MyCity » Ambulanta -> Arhiva Ambulante » Dll na ekranu prilikom nakon podizanja sistema

Dll na ekranu prilikom nakon podizanja sistema

Napisano na dan: 1.8.2014

Strana:
1
2

Dll na ekranu prilikom nakon podizanja sistema

Sledeća strana

Pagination

Odgovori

Strana:
1
2

drLoader Poslao: 01 Avg 2014 09:45 Idi na vrh
offline drLoader Građanin Pridružio: 17 Jun 2008 Poruke: 178	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 01 Avg 2014 9:42 Kad uključim komp na ekranu mi se pojavi prozor prikazan na prvoj slici. Tako je već najmanje 5-6 meseci. Nisam uspeo da uklonim, a i nisam hteo previše da rizikujem, da eventualno ne izbrišem neki pogrešan fajl ... Ne primećujem neke probleme u radu kompjutera, ali ovom prozoru svakako nije mesto tu. Posebno nakon prethodne dijagnoze na MyCity-ju da je reč o uljezu... Evo kako izgleda: Prethodno sam bio ovde i okačio rezultate pretrage koji se u toj temi mogu videti (da ne pravim gužvu sa slikama ovde). Evo i traženih izveštaja (prema uputstvu): mycity.rs/must-login.png Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02 Ran by Dragan (administrator) on DRAGAN-PC on 01-08-2014 09:11:51 Running from C:\Users\Dragan\Downloads Platform: Windows 7 Ultimate (X64) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (BitTorrent Inc.) C:\Users\Dragan\AppData\Roaming\uTorrent\uTorrent.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd) HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Dragan\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 4e3a302b2b7447d385de6d16b27daf2b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\Run: [uTorrent] => C:\Users\Dragan\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.) HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google) HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: G - G:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: H - H:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: I - I:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {194c2892-f504-11e2-89f6-806e6f6e6963} - F:\ASRSetup.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {6b47b547-c23a-11e3-b0f8-bc5ff49946d8} - G:\AutoRun.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {8fb52073-f61e-11e2-9398-bc5ff49946d8} - H:\Autorun.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {dc94970a-3135-11e3-9f13-bc5ff49946d8} - J:\Autoplay.exe -auto Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3321DFC623C5CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {ECE52100-D496-4A21-8317-EC3FB1675184} URL = SearchScopes: HKCU - DefaultScope {ECE52100-D496-4A21-8317-EC3FB1675184} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN55775368426459936&UM=2 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {ECE52100-D496-4A21-8317-EC3FB1675184} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN55775368426459936&UM=2 BHO: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost64.dll (BestOffers) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO-x32: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions) BHO-x32: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost.dll (BestOffers) BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default FF DefaultSearchEngine: Яндекс FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF user.js: detected! => C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js FF SearchPlugin: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-161436.xml FF Extension: Speed Test 127 - C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\speedtest4354@BestOffers [2014-02-02] FF Extension: No Name - C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged [2013-10-11] FF Extension: Zula Games - C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\zulagames@ZulaGames.com [2013-10-27] FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff Chrome: ======= CHR HomePage: google.rs/?gws_rd=cr CHR StartupUrls: "https://www.google.rs/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Extension: (Google Drive) - C:\Users\Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11] CHR Extension: (YouTube) - C:\Users\Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-25] CHR Extension: (Google Search) - C:\Users\Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-25] CHR Extension: (Google Wallet) - C:\Users\Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11] CHR Extension: (Gmail) - C:\Users\Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-25] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dragan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-12] CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Dragan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-06-12] CHR HKCU\...\Chrome\Extension: [giolhomkcooifelkdfpejhidfidaahlc] - C:\Users\Dragan\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Dragan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\Dragan\AppData\Roaming\zulagames\zulagames.crx [2013-10-03] CHR HKLM-x32\...\Chrome\Extension: [giolhomkcooifelkdfpejhidfidaahlc] - C:\Users\Dragan\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Dragan\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [2013-10-23] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-07-25] () [File not signed] R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.) R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-07-26] (Disc Soft Ltd) R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-02-12] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2013-07-25] (FNet Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () U4 Meixatexy; No ImagePath R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-08-01] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 09:11 - 2014-08-01 09:12 - 00019847 _____ () C:\Users\Dragan\Downloads\FRST.txt 2014-08-01 09:11 - 2014-08-01 09:11 - 00000000 ____D () C:\FRST 2014-08-01 09:10 - 2014-08-01 09:10 - 02094080 _____ (Farbar) C:\Users\Dragan\Downloads\FRST64.exe 2014-08-01 02:33 - 2014-08-01 08:33 - 00001120 _____ () C:\Windows\PFRO.log 2014-08-01 02:33 - 2014-08-01 08:33 - 00000112 _____ () C:\Windows\setupact.log 2014-08-01 02:33 - 2014-08-01 02:33 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 23:40 - 2014-07-31 23:40 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-07-31 23:40 - 2014-07-31 23:40 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-31 23:40 - 2014-07-31 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-31 23:40 - 2014-07-31 23:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-31 23:39 - 2014-07-31 23:39 - 04813544 _____ (Piriform Ltd) C:\Users\Dragan\Downloads\ccsetup416.exe 2014-07-31 23:01 - 2014-07-31 23:01 - 00591040 _____ (Sysinternals - sysinternals.com) C:\Users\Dragan\Downloads\autoruns.exe 2014-07-27 09:28 - 2014-08-01 08:33 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-07-22 15:35 - 2014-07-22 15:37 - 00000314 _____ () C:\Users\Dragan\Downloads\Tel. brojevi 2 - sa SIM kartice.txt 2014-07-16 15:40 - 2014-07-16 16:06 - 01115963 _____ () C:\Users\Dragan\Downloads\emisija Letnje teme - objava na fejsu.psd 2014-07-16 09:12 - 2014-07-23 03:26 - 00000000 ____D () C:\Users\Dragan\Downloads\Poplava slike - Marko Maric 2014-07-16 02:43 - 2014-07-16 02:43 - 00996164 _____ () C:\Users\Dragan\Downloads\Lebenstraum - i karta Europe.psd 2014-07-13 17:47 - 2014-07-13 17:56 - 29411494 _____ () C:\Users\Dragan\Downloads\Dan mladih - Petra - 1.psd 2014-07-12 12:38 - 2014-07-12 12:38 - 00001063 _____ () C:\Users\Dragan\Desktop\Susenje mesa - komora - Shortcut.lnk 2014-07-11 23:06 - 2014-07-11 23:06 - 00798230 _____ () C:\Users\Dragan\Downloads\WLAN setings 2 - kako podesiti Wireless - za MyCity.psd 2014-07-07 20:29 - 2014-07-07 20:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Google 2014-07-07 20:29 - 2014-07-07 20:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 09:12 - 2014-08-01 09:11 - 00019847 _____ () C:\Users\Dragan\Downloads\FRST.txt 2014-08-01 09:11 - 2014-08-01 09:11 - 00000000 ____D () C:\FRST 2014-08-01 09:10 - 2014-08-01 09:10 - 02094080 _____ (Farbar) C:\Users\Dragan\Downloads\FRST64.exe 2014-08-01 09:09 - 2013-07-25 19:18 - 00000000 ____D () C:\Users\Dragan\AppData\Roaming\uTorrent 2014-08-01 08:38 - 2013-07-25 23:06 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-01 08:38 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-01 08:38 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-01 08:37 - 2014-06-11 23:22 - 00000000 ___RD () C:\Users\Dragan\Google диск 2014-08-01 08:37 - 2009-07-14 07:13 - 00781082 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-01 08:36 - 2013-07-25 20:20 - 02075706 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 08:33 - 2014-08-01 02:33 - 00001120 _____ () C:\Windows\PFRO.log 2014-08-01 08:33 - 2014-08-01 02:33 - 00000112 _____ () C:\Windows\setupact.log 2014-08-01 08:33 - 2014-07-27 09:28 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-08-01 08:33 - 2013-07-25 20:38 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-08-01 08:33 - 2013-07-25 20:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-01 08:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-01 02:33 - 2014-08-01 02:33 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 02:27 - 2013-07-25 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-31 23:49 - 2013-08-04 10:42 - 00000000 ____D () C:\Users\Dragan\AppData\Local\CrashDumps 2014-07-31 23:49 - 2013-07-25 11:27 - 00000000 ____D () C:\Windows\Panther 2014-07-31 23:40 - 2014-07-31 23:40 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-07-31 23:40 - 2014-07-31 23:40 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-31 23:40 - 2014-07-31 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-31 23:40 - 2014-07-31 23:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-31 23:39 - 2014-07-31 23:39 - 04813544 _____ (Piriform Ltd) C:\Users\Dragan\Downloads\ccsetup416.exe 2014-07-31 23:01 - 2014-07-31 23:01 - 00591040 _____ (Sysinternals - sysinternals.com) C:\Users\Dragan\Downloads\autoruns.exe 2014-07-30 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-07-28 14:44 - 2009-07-14 07:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-23 03:26 - 2014-07-16 09:12 - 00000000 ____D () C:\Users\Dragan\Downloads\Poplava slike - Marko Maric 2014-07-22 15:37 - 2014-07-22 15:35 - 00000314 _____ () C:\Users\Dragan\Downloads\Tel. brojevi 2 - sa SIM kartice.txt 2014-07-20 03:04 - 2013-07-27 08:38 - 00002582 _____ () C:\Users\Dragan\Desktop\adrese.txt 2014-07-18 16:29 - 2013-07-25 20:26 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-16 16:06 - 2014-07-16 15:40 - 01115963 _____ () C:\Users\Dragan\Downloads\emisija Letnje teme - objava na fejsu.psd 2014-07-16 02:43 - 2014-07-16 02:43 - 00996164 _____ () C:\Users\Dragan\Downloads\Lebenstraum - i karta Europe.psd 2014-07-14 09:07 - 2014-04-07 02:29 - 00000132 _____ () C:\Users\Dragan\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-07-13 17:56 - 2014-07-13 17:47 - 29411494 _____ () C:\Users\Dragan\Downloads\Dan mladih - Petra - 1.psd 2014-07-12 12:38 - 2014-07-12 12:38 - 00001063 _____ () C:\Users\Dragan\Desktop\Susenje mesa - komora - Shortcut.lnk 2014-07-11 23:06 - 2014-07-11 23:06 - 00798230 _____ () C:\Users\Dragan\Downloads\WLAN setings 2 - kako podesiti Wireless - za MyCity.psd 2014-07-07 20:29 - 2014-07-07 20:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Google 2014-07-07 20:29 - 2014-07-07 20:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google 2014-07-07 20:29 - 2014-06-11 23:18 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2014-07-07 20:29 - 2014-06-11 23:18 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2014-07-07 20:29 - 2014-06-11 23:18 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2014-07-07 20:29 - 2014-06-11 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 12:27 ==================== End Of Log ============================ mycity.rs/must-login.png Dopuna: 01 Avg 2014 9:45 Propšustio sam da u gornjoj poruci okačim link nakon rečenice "prethodno sam bio ovde". Evo tog linka, sa prethodne teme na City.ju, mycity.rs/Windows/Dosada-na-ekranu-prilikom-startovanja-kompa.html

Profil

ivance95 Poslao: 01 Avg 2014 10:58 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	1Ovo se svidja korisniku: drLoader Registruj se da bi pohvalio/la poruku! Korak 1 Idi u Control Panel - Program and Features i deinstaliraj sledeće: AppsHat Mobile Apps Bundled software uninstaller iLivid iMesh Speed Test 127 Korak 2 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: SearchScopes: HKCU - DefaultScope {ECE52100-D496-4A21-8317-EC3FB1675184} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN55775368426459936&UM=2 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {ECE52100-D496-4A21-8317-EC3FB1675184} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN55775368426459936&UM=2 BHO: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers) BHO: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost64.dll (BestOffers) BHO-x32: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers) FF user.js: detected! => C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js FF SearchPlugin: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-161436.xml FF Extension: Speed Test 127 - C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\speedtest4354@BestOffers [2014-02-02] FF Extension: Zula Games - C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\zulagames@ZulaGames.com [2013-10-27] FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Dragan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-06-12] CHR HKLM-x32\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\Dragan\AppData\Roaming\zulagames\zulagames.crx [2013-10-03] CHR HKLM-x32\...\Chrome\Extension: [giolhomkcooifelkdfpejhidfidaahlc] - C:\Users\Dragan\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Dragan\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [2013-10-23] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {1EC95A05-0A2C-4727-90F8-C50E6AD620DB} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Dragan\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun C:\Users\Dragan\AppData\Local\Conduit HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: G - G:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: H - H:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: I - I:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {194c2892-f504-11e2-89f6-806e6f6e6963} - F:\ASRSetup.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {6b47b547-c23a-11e3-b0f8-bc5ff49946d8} - G:\AutoRun.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {8fb52073-f61e-11e2-9398-bc5ff49946d8} - H:\Autorun.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {dc94970a-3135-11e3-9f13-bc5ff49946d8} - J:\Autoplay.exe -auto AlternateDataStreams: C:\temp:pid1 AlternateDataStreams: C:\temp:pid2 AlternateDataStreams: C:\temp:srv 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a. Korak 3 Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop. Raspakuj arhivu u neki folder (uputstvo), a zatim: zatvori browser i ostale pokrenute programe; privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ; dvoklikom pokreni zoek na ikonicu programa ; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sledeći tekst: `quickscan;` Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku.

Profil

drLoader Poslao: 01 Avg 2014 22:20 Idi na vrh
offline drLoader Građanin Pridružio: 17 Jun 2008 Poruke: 178	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 sam uradio, tj. deinstalirao naznačene programe. Korak 2. takođe sam uradio. Evo sadržaja Notepada koji je nastao posle pokretanja komande fix, odnosno rezultata skeniranja: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02 Ran by Dragan at 2014-08-01 22:11:29 Run:1 Running from C:\Users\Dragan\Desktop Boot Mode: Normal ============================================== Content of fixlist: *************** SearchScopes: HKCU - DefaultScope {ECE52100-D496-4A21-8317-EC3FB1675184} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN55775368426459936&UM=2 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {ECE52100-D496-4A21-8317-EC3FB1675184} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN55775368426459936&UM=2 BHO: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers) BHO: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost64.dll (BestOffers) BHO-x32: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers) FF user.js: detected! => C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js FF SearchPlugin: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-161436.xml FF Extension: Speed Test 127 - C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\speedtest4354@BestOffers [2014-02-02] FF Extension: Zula Games - C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\zulagames@ZulaGames.com [2013-10-27] FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Dragan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-06-12] CHR HKLM-x32\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\Dragan\AppData\Roaming\zulagames\zulagames.crx [2013-10-03] CHR HKLM-x32\...\Chrome\Extension: [giolhomkcooifelkdfpejhidfidaahlc] - C:\Users\Dragan\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Dragan\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [2013-10-23] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {1EC95A05-0A2C-4727-90F8-C50E6AD620DB} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Dragan\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun C:\Users\Dragan\AppData\Local\Conduit HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: G - G:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: H - H:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: I - I:\SETUP.EXE HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {194c2892-f504-11e2-89f6-806e6f6e6963} - F:\ASRSetup.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {6b47b547-c23a-11e3-b0f8-bc5ff49946d8} - G:\AutoRun.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {8fb52073-f61e-11e2-9398-bc5ff49946d8} - H:\Autorun.exe HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\...\MountPoints2: {dc94970a-3135-11e3-9f13-bc5ff49946d8} - J:\Autoplay.exe -auto AlternateDataStreams: C:\temp:pid1 AlternateDataStreams: C:\temp:pid2 AlternateDataStreams: C:\temp:srv *************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ECE52100-D496-4A21-8317-EC3FB1675184}" => Key deleted successfully. "HKCR\CLSID\{ECE52100-D496-4A21-8317-EC3FB1675184}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}" => Key not found. "HKCR\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45EC9F0-8333-465D-9728-074BD41985C9}" => Key deleted successfully. "HKCR\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}" => Key not found. "HKCR\Wow6432Node\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}" => Key not found. C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js => Moved successfully. C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-161436.xml => Moved successfully. C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\speedtest4354@BestOffers not found. C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\zulagames@ZulaGames.com => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@flash-Enhancer.com => value deleted successfully. "HKCU\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp" => Key deleted successfully. "C:\Users\Dragan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn" => Key deleted successfully. C:\Users\Dragan\AppData\Roaming\zulagames\zulagames.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\giolhomkcooifelkdfpejhidfidaahlc" => Key deleted successfully. C:\Users\Dragan\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nkcpopggjcjkiicpenikeogioednjeac" => Key deleted successfully. "C:\Users\Dragan\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx" => File/Directory not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1EC95A05-0A2C-4727-90F8-C50E6AD620DB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC95A05-0A2C-4727-90F8-C50E6AD620DB}" => Key deleted successfully. C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully. C:\Users\Dragan\AppData\Local\Conduit => Moved successfully. "HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3130982306-4013703999-1913658739-1000" => Key not found. "HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3130982306-4013703999-1913658739-1000" => Key not found. "HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3130982306-4013703999-1913658739-1000" => Key not found. "HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{194c2892-f504-11e2-89f6-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{194c2892-f504-11e2-89f6-806e6f6e6963}" => Key not found. "HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b47b547-c23a-11e3-b0f8-bc5ff49946d8}" => Key deleted successfully. "HKCR\CLSID\{6b47b547-c23a-11e3-b0f8-bc5ff49946d8}" => Key not found. "HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fb52073-f61e-11e2-9398-bc5ff49946d8}" => Key deleted successfully. "HKCR\CLSID\{8fb52073-f61e-11e2-9398-bc5ff49946d8}" => Key not found. "HKU\S-1-5-21-3130982306-4013703999-1913658739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc94970a-3135-11e3-9f13-bc5ff49946d8}" => Key deleted successfully. "HKCR\CLSID\{dc94970a-3135-11e3-9f13-bc5ff49946d8}" => Key not found. C:\temp => ":pid1" ADS removed successfully. C:\temp => ":pid2" ADS removed successfully. C:\temp => ":srv" ADS removed successfully. ==== End of Fixlog ==== ...................... Da li je potrebno da odmah pristupim koraku 3. ili da sačekam da pogledate ovo što sam u poruci okačio?

Profil

ivance95 Poslao: 01 Avg 2014 22:23 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	1Ovo se svidja korisniku: drLoader Registruj se da bi pohvalio/la poruku! Isprati 3. korak. I reci mi kakvo je sada stanje, da li se i dalje javlja greška?

Profil

drLoader Poslao: 01 Avg 2014 22:59 Idi na vrh
offline drLoader Građanin Pridružio: 17 Jun 2008 Poruke: 178	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve sam uradio. Restartovao sam računar pre jedan minut i nakon podizanja sistema nije bilo onog "prozora" koji je i bio razlog svog ovog našeg sajber-druženja i škole glancanja softvera Evo rezultata skeniranja pomoću "Zoek-a" : Zoek.exe v5.0.0.0 Updated 31-07-2014 Tool run by Dragan on pet 01.08.2014 at 22:44:40,45. Microsoft Windows 7 Ultimate 6.1.7600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dragan\Desktop\zoek\zoek.com [Scan all users] [Script inserted] ==== System Restore Info ====================== 1.8.2014 22:45:34 Zoek.exe System Restore Point Created Succesfully. ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Dragan\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-07-27 07:28:00 8265CD5C67D0A35DFC40F3D1A8AC994C 94656 ----a-w- C:\Windows\Sysnative\WPRO_41_2001woem.tmp ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2014-08-01 20:44:20 2F792B5F520DBDFAAF2B0D16BA936D97 3136 ----a-w- C:\Windows\Sysnative\Tasks\{CF373113-C597-4B29-88D9-E27A9A88C5BB} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Dragan\AppData\Roaming ====== 2014-08-01 12:18:23 -------- d-----w- C:\Users\Dragan\AppData\Local\Microsoft Games 2014-07-07 18:29:26 -------- d-----w- C:\Users\Default\AppData\Local\Google 2014-07-07 18:29:26 -------- d-----w- C:\Users\Default User\AppData\Local\Google ====== C:\Users\Dragan ====== 2014-08-01 20:11:19 78F615612A4DAC73D39B0B1D44C9EB88 2094080 ----a-w- C:\Users\Dragan\Desktop\FRST64.exe 2014-08-01 07:10:32 78F615612A4DAC73D39B0B1D44C9EB88 2094080 ----a-w- C:\Users\Dragan\Downloads\FRST64.exe 2014-07-31 21:39:01 4128AE55522EFFB4CE9611E8E62B779A 4813544 ----a-w- C:\Users\Dragan\Downloads\ccsetup416.exe 2014-07-31 21:01:26 C7F9E2C59F473BB617832661400D635A 591040 ----a-w- C:\Users\Dragan\Downloads\autoruns.exe ====== C: exe-files == 2014-08-01 20:11:19 78F615612A4DAC73D39B0B1D44C9EB88 2094080 ----a-w- C:\Users\Dragan\Desktop\FRST64.exe 2014-08-01 07:10:32 78F615612A4DAC73D39B0B1D44C9EB88 2094080 ----a-w- C:\Users\Dragan\Downloads\FRST64.exe 2014-07-31 21:39:01 4128AE55522EFFB4CE9611E8E62B779A 4813544 ----a-w- C:\Users\Dragan\Downloads\ccsetup416.exe 2014-07-31 21:01:26 C7F9E2C59F473BB617832661400D635A 591040 ----a-w- C:\Users\Dragan\Downloads\autoruns.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3130982306-4013703999-1913658739-1000\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Ultra Agent"="C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe -autorun" "AVG-Secure-Search-Update_0913b"="C:\Users\Dragan\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 4e3a302b2b7447d385de6d16b27daf2b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b" "uTorrent"="C:\Users\Dragan\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Ultra Agent"="C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe -autorun" "AVG-Secure-Search-Update_0913b"="C:\Users\Dragan\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 4e3a302b2b7447d385de6d16b27daf2b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b" "uTorrent"="C:\Users\Dragan\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Folders ====================== 2013-07-25 15:55:42 2309 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25.07.2013 20:26] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25.07.2013 20:26] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default - Undetermined - %ProfilePath%\extensions\staged ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cflheckfmhopnialghigdlggahiomebp - C:\Users\Dragan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Dragan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[12.06.2014 08:16] giolhomkcooifelkdfpejhidfidaahlc - C:\Users\Dragan\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx[] Google Drive - Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Voice Search Hotword (Beta) - Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn YouTube - Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on pet 01.08.2014 at 22:47:48,31 ======================

Profil

drLoader Poslao: 01 Avg 2014 23:16 Idi na vrh
offline drLoader Građanin Pridružio: 17 Jun 2008 Poruke: 178	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dakle, uradili smo ono što je bila namera. Veliko hvala na pomoći ! Inače, koliko je bilo "uljeza" (ako na to pitanje uopšte može da se odgovori na relativno određen način)?

Profil

ivance95 Poslao: 02 Avg 2014 12:20 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	1Ovo se svidja korisniku: drLoader Registruj se da bi pohvalio/la poruku! Nismo još završili, potrebno je još neke ostatke počistiti. Ponovo pokreni zoek ; zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; U beli okvir prozora iskopiraj sledeći tekst: [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA];r [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apps Hat];r [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid];r [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iMesh];r C:\Temp:005598D6.dat;f AutoClean; Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku. Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

drLoader Poslao: 02 Avg 2014 22:15 Idi na vrh
offline drLoader Građanin Pridružio: 17 Jun 2008 Poruke: 178	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 02 Avg 2014 21:44 Završio prvi deo, tj. skeniranje pomoću sa Zoek-a, na zadat način. U poruci, ove ispod, okačio sam rezultate. - Uzgred, iako sam isključio AVG Temporari... - kako je naglašeno - AVG se na samom završetku Zoekovog skeniranja pojavio s prozorom na kome je ponuđeno da Zoek označim kao uljeza, ili da ga dodam u listu programa koji su za računar prihvatljivi. Dok ja kačim ovu poruku, dodavanje na AVG-u i dalje traje. Ne znam zašto toliko dugo. Možda nešto nije ok? Evo i te slike: Možda je bespotrebno, ali je kačim za svaki slučaj. ................................................. Evo i traženih rezultata sa Zoeka, ispod. Sad pristupam onom daljem obavljanju radnji iz uputstava, pa ću ih okačizi u narednoj poruci, ili kao dodatak ove poruke: Zoek.exe v5.0.0.0 Updated 31-07-2014 Tool run by Dragan on sub 02.08.2014 at 21:08:58,12. Microsoft Windows 7 Ultimate 6.1.7600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dragan\Desktop\zoek\zoek.scr [Scan all users] [Script inserted] ==== System Restore Info ====================== 2.8.2014 21:10:51 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apps Hat] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iMesh] ==== Deleting Files \ Folders ====================== "C:\Temp:005598D6.dat" not found C:\PROGRA~3\Conduit deleted C:\PROGRA~2\jZip deleted C:\PROGRA~2\Yahoo! deleted C:\PROGRA~2\AmiExt deleted C:\PROGRA~2\Free Games 111 deleted C:\PROGRA~2\MyPC Backup deleted C:\PROGRA~2\Conduit deleted C:\Users\Dragan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk deleted C:\Users\Dragan\AppData\Roaming\speedanalysis.ico deleted C:\Users\Dragan\AppData\Roaming\zulagames deleted C:\Users\Dragan\AppData\Roaming\Yahoo! deleted C:\Users\Dragan\AppData\Roaming\SpeedAnalysis3 deleted C:\Users\Dragan\AppData\Roaming\PerformerSoft deleted C:\Users\Dragan\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Yahoo! Companion deleted C:\PROGRA~3\IBUpdaterService deleted C:\PROGRA~3\Babylon deleted C:\Users\Dragan\AppData\Local\CRE deleted C:\Users\Dragan\AppData\Local\TB deleted C:\Users\Dragan\AppData\Local\jZip deleted C:\Users\Dragan\AppData\Local\Bundled software uninstaller deleted C:\Users\Dragan\AppData\Local\iMesh deleted C:\Users\Dragan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk deleted C:\Users\Dragan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk deleted C:\Users\Dragan\Downloads\avg_free_stb_all_2013_3349_cnet.exe deleted C:\Users\Dragan\Downloads\iMeshSetup-r1026-n-bc.exe deleted C:\Users\Dragan\Searches deleted C:\Users\Dragan\Downloads\SoftonicDownloader_for_windows-movie-maker-2012.exe deleted C:\Users\Dragan\AppData\LocalLow\Minibar deleted C:\Users\Dragan\AppData\LocalLow\Conduit deleted C:\END deleted C:\Users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged deleted C:\Users\Dragan\Desktop\SpeedAnalysis.lnk deleted "C:\Users\Dragan\AppData\Roaming\Yandex\ui" deleted "C:\Users\Dragan\AppData\Roaming\Yandex" deleted ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cflheckfmhopnialghigdlggahiomebp - C:\Users\Dragan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Dragan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[12.06.2014 08:16] giolhomkcooifelkdfpejhidfidaahlc - C:\Users\Dragan\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx[] Google Voice Search Hotword (Beta) - Dragan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn ==== Chrome Fix ====================== C:\Users\Dragan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_giolhomkcooifelkdfpejhidfidaahlc_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y] @="http://yandex.ru/yandsearch?win=93&clid=1946479-10360&text=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3130982306-4013703999-1913658739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-3130982306-4013703999-1913658739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-3130982306-4013703999-1913658739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-3130982306-4013703999-1913658739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-3130982306-4013703999-1913658739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C45EC9F0-8333-465D-9728-074BD41985C9} deleted successfully HKEY_USERS\S-1-5-21-3130982306-4013703999-1913658739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C45EC9F0-8333-465D-9728-074BD41985C9} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45EC9F0-8333-465D-9728-074BD41985C9} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\UrlSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\giolhomkcooifelkdfpejhidfidaahlc deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apps Hat deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppsHat deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLivid deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iMesh deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VkontakteDJ deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dragan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dragan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZS17JQO will be deleted at reboot C:\Users\Dragan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Dragan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=284 folders=73 108144245 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Dragan\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Dragan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Dragan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Dragan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZS17JQO" not found ==== EOF on sub 02.08.2014 at 21:22:41,86 ====================== Dopuna: 02 Avg 2014 22:04 Nije pronašao uljeze... ("No Malware Found"). Evo i log fajla: mycity.rs/must-login.png Dopuna: 02 Avg 2014 22:07 I drugog: mycity.rs/must-login.png Dopuna: 02 Avg 2014 22:10 Odnosno trebalo bi i ovako, sa kopiranom sadržinom m-bar-log-a: Malwarebytes Anti-Rootkit BETA 1.07.0.1012 malwarebytes.org Database version: v2014.08.02.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Dragan :: DRAGAN-PC [administrator] 2.8.2014 21:47:58 mbar-log-2014-08-02 (21-47-58).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit \| Drivers \| MBR \| Physical Sectors \| Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken Scan options disabled: Objects scanned: 294815 Time elapsed: 7 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Dopuna: 02 Avg 2014 22:15 .............................................. Nadam se da je sve obavljeno kako treba.

Profil

ivance95 Poslao: 02 Avg 2014 22:32 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	1Ovo se svidja korisniku: drLoader Registruj se da bi pohvalio/la poruku! To bi bilo to, kompjuter je čist što se malware-a tiče. • Sledeća procedura će implementirati završno čišćenje. Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop. Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija; Remove disinfection tools Create registry backup Purge System Restore Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad. Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani. Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt) Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Profil

drLoader Poslao: 02 Avg 2014 22:39 Idi na vrh
offline drLoader Građanin Pridružio: 17 Jun 2008 Poruke: 178	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Šta tačno podrazumeva ovo: "Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani."

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Dll na ekranu prilikom nakon podizanja sistema

Ko je trenutno na forumu

Ukupno su 877 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 874 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bigfoot, opt1, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by