MyCity » Ambulanta -> Arhiva Ambulante » Shortcut USB unutar USB

Shortcut USB unutar USB

Napisano na dan: 16.5.2015

Shortcut USB unutar USB

Sledeća strana

Pagination

Odgovori

markoni_91 Poslao: 16 Maj 2015 13:56 Idi na vrh
offline markoni_91 Građanin Pridružio: 22 Okt 2010 Poruke: 115	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Znaci kada otvorim usb, unutra se pojavi precica usb, koja otvara novi prozor sa fajlovima..probao sam sve opcije sa googla preko cmd, ne moze ni : attrib -h -r -s /s /d D:\. “...moze trenutno, al odmah po starom..skenirao sam sa malwarebyte, ali nista..POMOC

Profil

Sass Drake Poslao: 16 Maj 2015 16:15 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 16 Maj 2015 16:13 Potrebno je da ispratiš uputstvo za otvaranje teme i da postaviš tražene izvještaje (FRST.txt i Addition.txt). Dopuna: 16 Maj 2015 16:15 http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

markoni_91 Poslao: 16 Maj 2015 17:24 Idi na vrh
offline markoni_91 Građanin Pridružio: 22 Okt 2010 Poruke: 115	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: frst.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02 Ran by Emachines (administrator) on EMACHINES-PC on 16-05-2015 16:39:06 Running from C:\Users\Emachines\Downloads Loaded Profiles: Emachines (Available profiles: Emachines) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe () C:\Program Files\Join Air\AssistantServices.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files\Join Air\UIExec.exe () C:\Users\Emachines\AppData\Local\Viber\Viber.exe (BitTorrent Inc.) C:\Users\Emachines\AppData\Roaming\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (1BN Software & IT Solutions) C:\Program Files\mHotspot\mHotspot.exe () C:\Program Files\Join Air\UIMain.exe () C:\Program Files\Join Air\CMUpdater.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Users\Emachines\AppData\Local\Google\Update\Install\{FA9283D8-FCC7-4E1E-AF05-811E27A4D87A}\42.0.2311.152_42.0.2311.135_chrome_updater.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Temp\CR_24FFC.tmp\setup.exe (Google Inc.) C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [486560 2010-09-27] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2010-09-27] (Atheros Commnucations) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-11-02] (PowerISO Computing, Inc.) HKLM\...\Run: [UIExec] => C:\Program Files\Join Air\UIExec.exe [132096 2009-10-10] () HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\Run: [Google Update] => C:\Users\Emachines\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-08] (Google Inc.) HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\Run: [Viber] => C:\Users\Emachines\AppData\Local\Viber\Viber.exe [776400 2015-02-25] () HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\Run: [uTorrent] => C:\Users\Emachines\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-07] (BitTorrent Inc.) HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\Run: [Facebook Update] => C:\Users\Emachines\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-27] (Facebook Inc.) HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: D - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: F - F:\Windows\Autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {006e4bef-8e6d-11e2-b7cf-806e6f6e6963} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {006e4c18-8e6d-11e2-b7cf-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {092cbc06-f9a9-11e2-bd85-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {9ec3b346-907f-11e2-8446-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d12c0459-1e83-11e2-844e-74de2bd91e0c} - F:\Windows\Autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d4c1e54f-3437-11e4-9b76-74de2bd91e0c} - F:\Windows\Install.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d4c1ea85-3437-11e4-9b76-dc0ea113dddf} - F:\autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {f00603b1-4a15-11e3-a84b-dc0ea113dddf} - D:\AutoRun.exe Startup: C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe [2014-10-15] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = google.me/ SearchScopes: HKU\S-1-5-21-2816825837-2188385637-3047774388-1000 -> {5E468D7E-82E3-4C2E-882D-985778FD7DA8} URL = websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^ME&apn_uid=655456E7-5552-4F15-BF7C-2CBE06B2F1D6&apn_sauid=555B8762-5738-42DC-B5BC-5F94DB27ABEB BHO: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files\Orbitdownloader\orbitcth.dll [2014-01-16] (Orbitdownloader.com) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) Tcpip\..\Interfaces\{786AE9E3-49E3-441F-952B-8CE673ABF501}: [NameServer] 79.143.101.225 79.143.101.229 FireFox: ======== FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2816825837-2188385637-3047774388-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Emachines\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2816825837-2188385637-3047774388-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Emachines\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-2816825837-2188385637-3047774388-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Emachines\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-2816825837-2188385637-3047774388-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Emachines\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/mb201?a=6OyY3KbyxA&i=26", "hxxp://badoo.com/startpage/", "hxxp://www.google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-04] CHR Extension: (Ancient Map) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2014-09-04] CHR Extension: (YouTube) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-04] CHR Extension: (Google Search) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-26] CHR Extension: (Search by Image (by Google)) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-01-31] CHR Extension: (The Godfather: Five Families) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl [2014-09-04] CHR Extension: (Chrome Remote Desktop) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-09-04] CHR Extension: (AdBlock) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-12] CHR Extension: (Bookmark Manager) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-09-04] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Skype Click to Call) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-25] CHR Extension: (Google Mail Checker) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-09-04] CHR Extension: (Onlive Clock) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2014-09-04] CHR Extension: (Google Wallet) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14] CHR Extension: (Image Source) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelhjdehgmblhbdmehhdaijknpemikmo [2014-09-04] CHR Extension: (Psykopaint) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-09-04] CHR Extension: (Send from Gmail (by Google)) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-09-04] CHR Extension: (Gmail) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-26] CHR Extension: (Tapatalk Notifier) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfhcjljnfjpfcbjpgnflfofmahljkjj [2014-09-04] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] StartMenuInternet: Google Chrome - C:\Users\Emachines\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [56480 2010-09-27] (Atheros Commnucations) [File not signed] S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [246272 2009-10-10] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [26984 2010-09-27] (Atheros) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) U0 mncwvq; C:\Windows\System32\drivers\nhdyrvs.sys [52440 2015-05-16] (Malwarebytes Corporation) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed] S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 16:39 - 2015-05-16 16:40 - 00016862 _____ () C:\Users\Emachines\Downloads\FRST.txt 2015-05-16 16:38 - 2015-05-16 16:39 - 00000000 ____D () C:\FRST 2015-05-16 16:38 - 2015-05-16 16:38 - 01146368 _____ (Farbar) C:\Users\Emachines\Downloads\FRST.exe 2015-05-16 14:36 - 2015-05-16 14:46 - 00000000 ____D () C:\ProgramData\MCShield 2015-05-16 14:36 - 2015-05-16 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield 2015-05-16 14:36 - 2015-05-16 14:36 - 00000000 ____D () C:\Program Files\MCShield 2015-05-16 14:35 - 2015-05-16 14:36 - 02856736 _____ (MyCity) C:\Users\Emachines\Downloads\MCShield-Setup.exe 2015-05-16 13:37 - 2015-05-16 13:48 - 00053210 _____ () C:\Users\Emachines\AppData\Roaming\ICARE.LOG 2015-05-16 13:37 - 2015-05-16 13:37 - 00017028 _____ () C:\Users\Emachines\Downloads\AutoRunExterminator-1.8.zip 2015-05-16 13:34 - 2015-05-16 13:34 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\nhdyrvs.sys 2015-05-16 12:54 - 2015-05-16 13:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-16 12:54 - 2015-05-16 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-16 12:54 - 2015-05-16 12:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-05-16 12:54 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-16 12:54 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-16 12:54 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-16 12:52 - 2015-05-16 12:53 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Emachines\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-16 12:43 - 2015-05-16 12:43 - 01190415 _____ () C:\Users\Emachines\Downloads\ProcessExplorer.zip 2015-05-16 12:41 - 2015-05-16 12:41 - 00000000 _____ () C:\Users\Emachines\attrib 2015-05-16 12:40 - 2015-05-16 12:41 - 00000000 _____ () C:\Users\Emachines\cd 2015-05-16 12:38 - 2015-05-16 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flobo USB Drive Repair Tool 2015-05-16 12:38 - 2015-05-16 12:38 - 00000000 ____D () C:\Program Files\Flobo USB Drive Repair Tool 2015-05-16 12:37 - 2015-05-16 12:38 - 00631110 _____ (Flobo Recovery, Inc. ) C:\Users\Emachines\Downloads\SetupFloboUSBRepairTool.exe 2015-05-16 12:30 - 2015-05-16 12:31 - 00003342 _____ () C:\Users\Emachines\Downloads\ShortcutVirusRemover.bat 2015-05-15 20:38 - 2015-05-15 20:38 - 00043508 _____ () C:\Users\Emachines\Downloads\206851-hot.tub.time.machine.2.2015.unrated.hdrip.xvid.ac3evo.zip 2015-05-13 04:16 - 2015-05-13 05:37 - 00000000 ____D () C:\Users\Emachines\Downloads\Fifty Shades of Grey (2015) 2015-05-13 04:16 - 2015-05-13 04:18 - 00000000 ____D () C:\Users\Emachines\Downloads\Mortdecai (2015) 2015-05-13 04:15 - 2015-05-13 04:15 - 00009384 _____ () C:\Users\Emachines\Downloads\fifty-shades-of-grey-2015-720p.torrent 2015-05-13 04:15 - 2015-05-13 04:15 - 00008882 _____ () C:\Users\Emachines\Downloads\Mortdecai (2015) [720p] YIFY - YTS.torrent 2015-05-13 04:12 - 2015-05-13 05:12 - 00000000 ____D () C:\Users\Emachines\Downloads\Hot Tub Time Machine 2 (2015) 2015-05-13 04:11 - 2015-05-13 04:11 - 00008328 _____ () C:\Users\Emachines\Downloads\Hot Tub Time Machine 2 (2015) [720p] YIFY - YTS.torrent 2015-05-13 03:51 - 2015-05-13 04:07 - 00000000 ____D () C:\Users\Emachines\Downloads\Arrow Season 3 2015-05-13 03:51 - 2015-05-13 03:51 - 00015160 _____ () C:\Users\Emachines\Downloads\[katproxy.com]arrow.season.3.e1.e20.hdtv.x264.download.torrent 2015-05-13 02:27 - 2015-05-13 02:27 - 00025846 _____ () C:\Users\Emachines\Downloads\[katproxy.com]arrow.season.3.1.20.series.2014.hdtvrip.torrent 2015-05-10 13:09 - 2015-05-10 13:09 - 00016183 _____ () C:\Users\Emachines\Downloads\172289-arrow.204.hdtvlol.zip 2015-05-10 13:09 - 2015-05-10 13:09 - 00015795 _____ () C:\Users\Emachines\Downloads\172611-arrow.205.hdtvlol.zip 2015-05-10 13:08 - 2015-05-10 13:08 - 00017348 _____ () C:\Users\Emachines\Downloads\171906-arrow.203.hdtvlol.zip 2015-05-10 13:08 - 2015-05-10 13:08 - 00015941 _____ () C:\Users\Emachines\Downloads\171532-arrow.s02e02.hdtv.x264lol.zip 2015-05-10 13:07 - 2015-05-10 13:07 - 00017477 _____ () C:\Users\Emachines\Downloads\171174-arrow.s02e01.hdtv.x264lol.zip 2015-05-10 13:06 - 2015-05-10 13:06 - 00380618 _____ () C:\Users\Emachines\Downloads\192461-arrow.s02croatian.bdrip.x264demand (1).zip 2015-05-10 09:31 - 2015-05-10 09:31 - 10767778 _____ () C:\Users\Emachines\Downloads\LenovoMusic-2.7.134_140311.apk 2015-05-10 00:42 - 2015-05-10 00:42 - 00038492 _____ () C:\Users\Emachines\Downloads\208154-jupiter.ascending.2015.720p.bluray.x264.yify.zip 2015-05-09 23:52 - 2015-05-10 00:42 - 00000000 ____D () C:\Users\Emachines\Downloads\Jupiter Ascending (2015) 2015-05-09 23:52 - 2015-05-09 23:52 - 00009378 _____ () C:\Users\Emachines\Downloads\jupiter-ascending-2015-720p.torrent 2015-05-09 04:49 - 2015-05-10 13:09 - 00000000 ____D () C:\Users\Emachines\Downloads\Arrow Season 2 Complete x264 {TJ} -={SPARROW}=- 2015-05-09 01:30 - 2015-05-09 01:30 - 00072373 _____ () C:\Users\Emachines\Downloads\144847-SherlockHolmesAGameofShadows_2011_DVDRipXviDMAXSPEED.zip 2015-05-08 21:47 - 2015-05-09 01:30 - 00000000 ____D () C:\Users\Emachines\Downloads\Sherlock Holmes A Game Of Shadows (2011) 2015-05-08 16:48 - 2015-05-08 16:49 - 00274115 _____ () C:\Users\Emachines\Downloads\[kickass.to]arrow.season.2.complete.720p.hdtv.x264.dimension.publichd.torrent 2015-05-08 16:47 - 2015-05-08 16:47 - 00380618 _____ () C:\Users\Emachines\Downloads\192461-arrow.s02croatian.bdrip.x264demand.zip 2015-05-08 14:27 - 2015-05-08 14:27 - 00000000 ____D () C:\Users\Emachines\Documents\Outlook Files 2015-05-08 14:26 - 2015-05-08 14:26 - 00010541 _____ () C:\Users\Emachines\Downloads\00001.vcf 2015-05-08 14:26 - 2015-05-08 14:25 - 00010541 ____N () C:\Users\Emachines\Desktop\00001.vcf 2015-05-08 13:48 - 2015-05-10 11:24 - 00000000 ____D () C:\Users\Emachines\Desktop\tel1 2015-04-27 19:02 - 2015-04-27 19:03 - 00382455 _____ () C:\Users\Emachines\Downloads\170066-arrow.s01croatian.bdrip.x264demand.zip 2015-04-27 00:26 - 2015-04-27 01:47 - 00000000 ____D () C:\Users\Emachines\Downloads\Arrow Season 1 Complete 480p HDTV x264 [VectoR] 2015-04-26 18:07 - 2015-04-26 18:08 - 00019540 _____ () C:\Users\Emachines\Downloads\[kickass.to]arrow.season.1.complete.480p.hdtv.x264.vector.torrent 2015-04-24 15:37 - 2015-04-24 18:32 - 00000000 ____D () C:\Users\Emachines\Desktop\telefon 2015-04-20 20:45 - 2015-04-20 20:45 - 00016847 _____ () C:\Users\Emachines\Downloads\202843-the.woman.in.black.2.angel.of.death.2014.hdrip.xvid.ac3.hq.hivecm8.zip 2015-04-19 00:23 - 2015-04-19 08:48 - 00000000 ____D () C:\Users\Emachines\Downloads\Breaking Bad - The Complete Season 5 [BDRip-HDTV] + EXTRAS 2015-04-16 00:28 - 2015-04-16 00:49 - 161921742 _____ () C:\Users\Emachines\Downloads\p360.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 16:41 - 2014-10-27 23:36 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2816825837-2188385637-3047774388-1000UA.job 2015-05-16 16:39 - 2012-10-26 07:39 - 00000000 ____D () C:\Users\Emachines\AppData\Roaming\uTorrent 2015-05-16 16:35 - 2012-10-26 07:16 - 01061789 _____ () C:\Windows\WindowsUpdate.log 2015-05-16 16:34 - 2014-09-04 01:09 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini 2015-05-16 16:34 - 2013-01-08 21:42 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2816825837-2188385637-3047774388-1000UA.job 2015-05-16 16:34 - 2012-10-26 07:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-16 14:27 - 2014-10-15 21:18 - 00000000 ____D () C:\Users\Emachines\.umplayer 2015-05-16 13:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Registration 2015-05-16 13:00 - 2014-09-03 15:54 - 00000577 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-05-16 12:41 - 2012-10-26 07:22 - 00000000 ____D () C:\Users\Emachines 2015-05-16 09:18 - 2014-10-27 23:36 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2816825837-2188385637-3047774388-1000Core.job 2015-05-15 20:39 - 2014-06-12 10:31 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-15 20:38 - 2013-01-08 21:42 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2816825837-2188385637-3047774388-1000Core.job 2015-05-14 19:50 - 2014-09-16 15:13 - 00000000 ____D () C:\Users\Emachines\AppData\Local\CrashDumps 2015-05-13 07:39 - 2009-07-14 06:39 - 00083833 _____ () C:\Windows\setupact.log 2015-05-13 01:54 - 2012-10-26 07:40 - 00000000 ____D () C:\Users\Emachines\AppData\Roaming\Skype 2015-05-13 01:18 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-13 01:18 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-13 01:12 - 2014-09-04 01:44 - 00000000 ____D () C:\Users\Emachines\AppData\Roaming\ViberPC 2015-05-13 01:11 - 2015-01-22 00:23 - 00000354 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job 2015-05-13 01:11 - 2014-09-04 01:43 - 00000000 ____D () C:\Users\Emachines\AppData\Local\Viber 2015-05-13 01:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-30 10:25 - 2012-10-26 07:36 - 00002392 _____ () C:\Users\Emachines\Desktop\Google Chrome.lnk 2015-04-27 23:28 - 2012-10-26 07:38 - 00000000 ____D () C:\Users\Emachines\AppData\Roaming\vlc 2015-04-23 23:02 - 2012-10-26 07:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-04-23 23:02 - 2012-10-26 07:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-05-16 13:37 - 2015-05-16 13:48 - 0053210 _____ () C:\Users\Emachines\AppData\Roaming\ICARE.LOG 2015-04-14 14:28 - 2015-04-14 14:28 - 0000001 _____ () C:\Users\Emachines\AppData\Local\llftool.4.40.agreement 2012-12-01 11:54 - 2012-12-01 11:54 - 0000057 _____ () C:\ProgramData\Ament.ini 2010-11-20 23:29 - 2010-11-20 23:29 - 96129024 ___SH (Cvision Technologies) C:\ProgramData\msdgc.exe Files to move or delete: ==================== C:\ProgramData\msdgc.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-10 02:16 ==================== End Of Log ============================ mycity.rs/must-login.png

Profil

Sass Drake Poslao: 16 Maj 2015 20:04 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U toku riješavanja slučaja, zamolio bih te da se pridržavaš sljedećeg: Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima; Ne tražiti istovremeno pomoć na drugom mjestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo; U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio; Ukoliko ne odgovorim u roku od 48h, osvježi temu novim post-om; Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj. Za više informacija o pravilima Ambulante MyCity foruma: LINK Korak 1 Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. Start HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: D - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: F - F:\Windows\Autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {006e4bef-8e6d-11e2-b7cf-806e6f6e6963} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {006e4c18-8e6d-11e2-b7cf-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {092cbc06-f9a9-11e2-bd85-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {9ec3b346-907f-11e2-8446-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d12c0459-1e83-11e2-844e-74de2bd91e0c} - F:\Windows\Autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d4c1e54f-3437-11e4-9b76-74de2bd91e0c} - F:\Windows\Install.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d4c1ea85-3437-11e4-9b76-dc0ea113dddf} - F:\autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {f00603b1-4a15-11e3-a84b-dc0ea113dddf} - D:\AutoRun.exe Startup: C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe [2014-10-15] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2816825837-2188385637-3047774388-1000 -> {5E468D7E-82E3-4C2E-882D-985778FD7DA8} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^ME&apn_uid=655456E7-5552-4F15-BF7C-2CBE06B2F1D6&apn_sauid=555B8762-5738-42DC-B5BC-5F94DB27ABEB CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/mb201?a=6OyY3KbyxA&i=26", "hxxp://badoo.com/startpage/", "hxxp://www.google.com/" CHR Extension: (Image Source) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelhjdehgmblhbdmehhdaijknpemikmo [2014-09-04] C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe C:\ProgramData\msdgc.exe cmd: ipconfig /flushdns cmd: bitsadmin /reset /allusers EmptyTemp: End U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt). Korak 2 Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop Dvoklikom pokreni program. u EULA prozoru klikni na I agree. Klikni na dugme Scan i sačekaj da se završi skeniranje. Klikni na dugme Cleaning i pričekaj da program završi. Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu. Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem. Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl" Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

Profil

markoni_91 Poslao: 17 Maj 2015 02:38 Idi na vrh
offline markoni_91 Građanin Pridružio: 22 Okt 2010 Poruke: 115	1Ovo se svidja korisniku: Mixelotti Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-05-2015 02 Ran by Emachines at 2015-05-17 02:12:42 Run:1 Running from C:\Users\Emachines\Desktop Loaded Profiles: Emachines (Available profiles: Emachines) Boot Mode: Normal ============================================== Content of fixlist: *************** Start HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: D - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: F - F:\Windows\Autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {006e4bef-8e6d-11e2-b7cf-806e6f6e6963} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {006e4c18-8e6d-11e2-b7cf-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {092cbc06-f9a9-11e2-bd85-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {9ec3b346-907f-11e2-8446-74de2bd91e0c} - D:\AutoRun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d12c0459-1e83-11e2-844e-74de2bd91e0c} - F:\Windows\Autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d4c1e54f-3437-11e4-9b76-74de2bd91e0c} - F:\Windows\Install.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {d4c1ea85-3437-11e4-9b76-dc0ea113dddf} - F:\autorun.exe HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\...\MountPoints2: {f00603b1-4a15-11e3-a84b-dc0ea113dddf} - D:\AutoRun.exe Startup: C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe [2014-10-15] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2816825837-2188385637-3047774388-1000 -> {5E468D7E-82E3-4C2E-882D-985778FD7DA8} URL = websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^ME&apn_uid=655456E7-5552-4F15-BF7C-2CBE06B2F1D6&apn_sauid=555B8762-5738-42DC-B5BC-5F94DB27ABEB CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/mb201?a=6OyY3KbyxA&i=26", "hxxp://badoo.com/startpage/", "hxxp://www.google.com/" CHR Extension: (Image Source) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelhjdehgmblhbdmehhdaijknpemikmo [2014-09-04] C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe C:\ProgramData\msdgc.exe cmd: ipconfig /flushdns cmd: bitsadmin /reset /allusers EmptyTemp: End *************** "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => Key deleted successfully. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006e4bef-8e6d-11e2-b7cf-806e6f6e6963}" => Key deleted successfully. HKCR\CLSID\{006e4bef-8e6d-11e2-b7cf-806e6f6e6963} => Key not found. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006e4c18-8e6d-11e2-b7cf-74de2bd91e0c}" => Key deleted successfully. HKCR\CLSID\{006e4c18-8e6d-11e2-b7cf-74de2bd91e0c} => Key not found. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{092cbc06-f9a9-11e2-bd85-74de2bd91e0c}" => Key deleted successfully. HKCR\CLSID\{092cbc06-f9a9-11e2-bd85-74de2bd91e0c} => Key not found. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ec3b346-907f-11e2-8446-74de2bd91e0c}" => Key deleted successfully. HKCR\CLSID\{9ec3b346-907f-11e2-8446-74de2bd91e0c} => Key not found. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d12c0459-1e83-11e2-844e-74de2bd91e0c}" => Key deleted successfully. HKCR\CLSID\{d12c0459-1e83-11e2-844e-74de2bd91e0c} => Key not found. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4c1e54f-3437-11e4-9b76-74de2bd91e0c}" => Key deleted successfully. HKCR\CLSID\{d4c1e54f-3437-11e4-9b76-74de2bd91e0c} => Key not found. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4c1ea85-3437-11e4-9b76-dc0ea113dddf}" => Key deleted successfully. HKCR\CLSID\{d4c1ea85-3437-11e4-9b76-dc0ea113dddf} => Key not found. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f00603b1-4a15-11e3-a84b-dc0ea113dddf}" => Key deleted successfully. HKCR\CLSID\{f00603b1-4a15-11e3-a84b-dc0ea113dddf} => Key not found. C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe => Moved successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-2816825837-2188385637-3047774388-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E468D7E-82E3-4C2E-882D-985778FD7DA8}" => Key deleted successfully. HKCR\CLSID\{5E468D7E-82E3-4C2E-882D-985778FD7DA8} => Key not found. Chrome StartupUrls deleted successfully. C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelhjdehgmblhbdmehhdaijknpemikmo => Moved successfully. "C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe" => File/Directory not found. Could not move "C:\ProgramData\msdgc.exe" => Scheduled to move on reboot. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {60682358-E2F9-43A0-A9CE-E69A2EE04078}. 0 out of 1 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 1.8 GB temporary data. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-17 02:18:27)<= C:\ProgramData\msdgc.exe => Is moved successfully. ==== End of Fixlog 02:18:27 ==== mycity.rs/must-login.png

Profil

Sass Drake Poslao: 17 Maj 2015 10:41 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder: C:\FRST\Quarantine i pošalji ga preko sljedećeg linka: http://www.mycity.rs/ambulanta-upload.php Korak 2 Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

markoni_91 Poslao: 17 Maj 2015 16:28 Idi na vrh
offline markoni_91 Građanin Pridružio: 22 Okt 2010 Poruke: 115	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 17 Maj 2015 15:56 ne moze da se ubaci quarantine ima 64mb Dopuna: 17 Maj 2015 16:28 Malwarebytes Anti-Rootkit BETA 1.09.1.1004 malwarebytes.org Database version: main: v2015.05.17.02 rootkit: v2015.05.16.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.17280 Emachines :: EMACHINES-PC [administrator] 17.5.2015 15:57:32 mbar-log-2015-05-17 (15-57-32).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit \| Drivers \| MBR \| Physical Sectors \| Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken Scan options disabled: Objects scanned: 303290 Time elapsed: 28 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) mycity.rs/must-login.png

Profil

Sass Drake Poslao: 17 Maj 2015 19:26 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li si pakovao u arhivu C:\FRST ili C:\FRST\Quarantine? Preuzmi MCShield sa sljedeće adrese: http://www.mcshield.net/download/MCShield-Setup.exe Instaliraj MCShield i sačekaj da se završi uvodno skeniranje. Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani. Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd. Idi na Start -> All Programs -> MCShield -> Logs -> AllScans Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Shortcut USB unutar USB

Ko je trenutno na forumu

Ukupno su 834 korisnika na forumu :: 8 registrovanih, 1 sakriven i 825 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: comi_pfc, hyla, ILGromovnik, MB120mm, Metanoja, Milos ZA, nenad81, opt1

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by