Poslao: 18 Feb 2015 21:21
|
offline
- delRambo
- Novi MyCity građanin
- Pridružio: 28 Dec 2014
- Poruke: 5
|
Napisano: 18 Feb 2015 21:15
Pozdrav,
Cim otvorim google chrome pretrazivac, pojavi se kao pocetna adresa, zatim otvaraju se dodatni prozori, i reklame. Takodje mi se desava i na mozzili.
Hvala unapred
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Pavlovic (administrator) on PAVLOVIC-PC on 18-02-2015 21:09:40
Running from C:\Users\Pavlovic\Downloads
Loaded Profiles: Pavlovic (Available profiles: Pavlovic)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\Pavlovic\AppData\Roaming\uTorrent\uTorrent.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\D-Link\DWA-123\ALPBCSVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-16] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-28] (AVAST Software)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\Run: [njq8IsHere.vbs] => %windir%\system32\wscript.exe /b "C:\Users\Pavlovic\AppData\Local\Temp\njq8IsHere.vbs" <===== ATTENTION
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\Run: [uTorrent] => C:\Users\Pavlovic\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-22] (BitTorrent Inc.)
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\CurrentVersion\Windows: [Load] C:\Users\Pavlovic\LOCALS~1\Temp\msrkwfgac.exe <===== ATTENTION
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\MountPoints2: {491bb440-8e14-11e4-bd0d-806e6f6e6963} - F:\Launcher.exe
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 -> {9A607EAD-8571-460C-8ACD-AAE312A940D8} URL = bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: NetoaCoUpoN -> {21c1271e-0a0e-46dd-94cb-6e802ed1b168} -> C:\Program Files (x86)\NetoaCoUpoN\3AXi6eap0oWYuc.x64.dll ()
BHO: ExstraSavinGs -> {27e607aa-951a-4cd4-835e-65ce3f12b038} -> C:\Program Files (x86)\ExstraSavinGs\ENQwSl2mmDhwLG.x64.dll ()
BHO: SavaeLotus -> {3b93c1a8-1963-4725-97eb-021b274a9e35} -> C:\Program Files (x86)\SavaeLotus\uCwwZm9dZT7Tf7.x64.dll ()
BHO: youtubeadblocker -> {56b79e0f-bbaf-4c9a-9ef1-104a88b8a421} -> C:\Program Files (x86)\youtubeadblocker\022FnrUpGZdLer.x64.dll ()
BHO: Unnisales -> {7eb388a5-428d-4a3c-af09-c3eac85acc33} -> C:\Program Files (x86)\Unnisales\ASkaka4x9a2UVH.x64.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: NetoaCoUpoN -> {21c1271e-0a0e-46dd-94cb-6e802ed1b168} -> C:\Program Files (x86)\NetoaCoUpoN\3AXi6eap0oWYuc.dll ()
BHO-x32: ExstraSavinGs -> {27e607aa-951a-4cd4-835e-65ce3f12b038} -> C:\Program Files (x86)\ExstraSavinGs\ENQwSl2mmDhwLG.dll ()
BHO-x32: SavaeLotus -> {3b93c1a8-1963-4725-97eb-021b274a9e35} -> C:\Program Files (x86)\SavaeLotus\uCwwZm9dZT7Tf7.dll ()
BHO-x32: youtubeadblocker -> {56b79e0f-bbaf-4c9a-9ef1-104a88b8a421} -> C:\Program Files (x86)\youtubeadblocker\022FnrUpGZdLer.dll ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Unnisales -> {7eb388a5-428d-4a3c-af09-c3eac85acc33} -> C:\Program Files (x86)\Unnisales\ASkaka4x9a2UVH.dll ()
BHO-x32: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1431824233-555198864-2879303369-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Pavlovic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1431824233-555198864-2879303369-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default\searchplugins\starter.xml
FF Extension: FUnDDEAls - C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default\Extensions\Ch9@YRFn6Sz.com [2015-01-30]
FF Extension: Unnisales - C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default\Extensions\rzeZ@jV.net [2015-02-11]
FF Extension: youtubeadblocker - C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default\Extensions\Z@Q5ufNk.net [2015-02-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-14]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Pavlovic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Pavlovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-10-21]
CHR Extension: (Verbatim Translatio) - C:\Users\Pavlovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bobgnmijljonenlachekpkgikohcghon [2014-10-28]
CHR Extension: (Avast Online Security) - C:\Users\Pavlovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-08-14]
CHR Extension: (NCapture) - C:\Users\Pavlovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2014-10-31]
CHR Extension: (Google Wallet) - C:\Users\Pavlovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 2df638ba; c:\Program Files (x86)\LibraryApps\LibraryApps.dll [1604096 2015-02-06] () [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-28] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DWA-123_PBC_WPS; C:\Program Files (x86)\D-Link\DWA-123\ALPBCSVC.exe [61440 2010-08-15] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2013-06-23] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-28] ()
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1534304 2010-11-09] (Ralink Technology Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-12-27] (Duplex Secure Ltd.)
U3 a4tdz71g; C:\Windows\System32\Drivers\a4tdz71g.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 21:09 - 2015-02-18 21:10 - 00016789 _____ () C:\Users\Pavlovic\Downloads\FRST.txt
2015-02-18 21:09 - 2015-02-18 21:09 - 02086912 _____ (Farbar) C:\Users\Pavlovic\Downloads\FRST64.exe
2015-02-16 20:24 - 2015-02-17 15:07 - 00000000 ____D () C:\Users\Pavlovic\Downloads\NBA.2K15-RELOADED
2015-02-16 20:24 - 2015-02-16 20:24 - 00095918 _____ () C:\Users\Pavlovic\Downloads\NBA.2K15-RELOADED.Torrent-Oyun.torrent
2015-02-16 13:05 - 2015-02-16 13:05 - 00000000 ____D () C:\Program Files (x86)\SavaeLotus
2015-02-16 13:05 - 2015-02-16 13:05 - 00000000 ____D () C:\Program Files (x86)\Menu button
2015-02-16 13:05 - 2015-02-16 13:05 - 00000000 ____D () C:\Program Files (x86)\CCheeapMe
2015-02-16 12:45 - 2015-02-16 12:45 - 00000000 ____D () C:\ProgramData\jjacieipnnakonagjpgfmppajmonkhbd
2015-02-16 12:45 - 2015-02-16 12:45 - 00000000 ____D () C:\ProgramData\Extreme Blocker
2015-02-16 12:45 - 2015-02-16 12:45 - 00000000 ____D () C:\Program Files (x86)\TakeThEiCoupponn
2015-02-16 12:45 - 2015-02-16 12:45 - 00000000 ____D () C:\Program Files (x86)\Financial Times News Feed
2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____D () C:\Program Files (x86)\NetoaCoUpoN
2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____D () C:\Program Files (x86)\ExstraSavinGs
2015-02-14 22:50 - 2015-02-14 22:50 - 00000000 ____D () C:\Program Files (x86)\JoniCouPPon
2015-02-11 12:38 - 2015-02-11 12:38 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2015-02-10 17:28 - 2015-02-10 17:28 - 00000000 ____D () C:\Users\Pavlovic\Desktop\John Deere 6610
2015-02-10 17:27 - 2015-02-10 17:27 - 01049651 _____ () C:\Users\Pavlovic\Downloads\Outlook.com.zip
2015-02-08 21:41 - 2015-02-08 21:41 - 00000000 ____D () C:\Users\Pavlovic\Downloads\TR photo 6420 saule parc combo
2015-02-08 21:40 - 2015-02-08 21:40 - 03882847 _____ () C:\Users\Pavlovic\Downloads\TR photo 6420 saule parc combo.zip
2015-02-08 21:40 - 2015-02-08 21:40 - 03492638 _____ () C:\Users\Pavlovic\Downloads\TR photo 6420 saule 2.zip
2015-02-08 21:40 - 2015-02-08 21:40 - 00000000 ____D () C:\Users\Pavlovic\Downloads\TR photo 6420 saule 2
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 ____D () C:\ProgramData\df09490bc3671cab
2015-02-06 22:28 - 2015-02-16 13:05 - 00000000 ____D () C:\ProgramData\16071457060120108203
2015-02-06 22:28 - 2015-02-06 22:28 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-02-06 22:28 - 2015-02-06 22:28 - 00000000 ____D () C:\Program Files (x86)\Unnisales
2015-02-06 22:27 - 2015-02-06 22:27 - 00000000 ____D () C:\ProgramData\agcmnokafkajkdhgmpcfijhkhmigelme
2015-02-06 22:27 - 2015-02-06 22:27 - 00000000 ____D () C:\ProgramData\{6e7e95b4-c3e2-df10-6e7e-e95b4c3e56d3}
2015-02-06 22:26 - 2015-02-06 22:27 - 01148416 _____ () C:\Users\Pavlovic\Downloads\Football Manager 2015 genie scout 15.2.0.zip.exe
2015-02-05 13:18 - 2015-02-05 13:18 - 00000565 _____ () C:\Users\Pavlovic\Downloads\Redirect.htm
2015-01-30 19:53 - 2015-01-30 19:54 - 00000000 ____D () C:\AdwCleaner
2015-01-28 14:03 - 2015-01-28 14:03 - 00000000 ____D () C:\Program Files (x86)\Tv exe
2015-01-21 23:24 - 2015-02-16 22:24 - 00000020 _____ () C:\Users\Pavlovic\AppData\Roaming\appdataFr3.bin
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 21:09 - 2014-12-28 19:46 - 00000000 ____D () C:\FRST
2015-02-18 21:08 - 2014-12-28 19:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 21:08 - 2014-12-28 19:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 21:08 - 2013-06-22 12:32 - 00000000 ____D () C:\Users\Pavlovic\AppData\Roaming\uTorrent
2015-02-18 20:33 - 2009-07-14 06:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-18 20:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 20:26 - 2009-07-14 05:51 - 00174745 _____ () C:\Windows\setupact.log
2015-02-17 22:24 - 2012-10-12 10:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 21:58 - 2013-07-25 20:53 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1431824233-555198864-2879303369-1000UA.job
2015-02-17 21:58 - 2013-07-25 20:53 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1431824233-555198864-2879303369-1000Core.job
2015-02-17 15:01 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 15:01 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 23:15 - 2015-01-09 18:53 - 00000000 ____D () C:\Users\Pavlovic\Documents\Euro Truck Simulator 2
2015-02-16 12:05 - 2013-01-29 16:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-06 20:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-06 15:24 - 2012-10-12 10:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 15:24 - 2012-10-12 10:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 15:24 - 2012-10-12 10:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-30 19:55 - 2012-10-11 20:18 - 00202852 _____ () C:\Windows\PFRO.log
==================== Files in the root of some directories =======
2015-01-21 23:24 - 2015-02-16 22:24 - 0000020 _____ () C:\Users\Pavlovic\AppData\Roaming\appdataFr3.bin
2014-11-03 21:11 - 2014-12-09 23:40 - 0000133 _____ () C:\Users\Pavlovic\AppData\Roaming\default.pls
2014-11-03 21:09 - 2014-11-03 21:09 - 40068694 _____ () C:\Users\Pavlovic\AppData\Roaming\fpacked.exe
2014-02-02 13:36 - 2014-02-02 15:48 - 0000057 _____ () C:\Users\Pavlovic\AppData\Roaming\install.imp
Some content of TEMP:
====================
C:\Users\Pavlovic\AppData\Local\Temp\0aAd6da.exe
C:\Users\Pavlovic\AppData\Local\Temp\Quarantine.exe
C:\Users\Pavlovic\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-16 21:43
==================== End Of Log ============================
Dopuna: 18 Feb 2015 21:21
mycity.rs/must-login.png
|
|
|
|
Poslao: 18 Feb 2015 23:55
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
Pozdrav,
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
closeprocesses:
emptytemp:
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\Run: [njq8IsHere.vbs] => %windir%\system32\wscript.exe /b "C:\Users\Pavlovic\AppData\Local\Temp\njq8IsHere.vbs" <===== ATTENTION
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\CurrentVersion\Windows: [Load] C:\Users\Pavlovic\LOCALS~1\Temp\msrkwfgac.exe <===== ATTENTION
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Pavlovic\AppData\Local\Temp\njq8IsHere.vbs
C:\Users\Pavlovic\LOCALS~1\Temp\msrkwfgac.ex
C:\ProgramData\nvxasync
HKU\S-1-5-21-1431824233-555198864-2879303369-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 -> {9A607EAD-8571-460C-8ACD-AAE312A940D8} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: NetoaCoUpoN -> {21c1271e-0a0e-46dd-94cb-6e802ed1b168} -> C:\Program Files (x86)\NetoaCoUpoN\3AXi6eap0oWYuc.x64.dll ()
BHO: ExstraSavinGs -> {27e607aa-951a-4cd4-835e-65ce3f12b038} -> C:\Program Files (x86)\ExstraSavinGs\ENQwSl2mmDhwLG.x64.dll ()
BHO: SavaeLotus -> {3b93c1a8-1963-4725-97eb-021b274a9e35} -> C:\Program Files (x86)\SavaeLotus\uCwwZm9dZT7Tf7.x64.dll ()
BHO: youtubeadblocker -> {56b79e0f-bbaf-4c9a-9ef1-104a88b8a421} -> C:\Program Files (x86)\youtubeadblocker\022FnrUpGZdLer.x64.dll ()
BHO: Unnisales -> {7eb388a5-428d-4a3c-af09-c3eac85acc33} -> C:\Program Files (x86)\Unnisales\ASkaka4x9a2UVH.x64.dll ()
BHO-x32: NetoaCoUpoN -> {21c1271e-0a0e-46dd-94cb-6e802ed1b168} -> C:\Program Files (x86)\NetoaCoUpoN\3AXi6eap0oWYuc.dll ()
BHO-x32: ExstraSavinGs -> {27e607aa-951a-4cd4-835e-65ce3f12b038} -> C:\Program Files (x86)\ExstraSavinGs\ENQwSl2mmDhwLG.dll ()
BHO-x32: SavaeLotus -> {3b93c1a8-1963-4725-97eb-021b274a9e35} -> C:\Program Files (x86)\SavaeLotus\uCwwZm9dZT7Tf7.dll ()
BHO-x32: youtubeadblocker -> {56b79e0f-bbaf-4c9a-9ef1-104a88b8a421} -> C:\Program Files (x86)\youtubeadblocker\022FnrUpGZdLer.dll ()
BHO-x32: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1431824233-555198864-2879303369-1000 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} - No File
FF SearchPlugin: C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default\searchplugins\starter.xml
FF Extension: FUnDDEAls - C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default\Extensions\Ch9@YRFn6Sz.com [2015-01-30]
FF Extension: Unnisales - C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default\Extensions\rzeZ@jV.net [2015-02-11]
FF Extension: youtubeadblocker - C:\Users\Pavlovic\AppData\Roaming\Mozilla\Firefox\Profiles\61o1b72h.default\Extensions\Z@Q5ufNk.net [2015-02-11]
R2 2df638ba; c:\Program Files (x86)\LibraryApps\LibraryApps.dll [1604096 2015-02-06] () [File not signed]
c:\Program Files (x86)\LibraryApps
2015-02-16 13:05 - 2015-02-16 13:05 - 00000000 ____D () C:\Program Files (x86)\SavaeLotus
2015-02-16 13:05 - 2015-02-16 13:05 - 00000000 ____D () C:\Program Files (x86)\Menu button
2015-02-16 13:05 - 2015-02-16 13:05 - 00000000 ____D () C:\Program Files (x86)\CCheeapMe
2015-02-16 12:45 - 2015-02-16 12:45 - 00000000 ____D () C:\ProgramData\jjacieipnnakonagjpgfmppajmonkhbd
2015-02-16 12:45 - 2015-02-16 12:45 - 00000000 ____D () C:\ProgramData\Extreme Blocker
2015-02-16 12:45 - 2015-02-16 12:45 - 00000000 ____D () C:\Program Files (x86)\TakeThEiCoupponn
2015-02-16 12:45 - 2015-02-16 12:45 - 00000000 ____D () C:\Program Files (x86)\Financial Times News Feed
2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____D () C:\Program Files (x86)\NetoaCoUpoN
2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____D () C:\Program Files (x86)\ExstraSavinGs
2015-02-14 22:50 - 2015-02-14 22:50 - 00000000 ____D () C:\Program Files (x86)\JoniCouPPon
2015-02-11 12:38 - 2015-02-11 12:38 - 00000000 ____D () C:\ProgramData\Browser AdBlocke
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 ____D () C:\ProgramData\df09490bc3671cab
2015-02-06 22:28 - 2015-02-16 13:05 - 00000000 ____D () C:\ProgramData\16071457060120108203
2015-02-06 22:28 - 2015-02-06 22:28 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-02-06 22:28 - 2015-02-06 22:28 - 00000000 ____D () C:\Program Files (x86)\Unnisales
2015-02-06 22:27 - 2015-02-06 22:27 - 00000000 ____D () C:\ProgramData\agcmnokafkajkdhgmpcfijhkhmigelme
2015-02-06 22:27 - 2015-02-06 22:27 - 00000000 ____D () C:\ProgramData\{6e7e95b4-c3e2-df10-6e7e-e95b4c3e56d3}
2015-02-06 22:26 - 2015-02-06 22:27 - 01148416 _____ () C:\Users\Pavlovic\Downloads\Football Manager 2015 genie scout 15.2.0.zip.exe
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
Skeniranje sa AdwCleaner
Preuzmi AdwCleaner i sacuvaj ga na Desktop.
Pokreni alat i sacekaj da se izvrši ažuriranje.
Prihvati Terms of use tako što ceš kliknuti na I Agree.
Klikni Scan i sacekaj da se skeniranje završi.
Kada je gotovo, klikni Clean.
Pojavice se poruka da ce svi programi biti zaustavljeni nakon što klikneš OK, tako da ako imaš nešto da sacuvaš, sada je vreme da to uradiš.
Pojaviše se još dve poruke gde je potrebno kliknuti OK. Racunar ce se restartovati.
Nakon restarta, otvorice se izveštaj, ciji sadržaj možeš kopirati u sledecu poruku.
Napomena: Izveštaji ce biti sacuvani na tvoju sistemsku particiju, obicno je to folder C:\AdwCleaner
|
|
|
|
|
Poslao: 19 Feb 2015 22:14
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
Pokreni FRST ponovo, cekiraj Addition.txt, klikni na Scan i dostavi oba izvestaja nakon sto se skeniranje zavrsi.
|
|
|
|
|
Poslao: 19 Feb 2015 22:54
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
Obrisi sledeca dva programa:
- Tv exe
- uTorrentControl_v6 Toolbar
Da li se reklame pojavljuju u svim browser-ima?
|
|
|
|
|