Možda tražite i:
Verovatni virus - manifestacija na browser-ima
Provera loga-mozda virus
provera radi virusa

MyCity » Ambulanta -> Arhiva Ambulante » Browser problem, virus ili...provera

Browser problem, virus ili...provera

Napisano na dan: 23.6.2018

Browser problem, virus ili...provera

Odgovori

lanmi1983 Poslao: 23 Jun 2018 11:38 Idi na vrh
offline lanmi1983 Građanin Pridružio: 28 Feb 2009 Poruke: 190 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: U poslednje vreme komp izbaci sledecu poruku: "A script on this page is causing your web browser to run slowly. If it continues to run your computer might become unresponsive." Skenirao sam komp sa AdwCleaner koji je odradio ciscenje, medjutim nakon restarta kompa, nikakav program nisam mogao da pokrenem, i nisam imao internet konekciju. Uradio sam system restore nakn cega je profunkcionisalo. Pre nego sto sam uradio system restore, Adw cleaner je nasao i ocistio sledece: # ------------------------------- # Malwarebytes AdwCleaner 7.2.0.0 # ------------------------------- # Build: 06-05-2018 # Database: 2018-06-22.2 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-23-2018 # Duration: 00:00:04 # OS: Windows 8.1 Pro # Cleaned: 24 # Failed: 0 *** [ Services ] * No malicious services cleaned. * [ Folders ] * Deleted C:\Users\lanmilan\Start Menu\Programs\SpyHunter Deleted C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter Deleted C:\sh4ldr Deleted C:\Program Files\Enigma Software Group Deleted C:\Users\lanmilan\AppData\Roaming\Enigma Software Group * [ Files ] * No malicious files cleaned. * [ DLL ] * No malicious DLLs cleaned. * [ WMI ] * No malicious WMI cleaned. * [ Shortcuts ] * No malicious shortcuts cleaned. * [ Tasks ] * No malicious tasks cleaned. * [ Registry ] * Deleted HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{362C53F9-60F9-4CE9-B531-DADC9B4831B4} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{57A8307A-187C-4C8D-9D04-6F26ABB1805A} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{9F330F6C-AD7F-4F98-BEEA-299BE7C2548E} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{B8C8D5FF-212F-4208-A9CF-1476647681E8} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{A4519958-042A-4F5F-B66E-55F8D2A17C9F} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{4ADAC891-571C-444F-8814-1CCE34B9B1EE} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{3774A8AB-46E0-4C33-90F5-EB160CB46124} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{C23012AC-54CC-4F48-AE1F-ED00D618468F} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{C39903E0-21D6-4263-AB65-3A41A276B222} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{99E9A92E-B5A8-4EEE-8C26-CA2A37204C4A} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{403265C5-08CF-4950-85B9-1E6A7711BE05} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\|{4CE2D9B2-AFAA-4D2D-ABCC-E79900E2F96C} Deleted HKCU\Software\Norassie Deleted HKLM\Software\EnigmaSoftwareGroup * [ Chromium (and derivatives) ] * No malicious Chromium entries cleaned. * [ Chromium URLs ] * Deleted Ask Deleted Ask Deleted AOL Deleted AOL * [ Firefox (and derivatives) ] * No malicious Firefox entries cleaned. * [ Firefox URLs ] * No malicious Firefox URLs cleaned. ********************* [+] Delete Tracing Keys [+] Reset Winsock *********************** AdwCleaner[S00].txt - [3884 octets] - [23/06/2018 10:52:52] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018 Ran by lanmilan (administrator) on LANMI (23-06-2018 12:23:03) Running from C:\Users\lanmilan\Desktop Loaded Profiles: lanmilan & Guest (Available Profiles: lanmilan & Guest) Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286992 2016-01-31] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] () HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] () HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\Run: [Viber] => C:\Users\lanmilan\AppData\Local\Viber\Viber.exe [40255560 2018-06-01] (Viber Media S.Ã r.l.) HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd) HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654736 2018-06-05] (Skype Technologies S.A.) HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [1367552 2018-05-14] (Adobe Systems Incorporated) HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {1e711659-4ee8-11e8-8535-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {2c339170-018f-11e6-82f1-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {565db1bd-083a-11e8-84f9-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {565db2b1-083a-11e8-84f9-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {8158f5ee-89c0-11e7-8478-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {91c38a27-a4dd-11e5-82a0-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {b20e9c13-6b2a-11e8-8558-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {e9155fcb-d1a7-11e5-82c2-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {e9b455a4-a022-11e5-8297-d05099535c6a} - "F:\iLinker.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {e9d6ba03-2f23-11e6-8323-d05099535c6a} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3318695099-3213434911-3798809956-501\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654736 2018-06-05] (Skype Technologies S.A.) HKU\S-1-5-21-3318695099-3213434911-3798809956-501\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-01-31] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-10-23] ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar958.lnk [2018-06-23] ShortcutTarget: Sidebar958.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C7CA8F6A-45AC-4C20-98C8-2E85F4104A01}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-17] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-18] (Wondershare) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 5khn7kk6.default FF ProfilePath: C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default [2018-06-23] FF Homepage: Mozilla\Firefox\Profiles\5khn7kk6.default -> google.rs FF Extension: (Hide My IP) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\admin@myprivacytools.com.xpi [2018-02-19] FF Extension: (anonymoX) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\client@anonymox.net.xpi [2018-01-13] FF Extension: (Facebook Color Changer) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\jid0-Eyur3vR97jbHklhdHVBnn9OBILU@jetpack.xpi [2015-08-17] [Legacy] FF Extension: (youtubetmadblock) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2017-03-17] FF Extension: (Avast SafePrice) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\sp@avast.com.xpi [2018-06-23] FF Extension: (Avast Online Security) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\wrc@avast.com.xpi [2018-06-23] FF Extension: (Qualys BrowserCheck) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2015-12-10] [Legacy] [not signed] FF Extension: (Adblock Plus) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-18] FF Extension: (Mp3fromYoutube) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ad}.xpi [2017-10-01] FF SearchPlugin: C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\searchplugins\firefox-add-ons.xml [2015-08-17] FF ProfilePath: C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default [2018-06-23] FF Homepage: Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default -> google.rs FF Extension: (ADB Helper) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\adbhelper@mozilla.org [2018-02-17] [Legacy] FF Extension: (anonymoX) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\client@anonymox.net.xpi [2018-02-17] [Legacy] FF Extension: (Valence) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\fxdevtools-adapters@mozilla.org [2018-02-17] [Legacy] FF Extension: (AdBlocker for YouTube™) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2018-02-17] FF Extension: (Avast SafePrice) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\sp@avast.com.xpi [2018-04-12] FF Extension: (Avast Online Security) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\wrc@avast.com.xpi [2017-11-14] FF Extension: (ChatZilla) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-09-28] [Legacy] FF Extension: (Adblock Plus) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-02-17] FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-12-16] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-15] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-15] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-01-31] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-01-31] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.) FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File] FF Plugin HKU\S-1-5-21-3318695099-3213434911-3798809956-1001: SkypePlugin -> C:\Users\lanmilan\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-3318695099-3213434911-3798809956-1001: SkypePlugin64 -> C:\Users\lanmilan\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.) Chrome: ======= CHR Profile: C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default [2018-06-23] CHR Extension: (Slides) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-11] CHR Extension: (AdGuard AdBlocker) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-04-11] CHR Extension: (Skype Calling) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-06-11] CHR Extension: (YouTube) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-11] CHR Extension: (Adobe Acrobat) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-11] CHR Extension: (Sheets) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Docs Offline) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-11] CHR Extension: (Avast Online Security) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-20] CHR Extension: (Lightshot (screenshot tool)) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-01-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-11] CHR Extension: (Chrome Media Router) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-17] (AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] () R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2016-01-31] (RealNetworks, Inc.) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-17] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-12] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-12] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-12] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-12] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-17] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-17] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-17] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-17] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-17] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-17] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-17] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-17] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-17] (AVAST Software) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-23] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-23] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-06-23] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-23] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103656 2018-06-23] (Malwarebytes) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-11] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-11] (Zemana Ltd.) S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-23 12:23 - 2018-06-23 12:24 - 000024191 _____ C:\Users\lanmilan\Desktop\FRST.txt 2018-06-23 12:22 - 2018-06-23 12:23 - 000000000 ____D C:\FRST 2018-06-23 12:21 - 2018-06-23 12:21 - 002412544 _____ (Farbar) C:\Users\lanmilan\Desktop\FRST64.exe 2018-06-23 12:21 - 2018-06-23 12:21 - 000004096 _____ C:\Users\lanmilan\Desktop\tekst za mc.txt 2018-06-23 12:19 - 2018-06-23 12:19 - 000002349 _____ C:\Users\lanmilan\Desktop\555.txt 2018-06-23 12:05 - 2018-06-23 12:09 - 000103656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-06-23 12:05 - 2018-06-23 12:05 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-06-23 12:05 - 2018-06-23 12:05 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-06-23 12:05 - 2018-06-23 12:05 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-06-23 12:05 - 2018-06-23 12:05 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-06-23 12:05 - 2018-06-23 12:05 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-06-23 12:05 - 2018-06-23 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-06-23 12:05 - 2018-06-23 12:05 - 000000000 ____D C:\Program Files\Malwarebytes 2018-06-23 12:05 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-06-23 12:04 - 2018-06-23 12:04 - 074351728 _____ (Malwarebytes ) C:\Users\lanmilan\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5582.exe 2018-06-23 11:58 - 2018-06-23 11:58 - 007372496 _____ (Malwarebytes) C:\Users\lanmilan\Downloads\adwcleaner_7.2.0.exe 2018-06-23 11:56 - 2018-06-23 11:56 - 001130840 _____ (Google Inc.) C:\Users\lanmilan\Downloads\ChromeSetup.exe 2018-06-23 11:51 - 2018-06-23 11:51 - 000001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2018-06-23 11:50 - 2018-05-17 05:54 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-06-23 11:49 - 2018-06-23 11:49 - 000042574 _____ C:\Windows\SysWOW64\rsslogs.20180623114819 2018-06-10 15:46 - 2018-06-10 15:46 - 000962516 _____ C:\Windows\SysWOW64\rsslogs.20180610154615 2018-06-10 14:55 - 2018-06-10 15:38 - 000000000 ____D C:\Users\lanmilan\Desktop\Backup Lenovo 10062018 2018-06-09 18:55 - 2018-06-09 18:55 - 000355678 _____ C:\Users\lanmilan\Downloads\ZAVRSNI-RACUN-2016..xlsx 2018-06-09 15:46 - 2018-06-10 15:46 - 001700254 _____ C:\Windows\SysWOW64\rsslogs.20180609154615 2018-06-08 16:47 - 2018-06-09 15:46 - 001628756 _____ C:\Windows\SysWOW64\rsslogs.20180608164643 2018-06-07 17:46 - 2018-06-07 17:46 - 001085253 _____ C:\Windows\SysWOW64\rsslogs.20180607174519 2018-06-06 19:13 - 2018-06-06 19:13 - 001015290 _____ C:\Windows\SysWOW64\rsslogs.20180606191252 2018-06-05 18:14 - 2018-06-23 21:46 - 000000000 ____D C:\Users\lanmilan\AppData\Local\Viber 2018-06-05 18:10 - 2018-06-05 18:10 - 000638752 _____ C:\Windows\SysWOW64\rsslogs.20180605180900 2018-06-04 19:11 - 2018-06-23 11:51 - 000003310 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3318695099-3213434911-3798809956-1001 2018-06-04 19:07 - 2018-06-04 19:07 - 000993498 _____ C:\Windows\SysWOW64\rsslogs.20180604190621 2018-06-04 09:16 - 2018-06-04 09:16 - 000004737 _____ C:\Windows\SysWOW64\rsslogs.20180604091542 2018-06-04 09:11 - 2018-06-04 09:11 - 000000000 ___HD C:\$AV_ASW 2018-06-03 17:21 - 2018-06-03 17:21 - 001124229 _____ C:\Windows\SysWOW64\rsslogs.20180603172112 2018-06-02 17:21 - 2018-06-03 17:21 - 001700698 _____ C:\Windows\SysWOW64\rsslogs.20180602172112 2018-05-28 19:43 - 2018-06-23 11:51 - 000003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3318695099-3213434911-3798809956-1001 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-23 21:46 - 2017-05-11 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2018-06-23 21:46 - 2017-05-11 13:11 - 000000000 ____D C:\Program Files\HitmanPro 2018-06-23 21:46 - 2017-05-11 11:15 - 000000000 ____D C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2018-06-23 21:46 - 2015-12-03 17:58 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2018-06-23 21:46 - 2015-09-29 17:43 - 000000000 ____D C:\Users\Guest 2018-06-23 21:46 - 2015-08-11 11:10 - 000000000 __SHD C:\PScript5 2018-06-23 21:46 - 2015-08-11 10:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-06-23 21:41 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-06-23 21:38 - 2015-08-19 17:29 - 000000000 ____D C:\Users\lanmilan\AppData\Roaming\ViberPC 2018-06-23 21:38 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-06-23 21:38 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed 2018-06-23 21:38 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\registration 2018-06-23 21:38 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2018-06-23 21:37 - 2017-05-11 11:14 - 000000000 ____D C:\Program Files\Enigma Software Group 2018-06-23 21:37 - 2016-01-31 16:04 - 000000000 ____D C:\ProgramData\Real 2018-06-23 12:23 - 2017-05-11 12:14 - 000073229 _____ C:\Windows\ZAM.krnl.trace 2018-06-23 12:23 - 2017-05-11 12:14 - 000048802 _____ C:\Windows\ZAM_Guard.krnl.trace 2018-06-23 12:20 - 2015-08-11 10:32 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{31F3BEAE-F1D5-4B9F-B257-BCBF6267FBCB} 2018-06-23 12:05 - 2017-05-11 13:00 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-06-23 12:02 - 2015-08-11 10:30 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3318695099-3213434911-3798809956-1001 2018-06-23 11:57 - 2016-05-11 19:27 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-06-23 11:57 - 2015-08-11 10:23 - 000000000 ____D C:\Users\lanmilan 2018-06-23 11:53 - 2015-10-05 17:35 - 000000000 ____D C:\Users\lanmilan\AppData\LocalLow\Mozilla 2018-06-23 11:51 - 2017-02-09 00:48 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-06-23 11:48 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-23 10:50 - 2017-05-11 13:11 - 000000000 ____D C:\ProgramData\HitmanPro 2018-06-10 22:48 - 2015-08-19 17:30 - 000000000 __SHD C:\Users\lanmilan\Documents\ViberDownloads 2018-06-10 14:56 - 2015-08-11 10:29 - 000869136 _____ C:\Windows\system32\PerfStringBackup.INI 2018-06-09 20:07 - 2017-11-19 21:44 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk 2018-06-09 20:07 - 2017-09-30 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-06-09 13:18 - 2016-11-22 19:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-06-09 13:18 - 2015-08-11 10:35 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-06-08 09:04 - 2017-09-08 18:57 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-06-08 09:04 - 2013-08-22 15:25 - 000524288 ___SH C:\Windows\system32\config\BBI 2018-06-06 19:59 - 2015-08-19 12:14 - 000000000 ____D C:\Users\lanmilan\AppData\Roaming\uTorrent 2018-06-04 21:19 - 2018-01-26 19:02 - 000000000 ____D C:\Users\lanmilan\Desktop\desktop 26012018 2018-06-04 19:09 - 2016-12-16 01:52 - 000000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2018-06-04 03:25 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp 2018-06-04 03:13 - 2015-08-13 03:06 - 000000000 ____D C:\Windows\system32\MRT 2018-06-04 03:09 - 2017-10-30 19:11 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-06-04 03:09 - 2015-08-13 03:06 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-06-04 02:14 - 2017-01-14 17:07 - 000000000 ____D C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-06-04 02:14 - 2017-01-14 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-06-04 02:14 - 2015-08-11 11:02 - 000000000 ____D C:\Program Files\WinRAR 2018-06-04 02:10 - 2018-05-11 17:08 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-06-04 02:10 - 2018-05-11 17:08 - 000000834 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-05-27 22:13 - 2017-06-30 18:13 - 000001353 _____ C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2018-05-27 22:13 - 2017-01-20 21:06 - 000004060 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1484939153 2018-05-27 16:55 - 2017-11-01 19:08 - 000000000 ____D C:\Users\lanmilan\AppData\Roaming\WhatsApp ==================== Files in the root of some directories ======= 2017-01-17 04:20 - 2017-05-11 10:47 - 000236571 _____ () C:\Users\lanmilan\ZHPCleaner.exe 2015-10-25 20:18 - 2015-10-25 20:59 - 000000115 _____ () C:\Users\lanmilan\AppData\Roaming\LogFile.txt 2016-01-24 00:37 - 2016-01-24 00:37 - 000000600 _____ () C:\Users\lanmilan\AppData\Roaming\winscp.rnd 2016-01-24 00:37 - 2018-02-02 00:15 - 000000600 _____ () C:\Users\lanmilan\AppData\Local\PUTTY.RND 2015-08-17 19:42 - 2017-02-22 19:39 - 000007614 _____ () C:\Users\lanmilan\AppData\Local\Resmon.ResmonCfg 2015-08-19 14:25 - 2015-08-19 14:41 - 000000700 ___SH () C:\Users\lanmilan\AppData\Local\systemFL7.dat 2016-09-03 21:33 - 2016-09-03 21:33 - 000000180 _____ () C:\Users\lanmilan\AppData\Local\uts.ini Some files in TEMP: ==================== 2018-02-19 11:13 - 2018-02-19 11:13 - 000164424 _____ (Microsoft Corporation) C:\Users\lanmilan\AppData\Local\Temp\atl110.dll 2018-02-19 11:13 - 2018-02-19 11:13 - 000069632 _____ () C:\Users\lanmilan\AppData\Local\Temp\HwInfo.dll 2018-02-19 11:13 - 2018-02-19 11:13 - 001193472 _____ () C:\Users\lanmilan\AppData\Local\Temp\NSISPromotionEx.dll 2018-02-19 11:13 - 2018-02-19 11:13 - 000099328 _____ () C:\Users\lanmilan\AppData\Local\Temp\NSISTrigger.dll 2018-05-10 23:43 - 2018-05-10 23:43 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180510214330624.dll 2018-05-11 17:04 - 2018-05-11 17:04 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180511150427922.dll 2018-05-11 17:45 - 2018-05-11 17:45 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180511154506359.dll 2018-05-12 17:45 - 2018-05-12 17:45 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180512154506347.dll 2018-05-14 21:28 - 2018-05-14 21:28 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180514192823059.dll 2018-05-14 21:31 - 2018-05-14 21:31 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180514193116018.dll 2018-05-15 17:42 - 2018-05-15 17:42 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180515154220159.dll 2018-05-15 17:45 - 2018-05-15 17:45 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180515154505761.dll 2018-05-16 18:01 - 2018-05-16 18:01 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180516160105134.dll 2018-05-17 18:01 - 2018-05-17 18:01 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180517160109107.dll 2018-05-18 17:51 - 2018-05-18 17:51 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180518155126658.dll 2018-05-18 22:16 - 2018-05-18 22:16 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180518201606417.dll 2018-05-19 19:26 - 2018-05-19 19:26 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180519172647608.dll 2018-05-20 17:45 - 2018-05-20 17:45 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180520154506167.dll 2018-05-21 17:21 - 2018-05-21 17:21 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180521152143908.dll 2018-05-21 17:45 - 2018-05-21 17:45 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180521154505680.dll 2018-05-22 18:20 - 2018-05-22 18:20 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180522162033170.dll 2018-05-23 19:19 - 2018-05-23 19:19 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180523171935223.dll 2018-05-23 19:22 - 2018-05-23 19:22 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180523172216994.dll 2018-05-24 18:15 - 2018-05-24 18:15 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180524161500471.dll 2018-05-25 19:25 - 2018-05-25 19:25 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180525172510470.dll 2018-05-26 17:45 - 2018-05-26 17:45 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180526154505814.dll 2018-05-27 16:16 - 2018-05-27 16:16 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180527141628844.dll 2018-05-27 17:45 - 2018-05-27 17:45 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180527154506477.dll 2018-05-27 22:12 - 2018-05-27 22:12 - 002183680 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_180527201204854.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-20 04:45 ==================== End of FRST.txt ============================ mycity.rs/must-login.png

Profil

Sass Drake Poslao: 23 Jun 2018 16:33 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne vidim u logovima ništa maliciozno, ali ipak... Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju. Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor. Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja. • Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju. • Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje. Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart. • Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report. Izvezi log na Desktop; - Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)' # U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save. - Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor. • U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

Profil

lanmi1983 Poslao: 23 Jun 2018 20:28 Idi na vrh
offline lanmi1983 Građanin Pridružio: 28 Feb 2009 Poruke: 190 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo i log nakon skeniranja. Izuzeo sam mirc koji je cist iako ga prijavljuje kao Malware/Suspicious. Drugo nista sumnjivo nije nasao. Interesuje me sta je sa ovim sto sam prethodno skenirao sa AdwCleanerom? Nakon ciscenja i restarta gde samo ostao bez neta i pola programa nisam mogao da otvorim...Pa sam uradio system restore, da li je to ocisceno vraceno ponovo? mycity.rs/must-login.png

Profil

Sass Drake Poslao: 24 Jun 2018 11:04 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! AdwCleaner je uklonio SpyHunter, ali ne vidim razlog zašto ti Internet nije radio nakon brisanja istog. Malwarea nemaš, tako da ti jedino moguvjetovati da u Firefoxu ugasiš jednu po jednu ekstenziju i na taj način utvrdiš koja pravi problem. • Sledeća procedura će implementirati završno čišćenje. Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop. Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija; Remove disinfection tools Create registry backup Purge System Restore Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad. Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani. Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt) Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Profil

lanmi1983 Poslao: 28 Jun 2018 01:30 Idi na vrh
offline lanmi1983 Građanin Pridružio: 28 Feb 2009 Poruke: 190 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, hvala p.s. greskom sam ostavio post na temi iznad, pa ako niej problem, moze da se ukloni

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Browser problem, virus ili...provera

Ko je trenutno na forumu

Ukupno su 1111 korisnika na forumu :: 41 registrovanih, 3 sakrivenih i 1067 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., airsuba, aramis s, bobomicek, bojan_t, cavatina, CikaKURE, darkojbn, Denaya, drimer, Korida, Kubovac, kuntalo, M1los, Mcdado, Mercury, mikrimaus, minmatar34957, Miskohd, Mitraljeta, MrNo, Nemanja.M, nemkea71, nenad81, Nikolaa11, nikoladim, Oscar2, pein, radoznao, raptorsi, RED4G-304, Silvertooth, Sirius, stegonosa, tmanda323, VanHelsing, vathra, VJ, Vlada1389, zax22r, Čivi

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by