MyCity » Ambulanta -> Arhiva Ambulante » cr3.gogorithm.com iskačujući

cr3.gogorithm.com iskačujući

Napisano na dan: 23.9.2014

cr3.gogorithm.com iskačujući
Sledeća strana Pagination

Idi na vrh

Poslao: 23 Sep 2014 11:21
Idi na vrh
offline
  • Pridružio: 20 Feb 2005
  • Poruke: 297
  • Gde živiš: Vranje

Problem nastao od pre 2 dana iskoče mi po nekoliko prozora
na internetu sam našao u vezi cr2.gogorithm.. a o ovom cr3 ništa.
Evo logfaila.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Hranca (administrator) on HRANCA-PC on 23-09-2014 11:05:45
Running from C:\Users\Hranca\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [6325936 2012-11-26] (ESET)
HKU\S-1-5-21-3660575161-1947987749-166325203-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [607232 2013-02-10] (MyCity)
HKU\S-1-5-21-3660575161-1947987749-166325203-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3660575161-1947987749-166325203-1000\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-3660575161-1947987749-166325203-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9B5EEFBD070FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enRS478
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: HKLM-x32 {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} https://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
DPF: HKLM-x32 {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} https://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazon......5.1.0.cab
DPF: HKLM-x32 {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 178.79.14.6 178.79.0.3 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-09]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.rs/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.rs/"
CHR Profile: C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Gmail) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-28]
CHR Extension: (Guvenlik Duvari) - C:\Users\Hranca\AppData\Local\kpiffgoicnafdiagcgdickdjchfgbgdc [2014-01-03]
CHR Profile: C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-03]
CHR Extension: (Google претрага) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-28]
CHR Extension: (AdBlock) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-03]
CHR Extension: (Skype Click to Call) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-16]
CHR Extension: (Google новчаник) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif [2014-08-25]
CHR Extension: (Gmail) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-28]
CHR Extension: (HD01-V2.1V20.09) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-20]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif\3.9 [2014-08-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1329304 2012-11-26] (ESET)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-02-17] () [File not signed]
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-22] ()
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1069248 2014-02-06] () [File not signed]
S3 usnjsvc; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [98672 2007-05-17] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) [File not signed]
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [228208 2007-05-16] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [189208 2012-10-08] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-10-08] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-11-28] (ESET)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2012-04-16] (HandSet Incorporated)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-12-30] (Sony Ericsson Mobile Communications)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-04-04] () [File not signed]
S3 tapklink; C:\Windows\System32\DRIVERS\tapklink.sys [31232 2011-10-23] (Faveset LLC) [File not signed]
U3 a04x24x7; C:\Windows\System32\Drivers\a04x24x7.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 11:05 - 2014-09-23 11:06 - 00015928 _____ () C:\Users\Hranca\Desktop\FRST.txt
2014-09-23 11:05 - 2014-09-23 11:05 - 00000000 ____D () C:\FRST
2014-09-23 10:50 - 2014-09-23 10:51 - 02105856 _____ (Farbar) C:\Users\Hranca\Desktop\FRST64.exe
2014-09-22 19:09 - 2014-09-22 19:05 - 04149585 ____N () C:\Users\Hranca\Desktop\Fancy Widgets Full v3.5.6 - FileChoco.com.apk
2014-09-22 18:56 - 2014-09-22 19:15 - 144314493 _____ () C:\Users\Hranca\Downloads\Z2_media_apps_rc1.zip
2014-09-22 10:02 - 2014-09-22 10:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-09-22 09:53 - 2014-09-22 10:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-21 23:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 23:01 - 2014-09-21 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 18:56 - 2014-09-21 18:56 - 00012111 _____ () C:\awh868.tmp
2014-09-20 20:30 - 2014-09-20 20:30 - 00012112 _____ () C:\awh369.tmp
2014-09-20 20:28 - 2014-09-22 22:58 - 00274566 ____N () C:\Windows\WindowsUpdate.log
2014-09-20 19:22 - 2014-09-20 19:22 - 00000687 _____ () C:\awh9A08.tmp
2014-09-20 19:20 - 2014-09-23 09:57 - 00001340 _____ () C:\Windows\Tasks\SMHJS.job
2014-09-20 19:20 - 2014-09-21 22:58 - 00000000 ____D () C:\Users\Hranca\AppData\Local\3763
2014-09-20 19:20 - 2014-09-20 19:20 - 00004370 _____ () C:\Windows\System32\Tasks\SMHJS
2014-09-20 19:19 - 2014-09-23 09:57 - 00001342 _____ () C:\Windows\Tasks\GIDEAE.job
2014-09-20 19:19 - 2014-09-20 19:19 - 00004372 _____ () C:\Windows\System32\Tasks\GIDEAE
2014-09-20 19:00 - 2014-09-20 19:02 - 00000000 ____D () C:\Users\Hranca\Downloads\Nero 12 Platinum 12.0.02000 (Key + Patch ONLY)
2014-09-20 18:26 - 2014-09-20 18:26 - 00000000 ____D () C:\Users\Hranca\Desktop\muzika
2014-09-17 23:01 - 2014-04-23 11:03 - 13789286 _____ () C:\Users\Hranca\Downloads\Album v6.0.A.0.26.apk
2014-09-17 20:58 - 2014-09-17 20:58 - 02093772 _____ () C:\Users\Hranca\Downloads\AndroidEmoji.ttf
2014-09-17 20:56 - 2014-09-17 20:57 - 10953457 _____ () C:\Users\Hranca\Downloads\textInput_Xperia.apk
2014-09-17 20:52 - 2014-09-17 20:54 - 09914681 _____ () C:\Users\Hranca\Downloads\xperia_keyboard_6.4.a.0.6.apk
2014-09-16 09:40 - 2014-09-16 09:40 - 00000911 _____ () C:\Users\Hranca\Desktop\VerindraRconClient.exe - Shortcut.lnk
2014-09-16 09:38 - 2014-09-16 09:38 - 00000619 _____ () C:\Users\Hranca\Desktop\Text.lnk
2014-09-15 13:49 - 2014-09-15 13:49 - 04379469 _____ () C:\Users\Hranca\Downloads\BetterBatteryStats_xdaedition_1.16.1.0B2.apk
2014-09-15 13:03 - 2014-09-15 13:03 - 07368147 _____ (TCL Communication Technology Holdings Limited ) C:\Users\Hranca\Downloads\ONE TOUCH Upgrade S 2.8.0 Setup.exe
2014-09-09 21:29 - 2014-09-09 21:29 - 00000000 ____D () C:\Users\Hranca\AppData\Local\WinZip
2014-09-09 21:28 - 2014-09-09 21:28 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-09-09 21:28 - 2014-09-09 21:28 - 00002211 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-09-09 21:28 - 2014-09-09 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-09-09 21:27 - 2014-09-10 13:06 - 00000000 ____D () C:\Program Files\WinZip
2014-09-09 21:08 - 2014-09-09 21:08 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-09 20:24 - 2014-09-09 21:24 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-02 20:52 - 2014-09-04 09:56 - 00000000 ____D () C:\ProgramData\WarThunder
2014-09-02 20:52 - 2014-09-02 20:52 - 00000000 ____D () C:\Users\Hranca\AppData\Local\WarThunder
2014-09-02 14:13 - 2014-09-10 12:05 - 00000222 _____ () C:\Users\Hranca\Desktop\War Thunder.url
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Hranca\AppData\Roaming\SMHJS
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Hranca\AppData\Roaming\GIDEAE
2014-08-25 20:17 - 2014-08-25 20:17 - 00000800 _____ () C:\Users\Hranca\Desktop\µTorrent.lnk
2014-08-25 20:10 - 2014-08-25 20:10 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Packages
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\ProgramData\75b259fb4b59fa99
2014-08-25 15:42 - 2014-08-25 15:42 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\WinZip
2014-08-24 21:30 - 2014-08-24 21:30 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 11:06 - 2014-09-23 11:05 - 00015928 _____ () C:\Users\Hranca\Desktop\FRST.txt
2014-09-23 11:05 - 2014-09-23 11:05 - 00000000 ____D () C:\FRST
2014-09-23 10:51 - 2014-09-23 10:50 - 02105856 _____ (Farbar) C:\Users\Hranca\Desktop\FRST64.exe
2014-09-23 10:46 - 2014-04-11 12:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 10:33 - 2012-04-02 17:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 10:28 - 2012-09-28 09:27 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job
2014-09-23 10:24 - 2014-06-05 08:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 10:03 - 2009-07-14 06:45 - 00046544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 10:03 - 2009-07-14 06:45 - 00046544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 10:00 - 2012-04-02 16:08 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6599C1B7-5469-40F1-81BD-1AD35A6AC043}
2014-09-23 09:57 - 2014-09-20 19:20 - 00001340 _____ () C:\Windows\Tasks\SMHJS.job
2014-09-23 09:57 - 2014-09-20 19:19 - 00001342 _____ () C:\Windows\Tasks\GIDEAE.job
2014-09-23 09:57 - 2013-09-16 20:16 - 00000000 ____D () C:\ProgramData\MCShield
2014-09-23 09:57 - 2012-04-02 17:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 09:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 22:58 - 2014-09-20 20:28 - 00274566 ____N () C:\Windows\WindowsUpdate.log
2014-09-22 19:15 - 2014-09-22 18:56 - 144314493 _____ () C:\Users\Hranca\Downloads\Z2_media_apps_rc1.zip
2014-09-22 19:05 - 2014-09-22 19:09 - 04149585 ____N () C:\Users\Hranca\Desktop\Fancy Widgets Full v3.5.6 - FileChoco.com.apk
2014-09-22 14:28 - 2012-09-28 09:27 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job
2014-09-22 10:03 - 2014-09-22 09:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-22 10:02 - 2014-09-22 10:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-09-22 09:19 - 2013-02-03 13:32 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-22 09:19 - 2013-02-03 13:31 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-22 09:19 - 2012-04-30 17:53 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-09-22 09:18 - 2013-01-26 21:07 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\HLSW
2014-09-22 00:41 - 2009-07-14 07:13 - 00800282 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 23:41 - 2012-03-31 08:26 - 00000997 _____ () C:\Users\Hranca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 23:24 - 2013-10-13 15:59 - 00000134 _____ () C:\Windows\win.ini
2014-09-21 23:01 - 2014-09-21 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 22:58 - 2014-09-20 19:20 - 00000000 ____D () C:\Users\Hranca\AppData\Local\3763
2014-09-21 18:56 - 2014-09-21 18:56 - 00012111 _____ () C:\awh868.tmp
2014-09-20 20:30 - 2014-09-20 20:30 - 00012112 _____ () C:\awh369.tmp
2014-09-20 19:36 - 2013-01-20 11:53 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\Wise Care 365
2014-09-20 19:28 - 2012-04-01 13:53 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-20 19:22 - 2014-09-20 19:22 - 00000687 _____ () C:\awh9A08.tmp
2014-09-20 19:20 - 2014-09-20 19:20 - 00004370 _____ () C:\Windows\System32\Tasks\SMHJS
2014-09-20 19:19 - 2014-09-20 19:19 - 00004372 _____ () C:\Windows\System32\Tasks\GIDEAE
2014-09-20 19:19 - 2012-04-02 17:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-20 19:18 - 2012-03-31 23:25 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\uTorrent
2014-09-20 19:02 - 2014-09-20 19:00 - 00000000 ____D () C:\Users\Hranca\Downloads\Nero 12 Platinum 12.0.02000 (Key + Patch ONLY)
2014-09-20 18:26 - 2014-09-20 18:26 - 00000000 ____D () C:\Users\Hranca\Desktop\muzika
2014-09-17 20:58 - 2014-09-17 20:58 - 02093772 _____ () C:\Users\Hranca\Downloads\AndroidEmoji.ttf
2014-09-17 20:57 - 2014-09-17 20:56 - 10953457 _____ () C:\Users\Hranca\Downloads\textInput_Xperia.apk
2014-09-17 20:54 - 2014-09-17 20:52 - 09914681 _____ () C:\Users\Hranca\Downloads\xperia_keyboard_6.4.a.0.6.apk
2014-09-16 09:40 - 2014-09-16 09:40 - 00000911 _____ () C:\Users\Hranca\Desktop\VerindraRconClient.exe - Shortcut.lnk
2014-09-16 09:38 - 2014-09-16 09:38 - 00000619 _____ () C:\Users\Hranca\Desktop\Text.lnk
2014-09-15 13:49 - 2014-09-15 13:49 - 04379469 _____ () C:\Users\Hranca\Downloads\BetterBatteryStats_xdaedition_1.16.1.0B2.apk
2014-09-15 13:03 - 2014-09-15 13:03 - 07368147 _____ (TCL Communication Technology Holdings Limited ) C:\Users\Hranca\Downloads\ONE TOUCH Upgrade S 2.8.0 Setup.exe
2014-09-11 21:31 - 2013-02-03 13:32 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-10 15:43 - 2012-07-25 19:46 - 00000000 ____D () C:\totalcmd
2014-09-10 15:17 - 2013-01-25 21:23 - 00000000 ____D () C:\Install
2014-09-10 13:08 - 2012-03-31 08:25 - 00000000 ____D () C:\Users\Hranca
2014-09-10 13:07 - 2012-04-02 17:16 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-10 13:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-10 13:06 - 2014-09-09 21:27 - 00000000 ____D () C:\Program Files\WinZip
2014-09-10 13:06 - 2013-02-03 16:34 - 00000000 ____D () C:\ProgramData\Xfire
2014-09-10 13:06 - 2012-04-11 20:23 - 00000000 ____D () C:\ProgramData\Real
2014-09-10 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-10 12:05 - 2014-09-02 14:13 - 00000222 _____ () C:\Users\Hranca\Desktop\War Thunder.url
2014-09-09 21:46 - 2012-04-04 00:24 - 00000000 ____D () C:\Users\Hranca\Documents\Outlook Files
2014-09-09 21:29 - 2014-09-09 21:29 - 00000000 ____D () C:\Users\Hranca\AppData\Local\WinZip
2014-09-09 21:29 - 2012-10-06 09:26 - 00000000 ____D () C:\ProgramData\WinZip
2014-09-09 21:28 - 2014-09-09 21:28 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-09-09 21:28 - 2014-09-09 21:28 - 00002211 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-09-09 21:28 - 2014-09-09 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-09-09 21:24 - 2014-09-09 20:24 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 21:24 - 2014-06-05 08:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 21:24 - 2012-04-02 17:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 21:24 - 2012-04-02 17:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 21:08 - 2014-09-09 21:08 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-09 20:43 - 2013-02-03 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-09 09:24 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-05 22:20 - 2013-02-03 16:34 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\Xfire
2014-09-04 09:56 - 2014-09-02 20:52 - 00000000 ____D () C:\ProgramData\WarThunder
2014-09-02 20:52 - 2014-09-02 20:52 - 00000000 ____D () C:\Users\Hranca\AppData\Local\WarThunder
2014-09-02 20:52 - 2012-04-16 08:02 - 00000000 ____D () C:\Users\Hranca\Documents\My Games
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Hranca\AppData\Roaming\SMHJS
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Hranca\AppData\Roaming\GIDEAE
2014-08-26 10:36 - 2013-03-15 11:31 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Facebook
2014-08-25 20:17 - 2014-08-25 20:17 - 00000800 _____ () C:\Users\Hranca\Desktop\µTorrent.lnk
2014-08-25 20:12 - 2014-08-23 14:51 - 00000000 ____D () C:\ONE TOUCH Upgrade S 2.8.0
2014-08-25 20:10 - 2014-08-25 20:10 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Packages
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\ProgramData\75b259fb4b59fa99
2014-08-25 20:10 - 2012-03-31 08:48 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Google
2014-08-25 20:10 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-25 20:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-25 15:42 - 2014-08-25 15:42 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\WinZip
2014-08-24 21:33 - 2012-04-02 18:04 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\vlc
2014-08-24 21:30 - 2014-08-24 21:30 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk

Some content of TEMP:
====================
C:\Users\Hranca\AppData\Local\Temp\HitmanPro.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 13:09

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

Poslao: 23 Sep 2014 20:42
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR Extension: (Guvenlik Duvari) - C:\Users\Hranca\AppData\Local\kpiffgoicnafdiagcgdickdjchfgbgdc [2014-01-03]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif [2014-08-25]
CHR Extension: (HD01-V2.1V20.09) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-20]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif\3.9 [2014-08-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {065C9A71-0EAB-42C2-8E6D-0AAFF568F8B1} - \Windows Update Check - 0x0BC402F2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GIDEAE.job => C:\Users\Hranca\AppData\Roaming\GIDEAE.exe
C:\Users\Hranca\AppData\Roaming\GIDEAE.exe
Task: C:\Windows\Tasks\SMHJS.job => C:\Users\Hranca\AppData\Roaming\SMHJS.exe
C:\Users\Hranca\AppData\Roaming\SMHJS.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

Poslao: 23 Sep 2014 21:59
Idi na vrh
offline
  • Pridružio: 20 Feb 2005
  • Poruke: 297
  • Gde živiš: Vranje

Napisano: 23 Sep 2014 21:48

Fixlog.text.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Hranca at 2014-09-23 21:35:28 Run:1
Running from C:\Users\Hranca\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR Extension: (Guvenlik Duvari) - C:\Users\Hranca\AppData\Local\kpiffgoicnafdiagcgdickdjchfgbgdc [2014-01-03]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif [2014-08-25]
CHR Extension: (HD01-V2.1V20.09) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-20]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif\3.9 [2014-08-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {065C9A71-0EAB-42C2-8E6D-0AAFF568F8B1} - \Windows Update Check - 0x0BC402F2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GIDEAE.job => C:\Users\Hranca\AppData\Roaming\GIDEAE.exe
C:\Users\Hranca\AppData\Roaming\GIDEAE.exe
Task: C:\Windows\Tasks\SMHJS.job => C:\Users\Hranca\AppData\Roaming\SMHJS.exe
C:\Users\Hranca\AppData\Roaming\SMHJS.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
EmptyTemp:
*****************

C:\Users\Hranca\AppData\Local\kpiffgoicnafdiagcgdickdjchfgbgdc => Moved successfully.
C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif => Moved successfully.
C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimopelmdneikoknbgpopffpbmlhgpa => Moved successfully.
C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif\3.9 directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{065C9A71-0EAB-42C2-8E6D-0AAFF568F8B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{065C9A71-0EAB-42C2-8E6D-0AAFF568F8B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Update Check - 0x0BC402F2" => Key deleted successfully.
C:\Windows\Tasks\GIDEAE.job => Moved successfully.
"C:\Users\Hranca\AppData\Roaming\GIDEAE.exe" => File/Directory not found.
C:\Windows\Tasks\SMHJS.job => Moved successfully.
"C:\Users\Hranca\AppData\Roaming\SMHJS.exe" => File/Directory not found.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
EmptyTemp: => Removed 233.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Dopuna: 23 Sep 2014 21:57

Prikačen tekst...
https://www.mycity.rs/must-login.png

Dopuna: 23 Sep 2014 21:59

Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
To se nije desilo Notapad se nije otvorio i neznam da li mogu da pronađem taj izveštaj ako ga ima ??

Poslao: 23 Sep 2014 22:19
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Postavio si ga. Taj tekst koji je trebalo da se otvori je fixlog.txt koji si već postavio. Kakvo je sada stanje? Da li ti još iskaču prozori sa reklamama?


Nego:

Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php



Arrow Korak 2

Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Poslao: 23 Sep 2014 22:32
Idi na vrh
offline
  • Pridružio: 20 Feb 2005
  • Poruke: 297
  • Gde živiš: Vranje

Zip.fail qarantin poslat

Poslao: 23 Sep 2014 22:45
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

OK. Pređi na drugi korak.

Poslao: 23 Sep 2014 22:53
Idi na vrh
offline
  • Pridružio: 20 Feb 2005
  • Poruke: 297
  • Gde živiš: Vranje

MBAR nije našao ništa sve je čisto.
Računar sada radi odlično nema više onog iskačućeg prozora.
da izvršim deinstalaciju ovih programa ili ??

Poslao: 23 Sep 2014 22:58
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

MBARov folder možeš obrisati sa Desktopa.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.



Arrow

Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v3.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield

Poslao: 23 Sep 2014 23:05
Idi na vrh
offline
  • Pridružio: 20 Feb 2005
  • Poruke: 297
  • Gde živiš: Vranje

O.K.Urađeno inače koristim MCShield ali sam ga bio isključio da ne bi nešto smetao prilikom čišćenje računara.
Hvala na pomoć i sve najbolje

MyCity » Ambulanta -> Arhiva Ambulante » cr3.gogorithm.com iskačujući

Ko je trenutno na forumu
 

Ukupno su 803 korisnika na forumu :: 4 registrovanih, 2 sakrivenih i 797 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: branko7, Leonov, rikirubio, Visionary