Poslao: 08 Avg 2015 15:01
|
offline
- Pridružio: 25 Apr 2012
- Poruke: 143
|
Koji god da pokrenem pretrazivac pojavljuju mi se reklame,usporeno radi racunar.Skenirao sam sa Antivirusom,adclenerom ali i dalje stoje reklame.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015
Ran by SERVIS (administrator) on SERVIS-PC (08-08-2015 14:50:04)
Running from C:\Users\SERVIS\Desktop
Loaded Profiles: SERVIS (Available Profiles: SERVIS & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
() C:\Program Files (x86)\NRadioBox\NRadioBox\NRadioBox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(www.sopcast.com) C:\Program Files (x86)\SopCast\SopCast.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
Failed to access process -> opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1364307884-1388948938-3031870726-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2014-08-27] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2014-08-27] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2014-08-27] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2014-08-27] (Yandex)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1364307884-1388948938-3031870726-1000\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = websearch.hotsearches.info/?pid=23538&r.....p;unqvl=90
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1364307884-1388948938-3031870726-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-1364307884-1388948938-3031870726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = websearch.hotsearches.info/?pid=23538&r.....p;unqvl=90
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.hotsearches.info/?l=1&q={searchTerms}&pid=23538&r=2015/06/23&hid=17491087259206179278&lg=EN&cc=ME&unqvl=90
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MinimumPriccE -> {0e26cf9b-e358-45d5-ae3e-c8088759b02d} -> C:\Program Files (x86)\MinimumPriccE\XVR1EsA6T6Gt5H.x64.dll [2015-04-23] ()
BHO: bestadblocker -> {1fb0f968-4830-4b41-a2f1-33eb2085b70a} -> C:\Program Files (x86)\bestadblocker\qby1dtQsxMXheH.x64.dll No File
BHO: AlllCHeeapPRice -> {291daa0d-a905-4f5e-88dd-95bb0f65301a} -> C:\Program Files (x86)\AlllCHeeapPRice\YilmYhAay7E9SD.x64.dll [2015-05-13] ()
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-26] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-16] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: CheeapMe -> {93F9FFFB-9D33-40D5-AD95-19E70F8A75C2} -> No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-24] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: SalePlus -> {b324f043-7dc3-43cf-8a04-e3d8ac942b12} -> C:\Program Files (x86)\SalePlus\npHsAxDd8ylWqN.x64.dll [2015-04-16] ()
BHO: GreateSavoe4uU -> {d0e9c7f5-61b9-4da9-a068-5e0ae1f87d3f} -> C:\Program Files (x86)\GreateSavoe4uU\3ZgzQ5uc4rUp9C.x64.dll [2015-04-23] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-16] (Oracle Corporation)
BHO: RoboaSSaver -> {ddec69ab-087a-473e-91bf-d4f56ae341a7} -> C:\Program Files (x86)\RoboaSSaver\uUv0wvPKukQpta.x64.dll [2015-05-13] ()
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-24] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {1fb0f968-4830-4b41-a2f1-33eb2085b70a} -> No File
BHO-x32: No Name -> {291daa0d-a905-4f5e-88dd-95bb0f65301a} -> No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {93F9FFFB-9D33-40D5-AD95-19E70F8A75C2} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: No Name -> {b324f043-7dc3-43cf-8a04-e3d8ac942b12} -> No File
BHO-x32: No Name -> {ddec69ab-087a-473e-91bf-d4f56ae341a7} -> No File
Toolbar: HKU\S-1-5-21-1364307884-1388948938-3031870726-1000 -> No Name - {53504356-3700-A76A-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.219
Tcpip\..\Interfaces\{3715980D-2E97-43E3-BF33-4521E72CEC51}: [DhcpNameServer] 192.168.100.219
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-16] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1364307884-1388948938-3031870726-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SERVIS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-19] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-20]
Chrome:
=======
CHR Profile: C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-24]
CHR Extension: (Google Drive) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (Kaspersky Protection) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-04-18]
CHR Extension: (YouTube) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-05]
CHR Extension: (Google Sheets) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-24]
CHR Extension: (Skype Click to Call) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-26]
CHR Extension: (Gmail) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
CHR Profile: C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-14]
CHR Extension: (Google Docs) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14]
CHR Extension: (Google Drive) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-14]
CHR Extension: (Kaspersky Protection) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-07-14]
CHR Extension: (YouTube) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-14]
CHR Extension: (Google Search) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-14]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-07-14]
CHR Extension: (Google Sheets) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-14]
CHR Extension: (AdBlock) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-14]
CHR Extension: (Gmail) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
Opera:
=======
OPR Extension: (adblockforopera) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2015-07-08]
OPR Extension: (HQ-V1.4) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclfgoiloocdgalcloalohidgnfcbpin [2014-06-21]
OPR Extension: (SavePass) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhamjeenndcnlegpcihoonbhpjcehglk [2014-06-21]
OPR Extension: (Adblock Plus) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-07-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-11-26] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
S3 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 6e95159f; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\IncrementFoobar\IncrementFoobar.dll",serv
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-10] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-26] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-11-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-24] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-24] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65648 2011-12-08] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2011-09-19] (Scott)
U3 Winsock; no ImagePath
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-08 14:50 - 2015-08-08 14:50 - 00025205 _____ C:\Users\SERVIS\Desktop\FRST.txt
2015-08-08 14:48 - 2015-08-08 14:50 - 00000000 ____D C:\FRST
2015-08-08 14:47 - 2015-08-08 14:47 - 02169856 _____ (Farbar) C:\Users\SERVIS\Desktop\FRST64.exe
2015-08-07 13:00 - 2015-08-08 09:00 - 00000964 _____ C:\Windows\setupact.log
2015-08-07 13:00 - 2015-08-07 13:00 - 00000000 _____ C:\Windows\setuperr.log
2015-08-07 09:26 - 2015-08-08 14:34 - 00000000 ____D C:\Users\SERVIS\Desktop\MU
2015-07-30 10:16 - 2015-07-30 10:16 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 14:08 - 2015-07-29 14:08 - 00992256 _____ C:\Users\SERVIS\Downloads\fak,732-2015.xls
2015-07-24 10:44 - 2015-07-24 10:45 - 00000000 ____D C:\Users\SERVIS\Desktop\Muzikaaa
2015-07-14 11:58 - 2015-08-08 14:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 11:58 - 2015-08-08 12:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 11:58 - 2015-07-14 11:58 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 11:58 - 2015-07-14 11:58 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-10 16:04 - 2015-07-10 16:04 - 01187520 _____ (Adobe Systems Incorporated) C:\Users\SERVIS\Desktop\flashplayer18pp_fa_install.exe
2015-07-10 10:25 - 2015-07-10 10:25 - 04806412 _____ C:\Users\SERVIS\NLP v4.0.2(2).rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-08 14:25 - 2015-07-08 13:49 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-08 14:01 - 2014-04-16 11:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-08 13:21 - 2013-04-10 10:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-08 12:40 - 2012-12-11 13:31 - 00000000 ____D C:\ProgramData\MCShield
2015-08-08 11:41 - 2009-07-14 07:13 - 00782986 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-08 10:02 - 2015-06-23 16:02 - 00000346 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2015-08-08 09:43 - 2012-12-11 21:17 - 01122204 _____ C:\Windows\WindowsUpdate.log
2015-08-08 09:07 - 2009-07-14 06:45 - 00014016 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-08 09:07 - 2009-07-14 06:45 - 00014016 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-08 09:01 - 2015-05-15 13:42 - 00000024 _____ C:\Users\SERVIS\AppData\Roaming\appdataFr25.bin
2015-08-08 08:59 - 2014-04-17 09:16 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-08 08:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-07 10:25 - 2013-03-01 12:10 - 00000000 ____D C:\Users\SERVIS\AppData\Roaming\Media Player Classic
2015-08-07 10:25 - 2012-12-12 10:19 - 00000000 ____D C:\Users\SERVIS\AppData\Roaming\uTorrent
2015-08-07 10:25 - 2012-12-11 12:37 - 00000000 ____D C:\Users\SERVIS\AppData\Roaming\Winamp
2015-08-07 10:24 - 2014-05-05 12:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-07 09:54 - 2015-06-04 13:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 09:53 - 2015-04-28 10:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-07 09:08 - 2014-09-09 10:25 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1383915637
2015-08-07 09:08 - 2012-12-11 12:40 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-06 09:05 - 2013-08-23 16:52 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-04 09:01 - 2014-11-26 12:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-27 09:01 - 2013-05-22 16:10 - 00000000 ____D C:\Users\SERVIS\AppData\Roaming\Dropbox
2015-07-25 15:52 - 2015-07-02 12:41 - 00000000 ____D C:\Users\SERVIS\AppData\Local\Dropbox
2015-07-25 15:42 - 2012-12-11 12:23 - 00000000 ____D C:\Users\SERVIS
2015-07-24 12:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-17 16:01 - 2014-03-15 10:07 - 00000646 __RSH C:\ProgramData\ntuser.pol
2015-07-17 09:17 - 2013-02-21 10:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-17 09:15 - 2014-12-24 09:59 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 14:52 - 2013-05-22 16:12 - 00000000 __RHD C:\Users\SERVIS\Dropbox
2015-07-15 13:01 - 2015-07-08 13:49 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-07-15 13:01 - 2014-04-16 11:52 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 13:01 - 2014-04-16 11:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 13:01 - 2014-04-16 11:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 11:44 - 2014-12-16 10:03 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-10 16:04 - 2014-06-28 10:10 - 00000000 ____D C:\Users\SERVIS\AppData\Local\Adobe
2015-07-09 09:02 - 2009-07-14 07:08 - 00007594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2013-01-05 11:46 - 2015-03-06 16:21 - 0000132 _____ () C:\Users\SERVIS\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-05-15 13:42 - 2015-08-08 09:01 - 0000024 _____ () C:\Users\SERVIS\AppData\Roaming\appdataFr25.bin
2015-04-21 12:39 - 2015-05-13 16:17 - 0000020 _____ () C:\Users\SERVIS\AppData\Roaming\appdataFr3.bin
2014-11-10 12:42 - 2014-11-10 12:45 - 0000115 _____ () C:\Users\SERVIS\AppData\Roaming\LogFile.txt
2013-03-16 11:14 - 2013-03-16 11:14 - 0026900 _____ () C:\Users\SERVIS\AppData\Local\dt.dat
2014-04-18 15:35 - 2014-04-18 15:35 - 0000001 _____ () C:\Users\SERVIS\AppData\Local\llftool.4.40.agreement
Files to move or delete:
====================
C:\Users\SERVIS\SamsungLink_Installer64.exe
Some files in TEMP:
====================
C:\Users\SERVIS\AppData\Local\Temp\Quarantine.exe
C:\Users\SERVIS\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-03 09:35
==================== End of log ============================
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
Poslao: 08 Avg 2015 18:15
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Korak 2
Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:
SoftwareAssist
Korak 2
Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1364307884-1388948938-3031870726-1000\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hotsearches.info/?pid=23538&r.....p;unqvl=90
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1364307884-1388948938-3031870726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hotsearches.info/?pid=23538&r.....p;unqvl=90
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=23538&r=2015/06/23&hid=17491087259206179278&lg=EN&cc=ME&unqvl=90
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MinimumPriccE -> {0e26cf9b-e358-45d5-ae3e-c8088759b02d} -> C:\Program Files (x86)\MinimumPriccE\XVR1EsA6T6Gt5H.x64.dll [2015-04-23] ()
BHO: bestadblocker -> {1fb0f968-4830-4b41-a2f1-33eb2085b70a} -> C:\Program Files (x86)\bestadblocker\qby1dtQsxMXheH.x64.dll No File
BHO: AlllCHeeapPRice -> {291daa0d-a905-4f5e-88dd-95bb0f65301a} -> C:\Program Files (x86)\AlllCHeeapPRice\YilmYhAay7E9SD.x64.dll [2015-05-13] ()
BHO: CheeapMe -> {93F9FFFB-9D33-40D5-AD95-19E70F8A75C2} -> No File
BHO: SalePlus -> {b324f043-7dc3-43cf-8a04-e3d8ac942b12} -> C:\Program Files (x86)\SalePlus\npHsAxDd8ylWqN.x64.dll [2015-04-16] ()
BHO: GreateSavoe4uU -> {d0e9c7f5-61b9-4da9-a068-5e0ae1f87d3f} -> C:\Program Files (x86)\GreateSavoe4uU\3ZgzQ5uc4rUp9C.x64.dll [2015-04-23] ()
BHO: RoboaSSaver -> {ddec69ab-087a-473e-91bf-d4f56ae341a7} -> C:\Program Files (x86)\RoboaSSaver\uUv0wvPKukQpta.x64.dll [2015-05-13] ()
BHO-x32: No Name -> {1fb0f968-4830-4b41-a2f1-33eb2085b70a} -> No File
BHO-x32: No Name -> {291daa0d-a905-4f5e-88dd-95bb0f65301a} -> No File
BHO-x32: No Name -> {93F9FFFB-9D33-40D5-AD95-19E70F8A75C2} -> No File
BHO-x32: No Name -> {b324f043-7dc3-43cf-8a04-e3d8ac942b12} -> No File
BHO-x32: No Name -> {ddec69ab-087a-473e-91bf-d4f56ae341a7} -> No File
Toolbar: HKU\S-1-5-21-1364307884-1388948938-3031870726-1000 -> No Name - {53504356-3700-A76A-76A7-7A786E7484D7} - No File
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
OPR Extension: (HQ-V1.4) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclfgoiloocdgalcloalohidgnfcbpin [2014-06-21]
OPR Extension: (SavePass) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhamjeenndcnlegpcihoonbhpjcehglk [2014-06-21]
S2 6e95159f; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\IncrementFoobar\IncrementFoobar.dll",serv
Task: {2FB2E45F-1AC7-4EB3-902E-43B991F21873} - System32\Tasks\AdvancedDriverUpdaterRunAtStartup => C:\Users\SERVIS\AppData\Local\Temp\RarSFX0\Advanced Driver Updater\adu.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{bb1d59b4-1765-f53f-bb1d-d59b417666d0}\setup installer.exe <==== ATTENTION
C:\Program Files (x86)\MinimumPriccE
C:\Program Files (x86)\bestadblocker
C:\Program Files (x86)\AlllCHeeapPRice
C:\Program Files (x86)\SalePlus
C:\Program Files (x86)\GreateSavoe4uU
C:\Program Files (x86)\RoboaSSaver
c:\Program Files (x86)\IncrementFoobar
c:\programdata\{bb1d59b4-1765-f53f-bb1d-d59b417666d0}\setup installer.exe
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
EmptyTemp:
U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).
Korak 3
Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:
C:\AdwCleaner
i pošalji ih preko sljedećeg linka:
http://www.mycity.rs/ambulanta-upload.php
Javi kada to uradiš i sačekaj dalja uputstva.
|
|
|
|
Poslao: 10 Avg 2015 09:14
|
offline
- Pridružio: 25 Apr 2012
- Poruke: 143
|
Izvinjavam se ,nisam mogao prije da odgovorim.
Korak:1
Kada pokusam da izbrisem SoftwareAssist izbaci ovu gresku
Korak:2
mycity.rs/must-login.png
Korak:3
Na C nemam folder AdwCleaner .
|
|
|
|
Poslao: 10 Avg 2015 09:18
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt
|
|
|
|
|
Poslao: 10 Avg 2015 11:38
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Korak 1
Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:
C:\FRST\Quarantine
i
C:\AdwCleaner
i pošalji ih preko sljedećeg linka:
http://www.mycity.rs/ambulanta-upload.php
Korak 2
Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.
Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;
• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;
Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.
>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.
>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.
Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.
Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt
Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.
|
|
|
|
|
|
|