Problem s razor web ads

1

Problem s razor web ads

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

Napisano: 31 Maj 2015 22:12

Pozdrav! Imam problem sa razor web ads. Kad u google tražilicu ukucam bilo što on se pojavi, otvara pop-upove itd.
Pokušao sam riješiti problem preko malwarebytes, ali bez uspjeha.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Administrator (administrator) on CZC1388KT4 on 31-05-2015 22:10:09
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Agfa & Dr Miljko & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agfa Healthcare) C:\Program Files\Agfa\GTIClient\AutoUpdateService\AutoUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Agfa Healthcare Inc.) C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Agfa HealthCare) C:\Program Files\Agfa\GTIClient\GTIConsole\GtiConsole.exe
(IObit) C:\Users\Administrator\Desktop\Advanced SystemCare 5\ASCTray.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Agfa\java\jre1.6.0.27\bin\javaw.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Agfa\java\jre1.6.0.27\bin\javaw.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\microsoft office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10143264 2010-04-01] (Realtek Semiconductor)
HKLM\...\Run: [GTIConsole] => C:\Program Files\Agfa\GTIClient\GTIConsole\GTIConsole.exe [172032 2011-10-31] (Agfa HealthCare)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2837864 2010-06-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-680020611-101842545-878744919-500\...\Run: [Advanced SystemCare 5] => C:\Users\Administrator\Desktop\Advanced SystemCare 5\ASCTray.exe [574296 2012-03-06] (IObit)
HKU\S-1-5-21-680020611-101842545-878744919-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-13] (Google Inc.)
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: D - D:\autorun.exe /d
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {26902da8-0632-11e1-a412-3cd92b76e7c7} - D:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {981a41b8-98df-11e1-a034-3cd92b76e7c7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7} - F:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clinapps.lnk [2015-04-14]
ShortcutTarget: Clinapps.lnk -> C:\Program Files (x86)\Agfa\Clinapps\4.1.38.0\JVision\RUN.BAT ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-03-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-06-28] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = g.msn.com/HPCOM/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
HKU\S-1-5-21-680020611-101842545-878744919-500\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/?fr=vmn&type=vmn__webcompa__.....0531__yaie
HKU\S-1-5-21-680020611-101842545-878744919-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {31067203-8BE4-44B4-A0EA-D984CA90DA6C} URL = websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=en_BA&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^BA&apn_uid=69eb7bda-3359-4208-a630-1d2ceca1bfbc&apn_sauid=DACC4D8C-04E9-4078-BADE-7F9F5D05AC7E
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = blekko.com/ws/?source=a92683ac&tbp=rbox&too.....DCAD955&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {5721BCE3-2CA1-419C-AE85-773A3D58297E} URL = searchou.com/?q={searchTerms}&id=42b2bbec0000000000003cd92b76e7c7&affilt=5&r=964
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vmn__w.....1__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {CF39FD93-D986-4E39-B731-9866423DF238} URL = search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-04-18] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-11] (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\microsoft office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-04-18] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-04] (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-04-18] (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-04-18] (AVAST Software)
DPF: HKLM-x32 {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///D:/CDVIEWER/CdViewer.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{74983563-4D23-45AD-A881-BD1D31A4F55A}: [NameServer] 8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-680020611-101842545-878744919-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-680020611-101842545-878744919-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-11-04]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGFA IMPAX GTI AutoUpdateService; C:\Program Files\Agfa\GTIClient\AutoUpdateService\AutoUpdateService.exe [9216 2011-10-31] (Agfa Healthcare) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-04-18] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PACS Client Updater; C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [36864 2011-07-06] (Agfa Healthcare Inc.) [File not signed]
R2 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [1519168 2008-08-30] (UltraVNC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-04-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [64344 2011-04-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-04-18] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [600920 2011-04-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [287064 2011-04-18] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53592 2011-04-18] (AVAST Software)
S3 b7atikmdag; C:\Windows\System32\DRIVERS\b7atikmdag.sys [5832560 2011-05-06] (ATI Technologies Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-05-31] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S1 SASDIFSV; \??\E:\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\SUPERAntiSpyware\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 22:10 - 2015-05-31 22:10 - 00016247 _____ () C:\Users\Administrator\Downloads\FRST.txt
2015-05-31 22:09 - 2015-05-31 22:10 - 00000000 ____D () C:\FRST
2015-05-31 22:09 - 2015-05-31 22:09 - 02108928 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-05-31 22:00 - 2015-05-31 22:00 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2015-05-31 21:57 - 2015-05-31 21:57 - 00001088 _____ () C:\Users\Administrator\Desktop\RegHunter.lnk
2015-05-31 21:57 - 2015-05-31 21:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2015-05-31 21:57 - 2015-05-31 21:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Enigma Software Group
2015-05-31 21:57 - 2015-05-31 21:57 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-31 21:56 - 2015-05-31 21:56 - 11230592 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\RegHunter-Installer.exe
2015-05-31 21:51 - 2015-05-31 21:51 - 00001584 _____ () C:\Windows\PFRO.log
2015-05-31 21:51 - 2015-05-31 21:51 - 00000056 _____ () C:\Windows\setupact.log
2015-05-31 21:51 - 2015-05-31 21:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-31 21:43 - 2015-05-31 21:50 - 00019305 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 21:03 - 2015-05-31 21:03 - 00029778 _____ () C:\Users\Administrator\Documents\cc_20150531_210313.reg
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\ProgramData\ATI
2015-05-31 20:40 - 2015-05-31 21:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 20:39 - 2015-05-31 20:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-31 20:39 - 2015-05-31 20:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 20:39 - 2015-05-31 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 20:39 - 2015-05-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-31 20:39 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-31 20:39 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 20:39 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\Documents\Sports Interactive
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\Documents\CPY_SAVES
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Sports Interactive
2015-05-31 08:17 - 2015-05-31 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sports Interactive
2015-05-31 08:13 - 2015-05-31 20:57 - 00002896 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-31 08:13 - 2015-05-31 20:57 - 00002896 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-31 08:13 - 2015-05-31 08:13 - 00000278 _____ () C:\prefs.js
2015-05-31 08:13 - 2015-05-31 08:13 - 00000000 ____D () C:\searchplugins
2015-05-31 08:13 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-05-31 08:13 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-05-31 08:12 - 2015-05-31 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-31 08:11 - 2015-05-31 21:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2015-05-31 08:11 - 2015-05-31 08:13 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-05-31 08:11 - 2015-05-31 08:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\RHEng
2015-05-31 08:11 - 2015-05-31 08:11 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-05-31 08:06 - 2015-05-31 08:06 - 01709792 _____ (Disc Soft Ltd.) C:\Users\Administrator\Downloads\DTLiteInstaller.exe
2015-05-31 07:48 - 2015-05-31 07:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Steam
2015-05-31 07:46 - 2015-05-31 07:46 - 01142128 _____ () C:\Users\Administrator\Downloads\SteamSetup.exe
2015-05-28 11:42 - 2015-05-28 11:42 - 00000000 ____D () C:\Users\Administrator\Desktop\DR MILJKO-MEŠA svibanj 2015
2015-05-27 13:36 - 2015-05-27 13:36 - 00000000 ____D () C:\Users\Administrator\Desktop\FZS ispiti svibanj 2015
2015-05-27 13:23 - 2015-05-27 13:36 - 00000000 ____D () C:\Users\Administrator\Documents\FZS ispiti svibanj 2015
2015-05-26 12:26 - 2015-05-26 12:27 - 00000000 ____D () C:\Users\Administrator\Desktop\tttg
2015-05-26 12:22 - 2015-05-26 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\Photoshop
2015-05-26 12:22 - 2015-05-26 12:22 - 00000000 ____D () C:\Windows\XSxS
2015-05-26 12:22 - 2011-05-02 07:04 - 171502133 _____ (Adobe Systems, Incorporated) C:\Users\Administrator\Desktop\Photoshop.exe
2015-05-25 11:28 - 2015-05-25 12:27 - 00000000 ____D () C:\Users\Administrator\Downloads\Toto Cutugno - Greatest Hits ( Disco, Dance, Pop ) 2014 @ 320
2015-05-25 11:27 - 2015-05-25 11:27 - 00017886 _____ () C:\Users\Administrator\Downloads\[kat.cr]toto.cutugno.greatest.hits.disco.dance.pop.2014.320.torrent
2015-05-22 11:47 - 2015-05-22 11:47 - 00000000 ____D () C:\Users\Administrator\Desktop\10^RTG snimak 2 exp_-lijevo koljeno,_246965
2015-05-19 13:26 - 2015-05-19 13:26 - 00000000 ____D () C:\Users\Administrator\Desktop\Ciljani snimak-kraniogram,_395494
2015-05-19 12:29 - 2005-03-26 21:40 - 03855660 _____ () C:\Users\Administrator\Desktop\Zlatan.wmv
2015-05-19 07:19 - 2015-04-29 23:06 - 00084005 _____ () C:\Users\Administrator\Desktop\Moonrise.Kingdom.2012.720p.BluRay.x264.YIFY.srt
2015-05-18 13:50 - 2015-05-18 13:50 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680020611-101842545-878744919-500Core1d09160e851193c.job
2015-05-13 08:28 - 2015-05-13 08:28 - 00000000 ____D () C:\Users\Administrator\Desktop\RTG snimak 2 exp_-desno koljeno,_392965
2015-05-12 09:25 - 2015-05-12 09:25 - 13716992 _____ () C:\Users\Administrator\Downloads\digitalna radiologija (1).ppt
2015-05-04 11:03 - 2015-05-04 11:04 - 13713920 _____ () C:\Users\Administrator\Downloads\digitalna radiologija.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 21:58 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 21:58 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 21:55 - 2009-07-14 07:13 - 00727202 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 21:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-31 21:02 - 2013-01-17 09:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-05-31 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-31 20:54 - 2013-06-19 12:20 - 00000000 ____D () C:\Users\Administrator\Downloads\CT ante
2015-05-31 20:51 - 2013-07-29 21:35 - 00000000 ____D () C:\Program Files (x86)\Rapider
2015-05-31 20:51 - 2013-07-02 11:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\BabSolution
2015-05-31 20:39 - 2013-03-07 13:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 19:21 - 2011-11-24 19:26 - 00000000 ____D () C:\Users\Public\Impax
2015-05-31 18:40 - 2011-11-04 15:26 - 00012087 _____ () C:\Users\Administrator\jinitiator13122.trace
2015-05-31 18:39 - 2011-10-11 23:47 - 00000000 ____D () C:\Users\Administrator
2015-05-28 13:31 - 2011-11-30 13:15 - 00000000 ____D () C:\Users\Administrator\.VirtualBox
2015-05-28 12:23 - 2015-04-13 09:00 - 00000000 ____D () C:\Users\Administrator\Desktop\Prikazi slučaja
2015-05-26 07:32 - 2012-05-23 11:32 - 00002410 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2015-05-25 12:33 - 2011-12-27 17:55 - 00000000 ____D () C:\Users\Administrator\Documents\MR nalazi mix
2015-05-19 13:09 - 2011-11-10 18:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Nalazi za dežuru
2015-05-18 13:50 - 2015-02-05 04:39 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680020611-101842545-878744919-500Core1d040ecf081b1d8.job
2015-05-18 13:07 - 2013-03-08 09:58 - 00000000 ____D () C:\Users\Administrator\Documents\Case report mix
2015-05-14 13:45 - 2015-04-02 11:27 - 00000000 ____D () C:\Users\Administrator\Desktop\UZORAK
2015-05-11 10:12 - 2014-06-26 16:47 - 00000000 ____D () C:\Users\Administrator\Documents\UZV-Dragan Mijatović
2015-05-08 07:31 - 2014-01-16 11:12 - 00000000 ____D () C:\DOCENT

==================== Files in the root of some directories =======

2011-10-11 23:47 - 2011-08-29 23:00 - 0003625 _____ () C:\Users\Administrator\AppData\Roaming\UserTile.png
2015-02-09 12:28 - 2015-02-09 12:28 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-27 16:12 - 2011-11-27 16:12 - 0004096 ____H () C:\Users\Administrator\AppData\Local\keyfile3.drm

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\bitool.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-01 01:04

==================== End of log ============================
mycity.rs/must-login.png

Dopuna: 31 Maj 2015 22:40

Molim vas može li pomoć?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

probacemo da pomognemo.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
Task: {03E9FDC2-32B4-4D76-9404-DC663A7B0D91} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {2501F68E-AA5A-488D-9FCA-2F3E9F8AB638} - \BrowserDefendert No Task File <==== ATTENTION
Task: {4B18ABF9-FC84-42B9-86B7-F198E739FA0E} - System32\Tasks\4790 => Wscript.exe C:\Users\ADMINI~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {79AF4651-B27A-4A6A-B47D-5709BB765F5D} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {B2D4C013-57D1-4E67-885B-8E8096C7DA9C} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {F64F9F7E-61E6-43A6-8B27-F4CCC952D25E} - \EPUpdater No Task File <==== ATTENTION
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: D - D:\autorun.exe /d
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {26902da8-0632-11e1-a412-3cd92b76e7c7} - D:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {981a41b8-98df-11e1-a034-3cd92b76e7c7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7} - F:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = http://eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
S1 SASDIFSV; \??\E:\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\SUPERAntiSpyware\SASKUTIL.SYS [X]
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = http://eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = http://eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {31067203-8BE4-44B4-A0EA-D984CA90DA6C} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=en_BA&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^BA&apn_uid=69eb7bda-3359-4208-a630-1d2ceca1bfbc&apn_sauid=DACC4D8C-04E9-4078-BADE-7F9F5D05AC7E
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/ws/?source=a92683ac&tbp=rbox&too.....DCAD955&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {5721BCE3-2CA1-419C-AE85-773A3D58297E} URL = http://searchou.com/?q={searchTerms}&id=42b2bbec0000000000003cd92b76e7c7&affilt=5&r=964
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {CF39FD93-D986-4E39-B731-9866423DF238} URL = http://search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [Not Found]
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-05-31 23:15:41 Run:1
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Agfa & Dr Miljko & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {03E9FDC2-32B4-4D76-9404-DC663A7B0D91} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {2501F68E-AA5A-488D-9FCA-2F3E9F8AB638} - \BrowserDefendert No Task File <==== ATTENTION
Task: {4B18ABF9-FC84-42B9-86B7-F198E739FA0E} - System32\Tasks\4790 => Wscript.exe C:\Users\ADMINI~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {79AF4651-B27A-4A6A-B47D-5709BB765F5D} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {B2D4C013-57D1-4E67-885B-8E8096C7DA9C} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {F64F9F7E-61E6-43A6-8B27-F4CCC952D25E} - \EPUpdater No Task File <==== ATTENTION
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: D - D:\autorun.exe /d
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {26902da8-0632-11e1-a412-3cd92b76e7c7} - D:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {981a41b8-98df-11e1-a034-3cd92b76e7c7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7} - F:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
S1 SASDIFSV; \??\E:\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\SUPERAntiSpyware\SASKUTIL.SYS [X]
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {31067203-8BE4-44B4-A0EA-D984CA90DA6C} URL = websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=en_BA&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^BA&apn_uid=69eb7bda-3359-4208-a630-1d2ceca1bfbc&apn_sauid=DACC4D8C-04E9-4078-BADE-7F9F5D05AC7E
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = blekko.com/ws/?source=a92683ac&tbp=rbox&too.....DCAD955&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {5721BCE3-2CA1-419C-AE85-773A3D58297E} URL = searchou.com/?q={searchTerms}&id=42b2bbec0000000000003cd92b76e7c7&affilt=5&r=964
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {CF39FD93-D986-4E39-B731-9866423DF238} URL = search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [Not Found]
EmptyTemp:
*****************

Error: (0) Failed to create a restore point.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03E9FDC2-32B4-4D76-9404-DC663A7B0D91}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03E9FDC2-32B4-4D76-9404-DC663A7B0D91}" => key Removed successfully
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2501F68E-AA5A-488D-9FCA-2F3E9F8AB638}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2501F68E-AA5A-488D-9FCA-2F3E9F8AB638}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B18ABF9-FC84-42B9-86B7-F198E739FA0E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B18ABF9-FC84-42B9-86B7-F198E739FA0E}" => key Removed successfully
C:\Windows\System32\Tasks\4790 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4790" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79AF4651-B27A-4A6A-B47D-5709BB765F5D}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79AF4651-B27A-4A6A-B47D-5709BB765F5D}" => key Removed successfully
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2D4C013-57D1-4E67-885B-8E8096C7DA9C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2D4C013-57D1-4E67-885B-8E8096C7DA9C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F64F9F7E-61E6-43A6-8B27-F4CCC952D25E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F64F9F7E-61E6-43A6-8B27-F4CCC952D25E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => key Removed successfully
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key Removed successfully
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26902da8-0632-11e1-a412-3cd92b76e7c7}" => key Removed successfully
HKCR\CLSID\{26902da8-0632-11e1-a412-3cd92b76e7c7} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{981a41b8-98df-11e1-a034-3cd92b76e7c7}" => key Removed successfully
HKCR\CLSID\{981a41b8-98df-11e1-a034-3cd92b76e7c7} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7}" => key Removed successfully
HKCR\CLSID\{cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
SASDIFSV => Service Removed successfully
SASKUTIL => Service Removed successfully
HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F7C283B-348A-478B-AE02-8F5DD7E12918}" => key Removed successfully
HKCR\CLSID\{2F7C283B-348A-478B-AE02-8F5DD7E12918} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31067203-8BE4-44B4-A0EA-D984CA90DA6C}" => key Removed successfully
HKCR\CLSID\{31067203-8BE4-44B4-A0EA-D984CA90DA6C} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => key Removed successfully
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5721BCE3-2CA1-419C-AE85-773A3D58297E}" => key Removed successfully
HKCR\CLSID\{5721BCE3-2CA1-419C-AE85-773A3D58297E} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF39FD93-D986-4E39-B731-9866423DF238}" => key Removed successfully
HKCR\CLSID\{CF39FD93-D986-4E39-B731-9866423DF238} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj" => key Removed successfully
EmptyTemp: => Removed 187.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:15:56 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

Evo stavio sam da ga scan-ira i čekam već 15 min, samo piše ovo: Waiting for action. Please uncheck elements you want to keep. Jel to ok?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Pa ako je zavrsio sa skeniranjem, klikni na cleaning/clean.

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

Napisano: 31 Maj 2015 23:42

Isto i dalje...

Dopuna: 31 Maj 2015 23:43

Bez ikakvih promjena... Sad

Dopuna: 31 Maj 2015 23:45



Dopuna: 31 Maj 2015 23:46

Sve puno reklama koje neprestano iskaču, kad hoću nešto proguglati izbacuje mi svoje stranice prije onoga što sam tražio, otvara nove tabove... Katastrofa.

Dopuna: 31 Maj 2015 23:48

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Ne predajemo se. Smile

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

 
emptyalltemp;
autoclean;
resethosts;
emptyclsid;
emptyfolderscheck;delete


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

Ko je trenutno na forumu
 

Ukupno su 1060 korisnika na forumu :: 21 registrovanih, 6 sakrivenih i 1033 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, aleksmajstor, babaroga, Bane san, dane007, DPera, esx66, Georgius, Hans Gajger, HogarStrashni, Istman, ladro, laurusri, Milan A. Nikolic, proka89, samsung, sombrero, Stanlio, Steeeefan, Vlada78, vladulns