MyCity » Ambulanta -> Arhiva Ambulante » Problem zbog Avasta

Problem zbog Avasta

Napisano na dan: 22.4.2015

Problem zbog Avasta
Sledeća strana Pagination

Idi na vrh

Poslao: 22 Apr 2015 17:22
Idi na vrh
offline
  • Pridružio: 22 Apr 2015
  • Poruke: 4

Kada sam instalirao najnoviju verziju Avasta i restartovao PC ne rade mi Opera, Mozila, IE i torent, radi mi samo Crome.

Poslao: 23 Apr 2015 22:54
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Isprati uputstvo za otvaranje teme i postavi tražene FRST izvještaje.

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 24 Apr 2015 10:05
Idi na vrh
offline
  • Pridružio: 22 Apr 2015
  • Poruke: 4

Sass Drake ::Isprati uputstvo za otvaranje teme i postavi tražene FRST izvještaje.

mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Evo FRST izvještaj.

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by PC (administrator) on PC-PC on 24-04-2015 09:54:10
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available profiles: PC)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2014-12-27] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5513424 2015-04-22] (Avast Software s.r.o.)
HKU\S-1-5-21-754792903-1802118650-284287587-1000\...\Run: [GoobzoYouTubeAccelerator] => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startup
HKU\S-1-5-21-754792903-1802118650-284287587-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-754792903-1802118650-284287587-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-754792903-1802118650-284287587-1000\...\MountPoints2: {428465c7-9df5-11e3-a360-806e6f6e6963} - E:\DVDSetup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-754792903-1802118650-284287587-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-754792903-1802118650-284287587-1000 -> {2CCC23E9-BBCD-4D8A-A92A-8CFD5EBB2D82} URL = trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN24583800623023189&UM=4
SearchScopes: HKU\S-1-5-21-754792903-1802118650-284287587-1000 -> {D327EB86-1021-4286-9914-E73AFF217614} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091&CUI=UN33374319946519184&UM=1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-21] (Oracle Corporation)
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll [2014-07-10] (Goobzo Ltd.)
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll [2014-07-10] (Goobzo Ltd.)
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Winsock: Catalog9 01 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 02 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 03 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 04 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 05 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 06 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 07 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 08 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 19 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7FAC4241-5C9D-4508-8B07-0AF0873F2BB2}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bklxhlui.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: google.com/?trackid=sp-006
FF Keyword.URL: google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-28] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-21] (Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-25] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-21] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-754792903-1802118650-284287587-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bklxhlui.default\searchplugins\google-avast.xml [2014-12-26]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bklxhlui.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-12-25]
FF Extension: Video DownloadHelper - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bklxhlui.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-22]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
CHR Extension: (Validity) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbicmjjbohdfglopkidebfccilipgeif [2014-04-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 MaintainerSvc6.37.565328; C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [128240 2015-04-20] ()
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-29] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-04-22] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-02-24] (DT Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
U3 msahci; No ImagePath
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-19] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-02] (Duplex Secure Ltd.)
R1 {60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64; C:\Windows\System32\drivers\{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64.sys [48784 2014-11-03] (StdLib)
U3 a8n84mtj; C:\Windows\System32\Drivers\a8n84mtj.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 09:54 - 2015-04-24 09:54 - 00014976 _____ () C:\Users\PC\Downloads\FRST.txt
2015-04-24 09:53 - 2015-04-24 09:54 - 00000000 ____D () C:\FRST
2015-04-24 09:52 - 2015-04-24 09:52 - 02099712 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2015-04-24 09:33 - 2015-04-24 09:34 - 05683024 _____ (Avast Software s.r.o.) C:\Users\PC\Downloads\avastclear.exe
2015-04-23 19:53 - 2015-04-23 19:53 - 01114112 _____ () C:\Users\PC\Downloads\MicrosoftFixit50440.msi
2015-04-23 14:35 - 2015-04-23 14:35 - 00000777 _____ () C:\Users\PC\Desktop\Splinter Cell - Blacklist.lnk
2015-04-23 14:35 - 2015-04-23 14:35 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Splinter Cell - Blacklist
2015-04-22 23:18 - 2015-04-22 23:18 - 00001032 _____ () C:\Users\PC\Desktop\Settings.lnk
2015-04-22 23:11 - 2015-04-22 23:11 - 00000457 _____ () C:\Users\Public\Desktop\Pro Evolution Soccer 2015.lnk
2015-04-22 23:11 - 2015-04-22 23:11 - 00000457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2015.lnk
2015-04-22 22:02 - 2015-04-22 22:02 - 44276107 _____ () C:\Users\PC\Documents\KONAMI.rar
2015-04-22 16:38 - 2015-04-23 16:51 - 00000107 _____ () C:\Users\PC\Desktop\New Text Document.txt
2015-04-22 13:42 - 2015-04-22 13:42 - 00000000 ____D () C:\Users\PC\AppData\Roaming\AVAST Software
2015-04-22 13:41 - 2015-04-22 13:42 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-22 13:41 - 2015-04-22 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-22 13:41 - 2015-04-22 13:40 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-22 13:41 - 2015-04-22 13:40 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-22 13:41 - 2015-04-22 13:40 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-22 13:41 - 2015-04-22 13:40 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-22 13:41 - 2015-04-22 13:40 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-22 13:41 - 2015-04-22 13:40 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-22 13:41 - 2015-04-22 13:40 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-22 13:41 - 2015-04-22 13:40 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-22 13:41 - 2015-04-22 13:40 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-22 13:40 - 2015-04-22 13:40 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-22 11:43 - 2015-04-22 11:43 - 00018684 _____ () C:\Users\PC\Downloads\[R.G. Mechanics] Pro Evolution Soccer 2015.torrent
2015-04-22 11:42 - 2015-04-22 11:42 - 00000000 ____D () C:\Users\PC\AppData\Local\qBittorrent
2015-04-22 11:42 - 2015-04-22 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-04-22 11:40 - 2015-04-22 11:41 - 10724302 _____ (The qBittorrent project) C:\Users\PC\Downloads\qbittorrent_3.1.12_setup.exe
2015-04-22 10:53 - 2015-04-22 11:05 - 147571744 _____ (Avast Software s.r.o.) C:\Users\PC\Downloads\avast_free_antivirus_setup.exe
2015-04-21 19:14 - 2015-04-21 19:15 - 00000000 ____D () C:\Users\PC\Desktop\download
2015-04-21 14:30 - 2015-04-21 14:30 - 00000000 ____D () C:\Users\Public\Documents\PC Faster
2015-04-21 00:54 - 2015-04-24 09:38 - 00000728 _____ () C:\Windows\setupact.log
2015-04-21 00:54 - 2015-04-23 09:32 - 00370186 _____ () C:\Windows\PFRO.log
2015-04-21 00:54 - 2015-04-21 00:54 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-21 00:39 - 2015-04-21 00:39 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 22:33 - 2015-04-20 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 20:30 - 2015-04-24 09:38 - 00001006 _____ () C:\Windows\Tasks\0DDWFY7L9hq9IABAd0B7NJp.job
2015-04-20 20:30 - 2015-04-24 09:38 - 00000992 _____ () C:\Windows\Tasks\jv70TOdQ70layoYy.job
2015-04-20 20:30 - 2015-04-20 20:30 - 00004020 _____ () C:\Windows\System32\Tasks\0DDWFY7L9hq9IABAd0B7NJp
2015-04-20 20:30 - 2015-04-20 20:30 - 00004006 _____ () C:\Windows\System32\Tasks\jv70TOdQ70layoYy
2015-04-20 20:29 - 2015-04-20 20:29 - 00000000 ____D () C:\Program Files (x86)\dbf623c1-120c-4965-b22f-43740418ff35
2015-04-20 20:28 - 2015-04-22 12:16 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-20 20:28 - 2015-04-20 20:28 - 00000000 ____D () C:\Users\PC\AppData\Local\globalUpdate
2015-04-20 20:25 - 2015-04-21 00:37 - 00004492 _____ () C:\Windows\System32\Tasks\ShopperPro
2015-04-20 20:25 - 2015-04-21 00:37 - 00003558 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2015-04-20 20:25 - 2015-04-20 20:25 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-04-20 20:23 - 2015-04-21 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
2015-04-20 20:23 - 2015-04-20 20:23 - 00003428 _____ () C:\Windows\System32\Tasks\YTAUpdate
2015-04-20 20:23 - 2015-04-20 20:23 - 00003242 _____ () C:\Windows\System32\Tasks\YTAUpdate_logon
2015-04-20 20:23 - 2015-04-20 20:23 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-04-20 20:23 - 2015-04-20 20:23 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2015-04-20 20:23 - 2015-04-20 20:23 - 00000000 ____D () C:\ProgramData\YTAHelper
2015-04-20 20:22 - 2015-04-20 20:22 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2015-04-20 20:22 - 2015-04-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2015-04-20 20:22 - 2015-04-20 20:22 - 00000000 ____D () C:\Program Files\MegaDownloader
2015-04-20 20:20 - 2015-04-20 20:20 - 02112848 _____ (Andres_age ) C:\Users\PC\Downloads\MegaDownloader_v1.1 (1).exe
2015-04-19 14:20 - 2015-04-19 14:20 - 00005872 _____ () C:\Users\PC\AppData\Roaming\0DDWFY7L9hq9IABAd0B7NJp
2015-04-16 22:20 - 2015-04-16 22:20 - 00000000 ____D () C:\Users\PC\AppData\Local\Downloaded Installations
2015-04-14 18:28 - 2015-04-14 18:28 - 00004387 _____ () C:\Users\PC\AppData\Roaming\jv70TOdQ70layoYy
2015-04-11 21:19 - 2015-04-11 21:21 - 00000000 ____D () C:\Program Files (x86)\Subtitle Workshop
2015-04-11 21:19 - 2015-04-11 21:19 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop
2015-04-07 12:49 - 2015-04-20 13:26 - 00000000 ____D () C:\Users\PC\Desktop\Titl
2015-04-05 12:49 - 2015-04-05 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCREEN2EXE
2015-04-02 15:39 - 2015-04-02 15:39 - 00000000 ____D () C:\Users\PC\Documents\Output
2015-04-02 13:23 - 2015-04-02 13:23 - 00000000 ____D () C:\Users\PC\AppData\Roaming\PD Design Studio
2015-04-02 13:19 - 2015-04-02 13:19 - 00004096 _____ () C:\Windows\d3dx.dat
2015-04-01 19:13 - 2015-04-01 19:13 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Realtime Soft
2015-03-31 12:59 - 2015-04-05 17:28 - 00000000 ____D () C:\Users\PC\Jamato max34
2015-03-30 14:12 - 2015-03-30 14:12 - 00000000 ____D () C:\Users\PC\AppData\Local\EMU
2015-03-28 14:04 - 2015-03-28 14:04 - 00000000 ____D () C:\Users\PC\Documents\FLiNGTrainer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 09:45 - 2009-07-14 06:45 - 00023872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 09:45 - 2009-07-14 06:45 - 00023872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 09:42 - 2009-07-14 07:13 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 09:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 22:37 - 2014-03-01 10:12 - 00000000 ____D () C:\Users\PC\AppData\Local\Paint.NET
2015-04-23 22:31 - 2014-08-26 23:21 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Aegisub
2015-04-23 14:35 - 2014-03-04 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-04-22 23:10 - 2014-02-24 19:34 - 00000000 ____D () C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2015-04-22 22:02 - 2014-02-27 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-04-22 19:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-22 16:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-22 14:07 - 2014-02-28 23:44 - 00000000 ____D () C:\Users\PC\Quick Launch
2015-04-22 13:40 - 2014-03-21 16:42 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-22 13:34 - 2014-03-21 16:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-22 12:57 - 2014-04-04 09:38 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2015-04-21 22:08 - 2014-04-16 18:35 - 00000000 ____D () C:\Users\PC\dwhelper
2015-04-21 20:57 - 2014-03-06 23:12 - 00000000 ____D () C:\Users\PC\AppData\Roaming\uTorrent
2015-04-21 19:24 - 2014-12-31 21:12 - 00000000 ____D () C:\Users\PC\Desktop\dejan
2015-04-21 14:30 - 2015-03-11 19:19 - 00000000 ____D () C:\ProgramData\PC Faster
2015-04-21 14:30 - 2014-10-20 09:06 - 00003570 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2015-04-21 10:06 - 2014-05-30 23:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 01:32 - 2014-03-06 23:05 - 00000000 ____D () C:\Users\PC\AppData\Roaming\BitTorrent
2015-04-21 01:00 - 2014-02-26 19:44 - 00000000 ____D () C:\Users\PC\Downloads\OperaDownload
2015-04-21 00:37 - 2014-11-26 18:37 - 00000000 ____D () C:\Users\PC\AppData\Roaming\MPC-HC
2015-04-21 00:31 - 2014-03-22 20:42 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-20 22:20 - 2014-11-04 12:53 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
2015-04-20 20:22 - 2014-02-26 22:27 - 00000000 ____D () C:\Users\PC\AppData\Roaming\vlc
2015-04-20 20:15 - 2014-03-08 11:26 - 00000000 ____D () C:\Users\PC\Downloads\BitTorent
2015-04-19 09:21 - 2014-02-24 19:23 - 00111584 _____ () C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 09:20 - 2009-07-14 06:45 - 00437624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-17 18:02 - 2014-04-29 23:13 - 00000000 ____D () C:\Users\PC\AppData\Roaming\gtk-2.0
2015-04-16 22:22 - 2014-07-23 21:14 - 00000000 ____D () C:\Users\PC\AppData\Local\AHD
2015-04-15 18:27 - 2014-08-28 16:36 - 00002442 _____ () C:\Users\PC\AppData\Roaming\ASSDraw3.cfg
2015-04-15 11:27 - 2014-03-17 23:18 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2015-04-14 16:31 - 2015-02-17 12:13 - 00000000 ____D () C:\Users\PC\AppData\Roaming\HandBrake
2015-04-14 14:19 - 2014-02-25 10:22 - 00000000 ____D () C:\Users\PC
2015-04-11 22:43 - 2014-02-27 21:09 - 00000000 ____D () C:\Users\PC\AppData\Roaming\WinRAR
2015-04-10 11:39 - 2014-02-24 19:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 11:38 - 2014-11-05 01:01 - 00000000 ____D () C:\Program Files (x86)\Aegisub
2015-04-09 20:08 - 2014-02-27 19:44 - 00000000 ____D () C:\Users\PC\Documents\My Games
2015-04-09 09:53 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 11:00 - 2015-03-10 17:22 - 00000000 ____D () C:\Users\PC\PLAY!Zine
2015-04-05 12:56 - 2015-03-16 00:04 - 00000000 ____D () C:\Users\PC\Parasyte
2015-04-04 17:27 - 2014-03-11 00:54 - 00000000 ____D () C:\Users\PC\Downloads\JDownloader
2015-04-04 11:31 - 2015-03-04 23:26 - 00000000 ____D () C:\Users\PC\Repak
2015-04-04 10:13 - 2014-02-26 17:15 - 00000000 ____D () C:\Users\PC\Downloads\uTorent
2015-04-03 21:17 - 2014-05-05 10:45 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Audacity
2015-04-02 13:18 - 2015-03-19 11:49 - 00000000 ____D () C:\Users\PC\Slomljena ostrica
2015-03-31 17:05 - 2015-02-05 13:58 - 00000000 ____D () C:\Users\PC\Documents\CAPCOM
2015-03-28 11:12 - 2014-02-27 01:06 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-28 11:12 - 2014-02-27 01:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-28 11:12 - 2014-02-27 00:31 - 00000000 ____D () C:\Users\PC\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\PC\AppData\Roaming\0DDWFY7L9hq9IABAd0B7NJp
2014-08-28 16:36 - 2015-04-15 18:27 - 0002442 _____ () C:\Users\PC\AppData\Roaming\ASSDraw3.cfg
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\PC\AppData\Roaming\jv70TOdQ70layoYy
2014-07-13 17:31 - 2014-07-13 17:31 - 0000017 _____ () C:\Users\PC\AppData\Local\resmon.resmoncfg
2014-10-20 09:06 - 2015-03-11 19:20 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js

Files to move or delete:
====================
C:\ProgramData\Duplicaterecord.js
C:\Users\PC\MegaUploader.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-21 12:24

==================== End Of Log ============================


mycity.rs/must-login.png

Poslao: 24 Apr 2015 18:26
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

iWebar
SensePlus
Shopper-Pro
YouTube Accelerator



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start

R1 {60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64; C:\Windows\System32\drivers\{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64.sys [48784 2014-11-03] (StdLib)
HKU\S-1-5-21-754792903-1802118650-284287587-1000\...\Run: [GoobzoYouTubeAccelerator] => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startup
HKU\S-1-5-21-754792903-1802118650-284287587-1000\...\MountPoints2: {428465c7-9df5-11e3-a360-806e6f6e6963} - E:\DVDSetup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-754792903-1802118650-284287587-1000 -> {2CCC23E9-BBCD-4D8A-A92A-8CFD5EBB2D82} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN24583800623023189&UM=4
SearchScopes: HKU\S-1-5-21-754792903-1802118650-284287587-1000 -> {D327EB86-1021-4286-9914-E73AFF217614} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091&CUI=UN33374319946519184&UM=1
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll No File
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll [2014-07-10] (Goobzo Ltd.)
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll [2014-07-10] (Goobzo Ltd.)
Winsock: Catalog9 01 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 02 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 03 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 04 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 05 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 06 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 07 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 08 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
Winsock: Catalog9 19 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll File Not found
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bklxhlui.default\searchplugins\google-avast.xml [2014-12-26]
R2 MaintainerSvc6.37.565328; C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [128240 2015-04-20] ()
S3 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X]
Task: {1EB40915-52B3-420E-B6D2-7C602F802ABE} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION
Task: {22073113-7CD0-475D-B4A9-BA2755DC74EC} - System32\Tasks\0DDWFY7L9hq9IABAd0B7NJp => C:\Users\PC\AppData\Roaming\0DDWFY7L9hq9IABAd0B7NJp.exe <==== ATTENTION
Task: {38D6E298-F0ED-44D5-926A-E100D6A01F8C} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {4654A458-45A3-415D-A353-2D7243E3FD87} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {DAA234E9-9719-4959-A5E6-3595E7E93825} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {F8A971BD-9DC3-4CF9-8E26-02783364A39F} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\PC\AppData\Roaming\WinRAR\CODEXi\Steam <==== ATTENTION
Task: C:\Windows\Tasks\0DDWFY7L9hq9IABAd0B7NJp.job => C:\Users\PC\AppData\Roaming\0DDWFY7L9hq9IABAd0B7NJp.exe <==== ATTENTION
Task: C:\Windows\Tasks\jv70TOdQ70layoYy.job => C:\Users\PC\AppData\Roaming\jv70TOdQ70layoYy.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:763FFD2C
AlternateDataStreams: C:\ProgramData\TEMP:DEDEE4A9
C:\Windows\System32\drivers\{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64.sys
C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
C:\Program Files (x86)\YouTube Accelerator
C:\ProgramData\ShopperPro
C:\ProgramData\YTAHelper
C:\Program Files (x86)\globalUpdate
C:\Users\PC\AppData\Local\globalUpdate
C:\Users\Public\Documents\ShopperPro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
C:\Users\Public\Documents\YTAHelper
C:\Users\Public\Documents\GOOBZO
C:\ProgramData\YTAHelper
C:\ProgramData\PC Faster
C:\Users\PC\AppData\Roaming\0DDWFY7L9hq9IABAd0B7NJp
C:\Users\PC\AppData\Roaming\ASSDraw3.cfg
C:\Users\PC\AppData\Roaming\jv70TOdQ70layoYy
C:\Users\PC\AppData\Local\resmon.resmoncfg
C:\ProgramData\Duplicaterecord.js
C:\Users\PC\MegaUploader.exe
C:\Users\PC\AppData\Roaming\0DDWFY7L9hq9IABAd0B7NJp.exe
C:\Users\PC\AppData\Roaming\WinRAR\CODEXi
C:\Users\PC\AppData\Roaming\jv70TOdQ70layoYy.exe

S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [X]
S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X]
Task: {947EC40A-7BAB-4FEA-A58D-2CDF00FEEC31} - System32\Tasks\{109222ED-876E-413f-9CD5-F279C143FF6A} => C:\Users\PC\AppData\Roaming\PC App Store\Plan.exe
C:\Users\PC\AppData\Roaming\PC App Store

EmptyTemp:

End


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

Poslao: 24 Apr 2015 19:50
Idi na vrh
offline
  • Pridružio: 22 Apr 2015
  • Poruke: 4

Sve je sredjeno sad radi sve kako treba.


mycity.rs/must-login.png


mycity.rs/must-login.png

Poslao: 24 Apr 2015 20:10
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nismo još gotovi. Smile


Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.



Arrow Korak 2

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Poslao: 25 Apr 2015 18:14
Idi na vrh
offline
  • Pridružio: 22 Apr 2015
  • Poruke: 4

Poslao sam Fajlove. FRST je iz 2 dijela.


mycity.rs/must-login.png



mycity.rs/must-login.png

Poslao: 25 Apr 2015 19:12
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sada si čist pa ti ostaje još da uradiš sljedeće.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

MyCity » Ambulanta -> Arhiva Ambulante » Problem zbog Avasta

Ko je trenutno na forumu
 

Ukupno su 858 korisnika na forumu :: 6 registrovanih, 1 sakriven i 851 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: comi_pfc, hyla, ILGromovnik, lcc, Milos ZA, nenad81