searches.omiga

searches.omiga

offline
  • Pridružio: 25 Jan 2015
  • Poruke: 33

Napisano: 25 Jan 2015 12:07

Pozdrav svima Ziveli
Hteo sam da instaliram neki dodatak za igricu, ali sam instalirao neku glupost (do sada me je uvek Avast na vreme upozoravao) i umesto Google-a, pretrazivac mi je omiga-plus GUZ - Glavom U Zid
Cime sada da ga skeniram?

Dopuna: 25 Jan 2015 12:10

Zaboravio sam da napisem da sam hteo da skinem Farbar i da postavim izvestaj, ali mi ne da Avast.
Da li da ga iskljucim?

Dopuna: 25 Jan 2015 14:04
Evo, iskljucio sam avast pa sam odradio skeniranje.
mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by BOKI (administrator) on BOKI-PC on 25-01-2015 13:56:41
Running from C:\Users\BOKI\Downloads
Loaded Profiles: BOKI (Available profiles: BOKI)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\UCA\UCA.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(BitTorrent Inc.) C:\Users\BOKI\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6155336 2013-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [12288 2012-04-20] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-10-03] (AVAST Software)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\BOKI\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [uTorrent] => C:\Users\BOKI\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd)
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {6085d8f1-07cf-11e3-9f37-d43d7ebd7db3} - H:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3} - G:\Startme.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c555-092c-11e3-9e96-d43d7ebd7db3} - I:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c87f-092c-11e3-9e96-d43d7ebd7db3} - E:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {8463bdfb-284e-11e3-a466-d43d7ebd7db3} - E:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3776892106-3194915494-1832249852-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014-10-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-09-10]
CHR Extension: (Media Hint) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-01-13]
CHR Extension: (Google документи) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-18]
CHR Extension: (Google диск) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-18]
CHR Extension: (YouTube) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-18]
CHR Extension: (Google претрага) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-18]
CHR Extension: (Video Downloader professional) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2013-10-21]
CHR Extension: (Avast Online Security) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-02]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-05]
CHR Extension: (HD Facebook Video Downloader) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg [2013-10-21]
CHR Extension: (Google новчаник) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-10-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-02] (AVAST Software)
R3 Disc Soft Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-10-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-02] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2013-08-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 13:56 - 2015-01-25 13:57 - 00016266 _____ () C:\Users\BOKI\Downloads\FRST.txt
2015-01-25 13:55 - 2015-01-25 13:56 - 00000000 ____D () C:\FRST
2015-01-25 13:53 - 2015-01-25 13:53 - 00041172 _____ () C:\Windows\PFRO.log
2015-01-25 13:50 - 2015-01-25 13:51 - 02129920 _____ (Farbar) C:\Users\BOKI\Downloads\FRST64.exe
2015-01-25 13:48 - 2015-01-25 13:48 - 01120768 _____ (Farbar) C:\Users\BOKI\Downloads\FRST.exe
2015-01-25 12:12 - 2015-01-25 13:54 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 12:04 - 2015-01-25 12:04 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-25 12:04 - 2015-01-25 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-25 12:04 - 2015-01-25 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 12:04 - 2015-01-25 12:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-25 12:04 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 12:04 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 12:04 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 11:48 - 2015-01-25 11:48 - 00000079 _____ () C:\Windows\wininit.ini
2015-01-25 11:21 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150125-112141.backup
2015-01-24 20:58 - 2015-01-25 11:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-22 21:08 - 2015-01-25 13:53 - 00001008 _____ () C:\Windows\setupact.log
2015-01-22 21:08 - 2015-01-22 21:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-21 22:12 - 2015-01-21 22:20 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\omiga-plus
2015-01-21 22:12 - 2015-01-21 22:20 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\MailUpdate
2015-01-21 22:12 - 2015-01-21 22:12 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-01-20 23:40 - 2015-01-20 23:40 - 00000000 ____D () C:\Users\BOKI\Documents\KONAMI
2015-01-20 23:35 - 2015-01-20 23:35 - 00000000 ____D () C:\ProgramData\KONAMI
2015-01-20 23:35 - 2015-01-20 23:35 - 00000000 ____D () C:\Program Files\KONAMI
2015-01-20 23:00 - 2015-01-20 23:16 - 00000000 ____D () C:\Users\BOKI\Desktop\Pro.Evolution.Soccer.2013.Pavke-RELOADED
2015-01-16 01:05 - 2015-01-16 01:05 - 00952577 _____ () C:\Users\BOKI\Desktop\URGENTNI CENTAR Lekari uspešno obavili transplataciju jetre - Kurir.html
2015-01-16 01:05 - 2015-01-16 01:05 - 00038790 _____ () C:\Users\BOKI\Desktop\Нова успешна трансплантација јетре.html
2015-01-16 01:05 - 2015-01-16 01:05 - 00000000 ____D () C:\Users\BOKI\Desktop\Нова успешна трансплантација јетре_files
2015-01-16 01:05 - 2015-01-16 01:05 - 00000000 ____D () C:\Users\BOKI\Desktop\URGENTNI CENTAR Lekari uspešno obavili transplataciju jetre - Kurir_files
2015-01-14 12:37 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:37 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:37 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:37 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-11 18:05 - 2015-01-11 18:05 - 00000112 _____ () C:\Users\BOKI\AppData\Roaming\JP2K CS6 Prefs
2015-01-11 17:13 - 2015-01-11 18:05 - 00000000 ____D () C:\Users\BOKI\Desktop\mm
2015-01-11 16:20 - 2015-01-11 16:21 - 00000000 ____D () C:\Users\BOKI\Desktop\Ozpedia
2015-01-10 03:04 - 2015-01-10 03:57 - 00000000 ____D () C:\Users\BOKI\Desktop\Hocek
2015-01-10 01:17 - 2015-01-10 02:41 - 00000000 ____D () C:\Program Files\Recuva
2015-01-10 01:17 - 2015-01-10 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-01-08 20:30 - 2015-01-08 20:31 - 00000000 ____D () C:\Users\BOKI\Desktop\Jane Birkin & Serge Gainsbourg - 1969 - Jane Birkin - Serge Gainsbourg
2015-01-08 19:37 - 2015-01-08 19:38 - 00000000 ____D () C:\Users\BOKI\Desktop\The Best Of Disco 80 (2008)[www.By.Garfiel.com]
2015-01-08 01:17 - 2015-01-08 01:17 - 20947994 _____ () C:\Users\BOKI\Desktop\nije-smrt-biciklo-.psd
2015-01-06 23:50 - 2015-01-06 23:50 - 463373885 _____ () C:\Users\BOKI\Desktop\Partizan NIS - Cedevita.mp4
2015-01-03 02:41 - 2015-01-03 23:03 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2015-01-03 02:41 - 2015-01-03 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2015-01-03 02:39 - 2015-01-03 23:03 - 00000000 ____D () C:\Program Files\Topaz Labs
2015-01-03 02:39 - 2015-01-03 02:41 - 00000000 ____D () C:\Program Files\Common Files\Topaz Labs
2015-01-03 01:38 - 2015-01-03 01:39 - 00000000 ____D () C:\Users\BOKI\Desktop\Topaz Photoshop Plugins Bundle July 2014 (32-64 bit) [ChingLiu]
2015-01-02 14:05 - 2015-01-02 14:16 - 3038286450 _____ () C:\Users\BOKI\Desktop\The Interview (1080p).mp4
2014-12-28 01:44 - 2014-12-28 01:44 - 00000000 ____D () C:\Users\BOKI\Desktop\kursevi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 13:57 - 2014-02-04 17:02 - 02038183 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 13:54 - 2014-07-20 21:07 - 00000000 ____D () C:\ProgramData\UCA
2015-01-25 13:54 - 2013-08-18 04:07 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\uTorrent
2015-01-25 13:53 - 2014-09-01 20:15 - 00000000 ____D () C:\Windows\Sun
2015-01-25 13:53 - 2014-08-28 21:40 - 00000000 ____D () C:\Program Files\globalUpdate
2015-01-25 13:53 - 2013-08-18 01:58 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 13:53 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 13:47 - 2013-11-04 18:44 - 00000000 __SHD () C:\Program Files\MPK
2015-01-25 13:47 - 2013-08-21 06:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-25 11:58 - 2013-08-18 01:58 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 11:15 - 2013-08-18 03:02 - 00000000 ____D () C:\Users\BOKI\AppData\Local\Adobe
2015-01-24 17:31 - 2009-07-14 05:34 - 00020544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 17:31 - 2009-07-14 05:34 - 00020544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 22:22 - 2013-08-17 06:10 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-21 22:20 - 2013-08-18 02:03 - 00002091 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-21 22:20 - 2013-08-17 06:00 - 00001417 _____ () C:\Users\BOKI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-21 01:54 - 2013-08-17 06:00 - 00000000 ____D () C:\Users\BOKI
2015-01-20 23:38 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 21:56 - 2013-08-17 21:56 - 00000000 ____D () C:\Users\BOKI\AppData\Roaming\Adobe
2015-01-17 13:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 00:39 - 2014-08-30 14:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:32 - 2014-08-30 14:26 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 00:30 - 2013-08-17 06:01 - 00787764 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 22:02 - 2014-12-08 21:48 - 00000000 ____D () C:\Users\BOKI\Desktop\Kalendar, baneri itd
2015-01-13 18:15 - 2014-11-16 16:53 - 00000000 ____D () C:\Users\BOKI\Desktop\Adobe Photoshop CC 2014 (32 bit) ((zabranjeno)) [ChingLiu]
2015-01-11 17:16 - 2014-11-09 11:27 - 00001456 _____ () C:\Users\BOKI\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-09 01:05 - 2009-07-14 05:33 - 03808232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 19:59 - 2013-08-17 06:20 - 00091568 _____ () C:\Users\BOKI\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-06 04:36 - 2013-08-17 06:32 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 19:41 - 2014-05-18 23:26 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-03 19:41 - 2013-10-14 16:43 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-01-03 19:41 - 2013-08-17 07:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-03 19:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-02 21:31 - 2014-11-06 18:35 - 00000000 ____D () C:\Users\BOKI\Desktop\IT Akademija
2015-01-02 02:11 - 2013-10-14 16:44 - 00000000 ____D () C:\Users\BOKI\Documents\Visual Studio 2008
2015-01-01 02:39 - 2013-08-17 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-28 01:45 - 2014-10-20 21:33 - 00000000 ____D () C:\Users\BOKI\Desktop\GRUPA JNA - CRNO-BELI RANDEVU

==================== Files in the root of some directories =======

2014-02-24 00:47 - 2014-02-24 21:23 - 0000132 _____ () C:\Users\BOKI\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-10-18 22:24 - 2013-10-18 22:24 - 0000052 _____ () C:\Users\BOKI\AppData\Roaming\Camdata.ini
2013-10-18 22:24 - 2013-10-18 22:24 - 0000408 _____ () C:\Users\BOKI\AppData\Roaming\CamLayout.ini
2013-10-18 22:24 - 2013-10-18 22:24 - 0000408 _____ () C:\Users\BOKI\AppData\Roaming\CamShapes.ini
2013-10-18 22:24 - 2013-10-18 22:24 - 0004510 _____ () C:\Users\BOKI\AppData\Roaming\CamStudio.cfg
2015-01-11 18:05 - 2015-01-11 18:05 - 0000112 _____ () C:\Users\BOKI\AppData\Roaming\JP2K CS6 Prefs
2014-11-09 11:27 - 2015-01-11 17:16 - 0001456 _____ () C:\Users\BOKI\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-27 12:13 - 2013-12-27 12:13 - 0000000 ___SH () C:\Users\BOKI\AppData\Local\LumaEmu
2013-09-10 21:55 - 2013-11-04 20:54 - 0000722 _____ () C:\ProgramData\hpzinstall.log
2014-06-13 19:26 - 2014-09-17 16:41 - 11224242 _____ () C:\ProgramData\OfflineCatalogue_1_2014_FEBI_CD.log

Files to move or delete:
====================
C:\Users\BOKI\jagex_cl_runescape_LIVE.dat
C:\Users\BOKI\random.dat


Some content of TEMP:
====================
C:\Users\BOKI\AppData\Local\Temp\drm_dialogs.dll
C:\Users\BOKI\AppData\Local\Temp\DSSExp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-12-10 15:16

==================== End Of Log ============================

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

() C:\ProgramData\UCA\UCA.exe
HKLM\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {6085d8f1-07cf-11e3-9f37-d43d7ebd7db3} - H:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3} - G:\Startme.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c555-092c-11e3-9e96-d43d7ebd7db3} - I:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c87f-092c-11e3-9e96-d43d7ebd7db3} - E:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {8463bdfb-284e-11e3-a466-d43d7ebd7db3} - E:\Startme.exe
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR Extension: (HP Product Detection Plugin) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-09-10]
CHR Extension: (Media Hint) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-01-13]
CHR Extension: (HD Facebook Video Downloader) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg [2013-10-21]
Task: {B8BD969A-759D-4198-AF8B-9969D558CC05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
AlternateDataStreams: C:\ProgramData\Temp:456A69E6
AlternateDataStreams: C:\ProgramData\Temp:FF566C71
C:\ProgramData\UCA
C:\Program Files\globalUpdate
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 25 Jan 2015
  • Poruke: 33

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by BOKI at 2015-01-25 20:30:24 Run:1
Running from C:\Users\BOKI\Desktop
Loaded Profiles: BOKI (Available profiles: BOKI)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\ProgramData\UCA\UCA.exe
HKLM\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\Run: [UCA Start] => C:\ProgramData\UCA\UCA.exe [2601472 2014-07-20] ()
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {6085d8f1-07cf-11e3-9f37-d43d7ebd7db3} - H:\autorun.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3} - G:\Startme.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c555-092c-11e3-9e96-d43d7ebd7db3} - I:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {69d3c87f-092c-11e3-9e96-d43d7ebd7db3} - E:\setup.exe
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\...\MountPoints2: {8463bdfb-284e-11e3-a466-d43d7ebd7db3} - E:\Startme.exe
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3776892106-3194915494-1832249852-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = isearch.omiga-plus.com/web/?utm_source=b&am.....ult&q={searchTerms}
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR Extension: (HP Product Detection Plugin) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-09-10]
CHR Extension: (Media Hint) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-01-13]
CHR Extension: (HD Facebook Video Downloader) - C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg [2013-10-21]
Task: {B8BD969A-759D-4198-AF8B-9969D558CC05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
AlternateDataStreams: C:\ProgramData\Temp:456A69E6
AlternateDataStreams: C:\ProgramData\Temp:FF566C71
C:\ProgramData\UCA
C:\Program Files\globalUpdate
EmptyTemp:
*****************

[3692] C:\ProgramData\UCA\UCA.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UCA Start => value deleted successfully.
HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UCA Start => value deleted successfully.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6085d8f1-07cf-11e3-9f37-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{6085d8f1-07cf-11e3-9f37-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{67abd9dc-c8b8-11e3-b08a-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69d3c555-092c-11e3-9e96-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{69d3c555-092c-11e3-9e96-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69d3c87f-092c-11e3-9e96-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{69d3c87f-092c-11e3-9e96-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463bdfb-284e-11e3-a466-d43d7ebd7db3}" => Key deleted successfully.
HKCR\CLSID\{8463bdfb-284e-11e3-a466-d43d7ebd7db3} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found.
"HKU\S-1-5-21-3776892106-3194915494-1832249852-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
Chrome DefaultSearchKeyword deleted successfully.
C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp => Moved successfully.
C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja => Moved successfully.
C:\Users\BOKI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8BD969A-759D-4198-AF8B-9969D558CC05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8BD969A-759D-4198-AF8B-9969D558CC05}" => Key deleted successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => Key deleted successfully.
C:\ProgramData\Temp => ":456A69E6" ADS removed successfully.
C:\ProgramData\Temp => ":FF566C71" ADS removed successfully.
C:\ProgramData\UCA => Moved successfully.
C:\Program Files\globalUpdate => Moved successfully.
EmptyTemp: => Removed 436.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:31:00 ====

mycity.rs/must-login.png
Odradjeno sve, sada mi je pretrazivac Google Ziveli
Sada mi pretrazuje preko Google-a Ziveli
Desavalo mi se da samo odjednom izadje iz svega, videcu da li ce se desavati sada...
Hvala puno smešak

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Odradićemo još i ARK provjeru.


Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 25 Jan 2015
  • Poruke: 33

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
malwarebytes.org

Database version:
main: v2015.01.25.10
rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
BOKI :: BOKI-PC [administrator]

25.1.2015 21:11:28
mbar-log-2015-01-25 (21-11-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 308029
Time elapsed: 12 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


mycity.rs/must-login.png

Nije pronasao nista, postavio sam izvestaje.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 25 Jan 2015
  • Poruke: 33

Odradjeno sve, hvala puno!

Ko je trenutno na forumu
 

Ukupno su 945 korisnika na forumu :: 10 registrovanih, 0 sakrivenih i 935 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, branko7, Hans Gajger, kybonacci, milos.cbr, nemkea71, Neutral-M, pein, Regrut Boskica, VJ