\UTORAK19.8.14.txt
2014-08-18 13:05 - 2014-08-18 13:09 - 00000181 _____ () C:\Users\momo\Documents\PONEDELJAK18.8.14.txt
2014-08-17 01:50 - 2014-08-19 01:28 - 00002067 _____ () C:\Users\momo\Documents\NEDELJA17.8.14.txt
2014-08-16 01:07 - 2014-08-17 02:26 - 00001488 _____ () C:\Users\momo\Documents\SUBOTA16.8.14.txt
2014-08-15 01:20 - 2014-08-16 02:47 - 00001039 _____ () C:\Users\momo\Documents\PETAK15.8.14.txt
2014-08-14 01:22 - 2014-08-15 02:21 - 00000452 _____ () C:\Users\momo\Documents\CETVRTAK14.8.14.txt
2014-08-13 03:14 - 2014-08-14 01:28 - 00000669 _____ () C:\Users\momo\Documents\SREDA13.8.14.txt
2014-08-11 02:05 - 2014-08-12 12:47 - 00000496 _____ () C:\Users\momo\Documents\PONEDELJAK11.8.14.txt
2014-08-10 02:06 - 2014-08-11 02:01 - 00001463 _____ () C:\Users\momo\Documents\NEDELJA10.8.14.txt
2014-08-09 01:53 - 2014-08-10 01:54 - 00001411 _____ () C:\Users\momo\Documents\SUBOTA9.8.14.txt
2014-08-08 03:04 - 2014-08-08 03:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-08 02:29 - 2014-08-09 12:22 - 00001055 _____ () C:\Users\momo\Documents\PETAK8.8.14.txt
2014-08-07 01:52 - 2014-08-07 02:44 - 00000240 _____ () C:\Users\momo\Documents\CETVRTAK7.8.14.txt
2014-08-06 01:56 - 2014-08-07 01:37 - 00000613 _____ () C:\Users\momo\Documents\sreda6.8.14.txt
2014-08-04 02:45 - 2014-08-04 21:15 - 00000387 _____ () C:\Users\momo\Documents\PONEDELJAK4.8.14.txt
2014-08-02 22:10 - 2014-08-04 13:43 - 00002053 _____ () C:\Users\momo\Documents\NEDELJA3.8.14.txt
2014-08-02 05:44 - 2014-08-03 16:08 - 00001821 _____ () C:\Users\momo\Documents\SUBOTA2.8.14.txt
2014-07-31 23:14 - 2014-08-02 05:43 - 00001074 _____ () C:\Users\momo\Documents\PETAK1.8.14.txt
2014-07-31 00:40 - 2014-07-31 23:13 - 00000613 _____ () C:\Users\momo\Documents\CETVRTAK31.7.14.txt
2014-07-30 22:59 - 2014-07-30 23:19 - 58756696 _____ () C:\Users\momo\Desktop\Prozor u svet TV AS Stevan Đurović Slavko Nikić.3gp
2014-07-30 11:40 - 2014-07-30 11:40 - 00789568 _____ () C:\Windows\Minidump\073014-18220-01.dmp
2014-07-29 22:22 - 2014-07-31 12:41 - 00000948 _____ () C:\Users\momo\Documents\SREDA30.7.14.txt
2014-07-28 22:31 - 2014-07-29 22:21 - 00000317 _____ () C:\Users\momo\Documents\UTORAK29.7.14.txt
2014-07-28 02:47 - 2014-07-29 11:54 - 00000495 _____ () C:\Users\momo\Documents\PONEDENLJAK 28.7.14.txt
2014-07-27 00:16 - 2014-07-28 14:56 - 00001570 _____ () C:\Users\momo\Documents\NEDELJA 27.7.14.txt
2014-07-26 23:03 - 2014-07-26 23:03 - 59308583 _____ () C:\Users\momo\Desktop\Jugoslav Petrušić Prozor u svet TV AS Šabac 07 07 2014.3gp
2014-07-26 03:03 - 2014-07-26 18:10 - 00001420 _____ () C:\Users\momo\Documents\SUBOTA26.7.14.txt
2014-07-24 23:13 - 2014-07-26 03:00 - 00000602 _____ () C:\Users\momo\Documents\PETAK25.7.14.txt
2014-07-23 23:45 - 2014-07-24 23:15 - 00001086 _____ () C:\Users\momo\Documents\CETVRTAK24.7.14.txt
2014-07-22 22:00 - 2014-07-23 22:33 - 00000795 _____ () C:\Users\momo\Documents\SREDA23.7.14.txt
2014-07-22 16:51 - 2014-07-22 22:00 - 00000277 _____ () C:\Users\momo\Documents\UTORAK22.7.14.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 01:39 - 2014-08-21 01:39 - 00000000 ____D () C:\FRST
2014-08-21 01:39 - 2014-08-21 01:36 - 00000000 ____D () C:\Users\momo\Desktop\AMBULANTA
2014-08-21 01:31 - 2013-09-29 14:23 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 01:24 - 2014-08-21 01:24 - 00000201 _____ () C:\Users\momo\Documents\CETVRTAK21.8.14.txt
2014-08-21 01:17 - 2009-07-14 06:34 - 00005856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 01:17 - 2009-07-14 06:34 - 00005856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 01:06 - 2013-09-19 15:51 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 00:55 - 2013-09-29 14:23 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 00:54 - 2013-09-19 15:53 - 01660386 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 00:52 - 2013-09-19 15:46 - 01615769 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 23:56 - 2014-08-19 01:00 - 00000250 _____ () C:\Users\momo\Documents\UTORAK19.8.14.txt
2014-08-19 01:28 - 2014-08-17 01:50 - 00002067 _____ () C:\Users\momo\Documents\NEDELJA17.8.14.txt
2014-08-18 13:09 - 2014-08-18 13:05 - 00000181 _____ () C:\Users\momo\Documents\PONEDELJAK18.8.14.txt
2014-08-17 22:19 - 2014-07-20 00:40 - 00000000 ____D () C:\Users\momo\AppData\Roaming\TS3Client
2014-08-17 21:06 - 2013-12-24 14:45 - 00060832 _____ () C:\Windows\setupact.log
2014-08-17 16:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-17 12:00 - 2014-05-12 11:06 - 00000000 ____D () C:\Users\momo\Tracing
2014-08-17 11:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 02:26 - 2014-08-16 01:07 - 00001488 _____ () C:\Users\momo\Documents\SUBOTA16.8.14.txt
2014-08-16 02:47 - 2014-08-15 01:20 - 00001039 _____ () C:\Users\momo\Documents\PETAK15.8.14.txt
2014-08-15 02:21 - 2014-08-14 01:22 - 00000452 _____ () C:\Users\momo\Documents\CETVRTAK14.8.14.txt
2014-08-14 01:28 - 2014-08-13 03:14 - 00000669 _____ () C:\Users\momo\Documents\SREDA13.8.14.txt
2014-08-14 01:21 - 2013-09-29 14:42 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 12:47 - 2014-08-11 02:05 - 00000496 _____ () C:\Users\momo\Documents\PONEDELJAK11.8.14.txt
2014-08-11 02:01 - 2014-08-10 02:06 - 00001463 _____ () C:\Users\momo\Documents\NEDELJA10.8.14.txt
2014-08-10 14:03 - 2013-12-22 03:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-10 01:54 - 2014-08-09 01:53 - 00001411 _____ () C:\Users\momo\Documents\SUBOTA9.8.14.txt
2014-08-09 16:47 - 2013-09-19 15:57 - 00000000 ____D () C:\Users\momo\AppData\Roaming\vlc
2014-08-09 16:03 - 2014-07-13 00:52 - 00000000 ____D () C:\Users\momo\Desktop\Underbelly
2014-08-09 12:22 - 2014-08-08 02:29 - 00001055 _____ () C:\Users\momo\Documents\PETAK8.8.14.txt
2014-08-08 03:04 - 2014-08-08 03:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-07 02:44 - 2014-08-07 01:52 - 00000240 _____ () C:\Users\momo\Documents\CETVRTAK7.8.14.txt
2014-08-07 01:37 - 2014-08-06 01:56 - 00000613 _____ () C:\Users\momo\Documents\sreda6.8.14.txt
2014-08-04 21:15 - 2014-08-04 02:45 - 00000387 _____ () C:\Users\momo\Documents\PONEDELJAK4.8.14.txt
2014-08-04 13:43 - 2014-08-02 22:10 - 00002053 _____ () C:\Users\momo\Documents\NEDELJA3.8.14.txt
2014-08-03 16:08 - 2014-08-02 05:44 - 00001821 _____ () C:\Users\momo\Documents\SUBOTA2.8.14.txt
2014-08-02 05:43 - 2014-07-31 23:14 - 00001074 _____ () C:\Users\momo\Documents\PETAK1.8.14.txt
2014-07-31 23:13 - 2014-07-31 00:40 - 00000613 _____ () C:\Users\momo\Documents\CETVRTAK31.7.14.txt
2014-07-31 12:41 - 2014-07-29 22:22 - 00000948 _____ () C:\Users\momo\Documents\SREDA30.7.14.txt
2014-07-30 23:19 - 2014-07-30 22:59 - 58756696 _____ () C:\Users\momo\Desktop\Prozor u svet TV AS Stevan Đurović Slavko Nikić.3gp
2014-07-30 11:40 - 2014-07-30 11:40 - 00789568 _____ () C:\Windows\Minidump\073014-18220-01.dmp
2014-07-30 11:40 - 2014-01-04 15:01 - 161543297 _____ () C:\Windows\MEMORY.DMP
2014-07-30 11:40 - 2013-09-30 16:28 - 00000000 ____D () C:\Windows\Minidump
2014-07-29 22:21 - 2014-07-28 22:31 - 00000317 _____ () C:\Users\momo\Documents\UTORAK29.7.14.txt
2014-07-29 11:54 - 2014-07-28 02:47 - 00000495 _____ () C:\Users\momo\Documents\PONEDENLJAK 28.7.14.txt
2014-07-28 14:56 - 2014-07-27 00:16 - 00001570 _____ () C:\Users\momo\Documents\NEDELJA 27.7.14.txt
2014-07-26 23:03 - 2014-07-26 23:03 - 59308583 _____ () C:\Users\momo\Desktop\Jugoslav Petrušić Prozor u svet TV AS Šabac 07 07 2014.3gp
2014-07-26 18:10 - 2014-07-26 03:03 - 00001420 _____ () C:\Users\momo\Documents\SUBOTA26.7.14.txt
2014-07-26 03:00 - 2014-07-24 23:13 - 00000602 _____ () C:\Users\momo\Documents\PETAK25.7.14.txt
2014-07-24 23:15 - 2014-07-23 23:45 - 00001086 _____ () C:\Users\momo\Documents\CETVRTAK24.7.14.txt
2014-07-23 22:33 - 2014-07-22 22:00 - 00000795 _____ () C:\Users\momo\Documents\SREDA23.7.14.txt
2014-07-22 22:00 - 2014-07-22 16:51 - 00000277 _____ () C:\Users\momo\Documents\UTORAK22.7.14.txt
2014-07-22 12:49 - 2014-07-21 11:54 - 00000311 _____ () C:\Users\momo\Documents\PONEDELJAK21.7.14.txt
Some content of TEMP:
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
[2009-07-14 01:24] - [2009-07-14 03:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-19 09:36
==================== End Of Log ============================
Poslao: 21 Avg 2014 03:19
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
Pozdrav rennsport,
Korak #1 - deinstalacija
Prvo sto je potrebno da se uradi jeste iz 'Programs and Features' (pristupa se preko Start > Control Panel opcija) pokusati deinstalirati sledeci maliciozni (Boxore Adware/PUP) program. No, kako se jedan set ovog malicioznog programa krije od sistema da bi sprecio kompetno uklanjanje, prvo je potrebno da ga ucinimo ponovo vidljivim.
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Software Update Helper (Version: - Google Inc.) Hidden <==== ATTENTION
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
Po izvrsenju ove brze FixList scripte, alat bi trebao uciniti vidljivim oba programa u listi instaliranih programa. Sada pronadji i pokusaj deinstalirati sledece:
- Boxore Client
- Software Update Helper
Ako neki od njih odbija uklanjanje, restartuj racunar pa probaj ponovo. Ako i dalje odbijaju uklanjanje, preskoci i prosto predji na sledeci korak.
--- --- --- --- --- --- --- ---
Korak #2 - ciljanje
Sledeca FixList scripta ce reci FRST alatu da cilja i ukloni svaki malware sa sistema i da ispravi neke maliciozna setovanja, odradice neka dodatna junk ciscenja ...itd.
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
VerifySignature: C:\Windows\system32\User32.dll
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml
CHR StartupUrls: "hxxp://start.iminent.com/?appId=846E73D4-B281-4D42-A153-43CB1A9C1CB3"
CHR Extension: (Iminent) - C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2014-07-24]
CHR Extension: (Feven 1.2) - C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigkdicgnehbfjnaopalgpelkbkcnbfa [2013-12-22]
S2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [X]
S3 catchme; \??\C:\Users\momo\AppData\Local\Temp\catchme.sys [X]
Task: {082D12C0-F31F-4F8B-A7FE-CFBDBF4796DA} - \Feven 1.2-chromeinstaller No Task File <==== ATTENTION
Task: {252259D4-345F-4D39-AE16-A91CA2BD982B} - \Feven 1.2-updater No Task File <==== ATTENTION
Task: {3D9875D6-FE33-4B89-939D-7AE849CA095C} - \Plus-HD-1.7-codedownloader No Task File <==== ATTENTION
Task: {936A9E2C-0A3F-4B83-94AF-AF2F3CE291FC} - \Feven 1.2-enabler No Task File <==== ATTENTION
Task: {DB90FFB5-3B95-4ED8-A6ED-E1B9CA45DDF5} - \Feven 1.2-firefoxinstaller No Task File <==== ATTENTION
Task: {E6E978A2-6266-431B-93FF-C61FA73CD290} - \Plus-HD-1.7-enabler No Task File <==== ATTENTION
Task: {F08302EE-0197-4E22-AA52-F3117B2576C9} - \Feven 1.2-codedownloader No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
C:\Program Files\Mobogenie
C:\Program Files\Iminent
C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml
C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigkdicgnehbfjnaopalgpelkbkcnbfa
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
--- --- --- --- --- --- --- ---
Korak #3 - dodatna ispitivanja
Ponovo pokreni FRST/FRST64:
upiši User32.dll u polje Search: i klikni na dugme Search File ;
alat će skenirati tvoj računar i formirati izveštaj (Search.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj Search.txt izveštaja u poruku;
Poslao: 21 Avg 2014 14:37
- Pridružio: 01 Sep 2007
- Poruke: 137
Napisano: 21 Avg 2014 13:45
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:19-08-2014
Ran by momo at 2014-08-21 13:41:06 Run:1
Running from C:\Users\momo\Desktop\AMBULANTA
Boot Mode: Normal
Content of fixlist:
Software Update Helper (Version: - Google Inc.) Hidden <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value deleted successfully.
==== End of Fixlog ====
Dopuna: 21 Avg 2014 13:58
Boxore Client nece da izbrise ni posle restartovanja.izbaci mi ovo
ovaj drugi je izbrisan.
Dopuna: 21 Avg 2014 14:33
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:19-08-2014
Ran by momo at 2014-08-21 14:20:21 Run:2
Running from C:\Users\momo\Desktop\AMBULANTA
Boot Mode: Normal
Content of fixlist:
VerifySignature: C:\Windows\system32\User32.dll
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml
CHR StartupUrls: "hxxp://start.iminent.com/?appId=846E73D4-B281-4D42-A153-43CB1A9C1CB3"
CHR Extension: (Iminent) - C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2014-07-24]
CHR Extension: (Feven 1.2) - C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigkdicgnehbfjnaopalgpelkbkcnbfa [2013-12-22]
S2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [X]
S3 catchme; \??\C:\Users\momo\AppData\Local\Temp\catchme.sys [X]
Task: {082D12C0-F31F-4F8B-A7FE-CFBDBF4796DA} - \Feven 1.2-chromeinstaller No Task File <==== ATTENTION
Task: {252259D4-345F-4D39-AE16-A91CA2BD982B} - \Feven 1.2-updater No Task File <==== ATTENTION
Task: {3D9875D6-FE33-4B89-939D-7AE849CA095C} - \Plus-HD-1.7-codedownloader No Task File <==== ATTENTION
Task: {936A9E2C-0A3F-4B83-94AF-AF2F3CE291FC} - \Feven 1.2-enabler No Task File <==== ATTENTION
Task: {DB90FFB5-3B95-4ED8-A6ED-E1B9CA45DDF5} - \Feven 1.2-firefoxinstaller No Task File <==== ATTENTION
Task: {E6E978A2-6266-431B-93FF-C61FA73CD290} - \Plus-HD-1.7-enabler No Task File <==== ATTENTION
Task: {F08302EE-0197-4E22-AA52-F3117B2576C9} - \Feven 1.2-codedownloader No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
C:\Program Files\Mobogenie
C:\Program Files\Iminent
C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml
C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigkdicgnehbfjnaopalgpelkbkcnbfa
"C:\Windows\system32\User32.dll" => File is not digitaly signed.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml => Moved successfully.
Chrome StartupUrls deleted successfully.
C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl => Moved successfully.
C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigkdicgnehbfjnaopalgpelkbkcnbfa => Moved successfully.
WinkHandler => Service deleted successfully.
catchme => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{082D12C0-F31F-4F8B-A7FE-CFBDBF4796DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{082D12C0-F31F-4F8B-A7FE-CFBDBF4796DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.2-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{252259D4-345F-4D39-AE16-A91CA2BD982B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{252259D4-345F-4D39-AE16-A91CA2BD982B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.2-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D9875D6-FE33-4B89-939D-7AE849CA095C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D9875D6-FE33-4B89-939D-7AE849CA095C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.7-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{936A9E2C-0A3F-4B83-94AF-AF2F3CE291FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{936A9E2C-0A3F-4B83-94AF-AF2F3CE291FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.2-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB90FFB5-3B95-4ED8-A6ED-E1B9CA45DDF5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB90FFB5-3B95-4ED8-A6ED-E1B9CA45DDF5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.2-firefoxinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6E978A2-6266-431B-93FF-C61FA73CD290}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6E978A2-6266-431B-93FF-C61FA73CD290}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.7-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F08302EE-0197-4E22-AA52-F3117B2576C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F08302EE-0197-4E22-AA52-F3117B2576C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.2-codedownloader" => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
"C:\Program Files\Mobogenie" => File/Directory not found.
"C:\Program Files\Iminent" => File/Directory not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml" => File/Directory not found.
"C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl" => File/Directory not found.
"C:\Users\momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigkdicgnehbfjnaopalgpelkbkcnbfa" => File/Directory not found.
EmptyTemp: => Removed 294.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Dopuna: 21 Avg 2014 14:37
Farbar Recovery Scan Tool (x86) Version:19-08-2014
Ran by momo at 2014-08-21 14:31:40
Running from C:\Users\momo\Desktop\AMBULANTA
Boot Mode: Normal
================== Search: "User32.dll" ===================
[2009-07-14 01:24][2009-07-14 03:16] 0811520 ____N (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861 [File is signed]
[2009-07-14 01:24][2009-07-14 03:16] 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1
=== End Of Search ===
Poslao: 21 Avg 2014 14:57
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
U redu, odlican posao. Idemo dalje ...
Ostaje nam da jos nesto popravimo koristeci FixList a potom idemo dodatnu proveru na celu ovu pricu.
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll C:\Windows\System32\user32.dll
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!
• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);
Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.
ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl
Poslao: 21 Avg 2014 17:16
- Pridružio: 01 Sep 2007
- Poruke: 137
Napisano: 21 Avg 2014 16:36
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:19-08-2014
Ran by momo at 2014-08-21 16:22:52 Run:3
Running from C:\Users\momo\Desktop\AMBULANTA
Boot Mode: Normal
Content of fixlist:
Replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll C:\Windows\System32\user32.dll
C:\Windows\System32\user32.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll copied successfully to C:\Windows\System32\user32.dll
The system needed a reboot.
==== End of Fixlog ====
Dopuna: 21 Avg 2014 17:15
ComboFix 14-08-21.01 - momo 1.08.2014. 16:56:15.1.2 - x86
Microsoft Windows 7 Édition Starter 6.1.7600.0.1252.33.1036.18.1976.1064 [GMT 2:00]
Lancé depuis: c:\users\momo\Desktop\AMBULANTA\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((( Fichiers créés du 2014-07-21 au 2014-08-21 ))))))))))))))))))))))))))))))))))))
2014-08-21 15:02 . 2014-08-21 15:05 -------- d-----w- c:\users\momo\AppData\Local\temp
2014-08-21 15:02 . 2014-08-21 15:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-21 15:02 . 2014-08-21 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-20 23:39 . 2014-08-21 14:22 -------- d-----w- C:\FRST
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
2014-07-17 14:06 . 2013-09-19 13:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-17 14:06 . 2013-09-19 13:51 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-15 09:47 . 2014-04-04 15:40 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-05 12:37 . 2014-04-03 18:16 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-03 18:08 . 2014-04-03 18:16 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
"Mobile Partner"="c:\program files\Telenor Internet\Telenor Internet" [X]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"UIExec"="c:\program files\T-Mobile Internet Manager\UIExec.exe" [2010-03-02 136328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"Telenor_Montenegro Imola ModemListener"="c:\program files\Telenor Internet\BackgroundService\ModemListener.exe" [2012-03-14 109120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-06 751184]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-04 161584]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Virtual Router Manager.lnk - c:\windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe /min [2014-7-1 22486]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-25 95232]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-12-22 11904]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2013-03-04 101248]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [2013-03-04 70528]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2013-03-04 27776]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [2011-06-20 106112]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-30 9216]
R3 ogtap100;Open Garden Tap Adapter V1;c:\windows\system32\DRIVERS\ogtap100.sys [2014-05-05 31360]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\momo\AppData\Local\Temp\Rar$EXa0.961\OpenHardwareMonitor\OpenHardwareMonitor.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-08-06 1021520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-02-25 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-30 243128]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-06 430160]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-08-04 149296]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2013-02-06 276048]
S2 SFR.Dashboard.Service;SFR.Dashboard.Service;c:\program files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe [2012-11-12 28632]
S2 Telenor_Montenegro Imola Modem Device Helper;Telenor_Montenegro Imola Modem Device Helper;c:\program files\Telenor Internet\BackgroundService\ServiceManager.exe [2012-03-14 53312]
S2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Internet Manager\AssistantServices.exe [2010-03-02 245384]
S2 Unchecky;Unchecky;c:\program files\Unchecky\bin\unchecky_svc.exe [2014-07-30 107624]
S2 Virtual Router;VirtualRouterService;c:\program files\Virtual Router\VirtualRouterService.exe [2013-02-10 12288]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-04 77824]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - BMLoad
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 23:11 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
Contenu du dossier 'Tâches planifiées'
2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 14:06]
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-29 12:23]
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-29 12:23]
------- Examen supplémentaire -------
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=;https=;socks=
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer =
FF - ProfilePath - c:\users\momo\AppData\Roaming\Mozilla\Firefox\Profiles\om3flhal.default\
FF - prefs.js: browser.search.selectedEngine - StartWeb
FF - prefs.js: browser.startup.homepage - google.com
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
AddRemove-SopCast - c:\program files\SopCast\uninst.exe
AddRemove-{8f29d204-f85e-4d8d-87b0-7ba66bffc1aa} - c:\programdata\Package Cache\{8f29d204-f85e-4d8d-87b0-7ba66bffc1aa}\Avira.OE.Setup.Bundle.AntiVirus.En-us.exe
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2198749600-2772488607-3266564224-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. ‰<bIC° €=\Program Files\VideoLAN\VLC D:Œ<bIFD €VD:CøD:C˜DîD:CžD:CªDúD:E D:—<bIC¼ €[DD:C¶D:CøD:CD:CtD:CzD:C D:š<bIC> €`D:FJD:DîD:CbD:CÚD:CŒD:CÈD:FbD:<bIFP €eD:C\D:CbD:C˜D:CćD:DdD:F\D:C¤D:`<bI
¬ €j - $ =\OpenWithList]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (Full) (Everyone)
------------------------ Autres processus actifs ------------------------
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\\GoogleCrashHandler.exe
c:\program files\Unchecky\bin\unchecky_bg.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
Heure de fin: 2014-08-21 17:10:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-08-21 15:10
Avant-CF: 48.314.605.568 octets libres
Aprčs-CF: 47.946.514.432 octets libres
- - End Of File - - 3F0BF19D0B89F92DCA07E3E3BBBC7323
Dopuna: 21 Avg 2014 17:16
Poslao: 22 Avg 2014 02:12
- Pridružio: 01 Sep 2007
- Poruke: 137
Napisano: 21 Avg 2014 23:43
Dopuna: 22 Avg 2014 2:12
OK je.vazno mi je da znam da je cist.
jedino sto mi se zna desit,ne tako cesto,jeste da se restartuje.izbaci plavi ekran sa celim ispisanim ekrano.jedino sto uspem da uhvatim jeste da je windows ostecen ili slicno.dal je do sofvera ili je hardver neznam