Inficirao sam sistem prilikom skidanja s' Torrenta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Zdravo svima
Pre dvadesetak minuta sam pokupio štroku sa Torrenta. Za sada se jedino browser ponaša čudno, tj. sam otvara različite prozore i posle direktnog klika na link ne sluša komade. Ništa nisam preduzimao, jedino scan FRST-om. Šaljem izveštaje:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by Mesh (administrator) on DIOGEN (27-12-2015 01:39:29)
Running from C:\Users\Mesh\Desktop
Loaded Profiles: Mesh (Available Profiles: Mesh)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\PluginContainer.exe
() C:\Program Files (x86)\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77\Updater.exe
() C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\...\MountPoints2: {bd2f6ac5-d73b-11e4-bbf6-047d7b5c334d} - G:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-4209369173-3384524162-1790046760-1000] => hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{1C56B0E3-AB8F-4DAB-AF2D-1A64BB81223B}: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{802476BF-2C34-448B-85E6-8A295CD6DA12}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-03-03] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-27] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation)
BHO-x32: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files (x86)\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll [2015-12-26] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-27] (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
IE Session Restore: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> is enabled.
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762
FF Homepage: hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-09-13] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4209369173-3384524162-1790046760-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin HKU\S-1-5-21-4209369173-3384524162-1790046760-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mesh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-21] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\g4f0kqkw.default-1441441600492\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\user.js [2015-12-27]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2003-05-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\searchplugins\search-simple.xml [2015-03-19]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\bingp.xml [2013-08-22]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\search-simple.xml [2015-03-19]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\adblockpopups@jessehakanen.net.xpi [2012-11-29] [not signed]
FF Extension: Australis - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\Australis@SoapyHamHocks.xpi [2012-12-30] [not signed]
FF Extension: Fasterfox Lite - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\FasterFox_Lite@BigRedBrent [2012-11-29] [not signed]
FF Extension: Shareaholic - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\firefox-extension@shareaholic.com.xpi [2012-11-29] [not signed]
FF Extension: NASA Night Launch - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\nasanightlaunch@example.com.xpi [2012-12-30] [not signed]
FF Extension: Feedback - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\testpilot@labs.mozilla.com.xpi [2012-10-31] [not signed]
FF Extension: Thumbnail Zoom Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\thumbnailZoom@dadler.github.com.xpi [2012-12-08] [not signed]
FF Extension: 8 Ultimo - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66} [2012-11-29] [not signed]
FF Extension: MeasureIt - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-11-29] [not signed]
FF Extension: FT DeepDark - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2012-11-29] [not signed]
FF Extension: Adblock Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-29] [not signed]
FF Extension: Discover Treasure - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\cryptocat@crypto.cat.xpi [2014-06-14] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\firebug@software.joehewitt.com.xpi [2014-06-21] [not signed]
FF Extension: Shareaholic - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\firefox-extension@shareaholic.com.xpi [2012-10-23] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\maskingagent@basa.nl.xpi [2013-02-23] [not signed]
FF Extension: NASA Night Launch - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\nasanightlaunch@example.com.xpi [2014-02-25] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\nightlaunchcompanion@example.com.xpi [2014-05-28] [not signed]
FF Extension: Thumbnail Zoom Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2014-01-01] [not signed]
FF Extension: Session Manager - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-06-07] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05] [not signed]
FF Extension: Thumbnail Zoom - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi [2013-01-13] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\g4f0kqkw.default-1441441600492\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2015-12-23] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-12-23] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-23] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-06-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-06-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\extensions\deskCutv2@gmail.com => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
CHR StartupUrls: Default -> "hxxp://houmpage.com/?src=nt&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
CHR DefaultSearchURL: Default -> hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
CHR DefaultSearchKeyword: Default -> g
CHR Profile: C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Freemake Video Downloader) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2015-09-29]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2015-09-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-07-25]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-09-29]

Opera:
=======
OPR Extension: (Fastest Facebook™) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\fneegbjfomckiofaikblpahnnhhaacel [2015-08-06]
OPR Extension: (Opera Bookmarks Share Portal) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-13]
OPR Extension: (Pixezoom: Pixel-Perfect Zoom) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhkfophdaplidchjldgoallpdeaondlb [2014-06-29]
OPR Extension: (Adblock Plus) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-09-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-08-09] (ESET)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [229392 2012-09-13] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-04] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2012-08-04] ()
R2 Service Mgr DiscoverTreasure; C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugincontainer.exe [775392 2015-12-26] () <==== ATTENTION
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-12-07] (Microsoft Corporation) [File not signed]
S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 Update Mgr DiscoverTreasure; C:\Program Files (x86)\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77\updater.exe [639712 2015-12-26] () <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
S4 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
S4 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-23] (Duplex Secure Ltd.)
U3 aucn1po2; C:\Windows\System32\Drivers\aucn1po2.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S1 HyperVM; \??\C:\Windows\system32\drivers\hvm.sys [X]
S0 sysmon; system32\DRIVERS\sysmon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 01:39 - 2015-12-27 01:39 - 00024319 _____ C:\Users\Mesh\Desktop\FRST.txt
2015-12-27 01:25 - 2015-12-27 01:25 - 00003056 _____ C:\Windows\System32\Tasks\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\ProgramData\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
2015-12-27 01:24 - 2015-12-27 01:24 - 00000000 ____D C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
2015-12-27 01:24 - 2015-12-27 01:24 - 00000000 ____D C:\Program Files (x86)\Discover Treasure
2015-12-26 16:51 - 2015-12-27 01:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-24 06:48 - 2015-12-24 06:48 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
2015-12-24 06:48 - 2015-12-24 06:48 - 00001086 _____ C:\Users\Mesh\Desktop\Network Stumbler.lnk
2015-12-24 06:48 - 2015-12-24 06:48 - 00000000 ____D C:\Program Files (x86)\Network Stumbler
2015-12-23 21:45 - 2015-12-23 21:45 - 00765912 _____ C:\Users\Mesh\Desktop\Sezonski posao, branje jagoda u Finskoj, sezona 2015. ~ F I N S K A3.htm
2015-12-23 21:45 - 2015-12-23 21:45 - 00000000 ____D C:\Users\Mesh\Desktop\Sezonski posao, branje jagoda u Finskoj, sezona 2015. ~ F I N S K A3_files
2015-12-23 21:41 - 2015-12-23 21:41 - 00854084 _____ C:\Users\Mesh\Desktop\Sezonski posao, branje jagoda u Finskoj, sezona 2015. ~ F I N S K A2.htm
2015-12-23 21:41 - 2015-12-23 21:41 - 00000000 ____D C:\Users\Mesh\Desktop\Sezonski posao, branje jagoda u Finskoj, sezona 2015. ~ F I N S K A2_files
2015-12-23 21:40 - 2015-12-23 21:40 - 00869650 _____ C:\Users\Mesh\Desktop\Sezonski posao, branje jagoda u Finskoj, sezona 2015. ~ F I N S K A1.htm
2015-12-23 21:40 - 2015-12-23 21:40 - 00000000 ____D C:\Users\Mesh\Desktop\Sezonski posao, branje jagoda u Finskoj, sezona 2015. ~ F I N S K A1_files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 01:39 - 2015-08-14 12:44 - 00000000 ____D C:\FRST
2015-12-27 01:34 - 2014-01-21 12:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-27 01:32 - 2015-09-14 11:09 - 00000000 ____D C:\Users\Mesh\Desktop\FRST-OlderVersion
2015-12-27 01:32 - 2015-08-14 12:42 - 02370560 _____ (Farbar) C:\Users\Mesh\Desktop\FRST64.exe
2015-12-27 01:26 - 2012-07-24 22:20 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\uTorrent
2015-12-27 01:25 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-27 01:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-27 01:24 - 2015-09-27 13:35 - 00001018 _____ C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-12-27 01:24 - 2015-01-07 16:43 - 00002543 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-27 01:24 - 2014-10-02 17:12 - 00001345 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-27 01:24 - 2013-09-05 23:44 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-27 01:24 - 2012-11-27 04:56 - 00001357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-27 01:24 - 2012-10-23 15:36 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora.lnk
2015-12-27 01:24 - 2012-10-23 15:36 - 00001280 _____ C:\Users\Public\Desktop\Aurora.lnk
2015-12-27 01:24 - 2012-07-24 19:28 - 00001571 _____ C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-27 01:20 - 2014-01-21 12:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-27 01:20 - 2012-10-23 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-27 01:20 - 2012-07-25 00:24 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-27 01:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-27 00:52 - 2013-01-24 03:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-26 18:59 - 2012-07-24 21:38 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2015-12-26 16:35 - 2012-10-01 03:13 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{84005110-EA47-4FCC-A8B1-0CFC2347E861}
2015-12-26 14:14 - 2009-07-14 05:45 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 14:14 - 2009-07-14 05:45 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-24 06:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-23 21:34 - 2014-06-05 20:01 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1378421089
2015-12-23 21:34 - 2013-09-05 23:44 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-23 21:29 - 2014-01-21 12:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-23 21:29 - 2014-01-21 12:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-19 18:14 - 2015-05-12 15:30 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\AIMP3
2015-12-15 10:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-14 12:15 - 2015-10-23 23:33 - 00000024 _____ C:\Windows\clofghls.dll
2015-12-02 13:18 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-08-18 00:58 - 2012-08-18 00:58 - 0893936 _____ (Oracle Corporation) C:\Program Files\chromeinstall-7u5.exe
2013-03-11 19:30 - 2013-03-11 19:30 - 0000132 _____ () C:\Users\Mesh\AppData\Roaming\Adobe GIF Format CS6 Prefs
2012-07-24 23:47 - 2012-07-24 23:47 - 0007605 _____ () C:\Users\Mesh\AppData\Local\Resmon.ResmonCfg
2012-12-08 18:20 - 2012-12-08 18:20 - 0000032 RSHOT () C:\Users\Mesh\AppData\Local\t65s2tb.dat

Some files in TEMP:
====================
C:\Users\Mesh\AppData\Local\Temp\cFR0J59DiD.exe
C:\Users\Mesh\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Mesh\AppData\Local\Temp\KMP_4.0.3.1.exe
C:\Users\Mesh\AppData\Local\Temp\LlUx0HPsbt.exe
C:\Users\Mesh\AppData\Local\Temp\NUldpoLrxm.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-21 17:12

==================== End of FRST.txt ============================
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 27 Dec 2015 11:06

Pozdrav,


Mozes li se setiti gde si skinuo torrent? Jako bih voleo da vidim sta je iza toga.

Dopuna: 27 Dec 2015 11:15

Fix za tebe:


Prvo obrisi ovu aplikaciju:

Discover Treasure


1. Otvori Notepad (Text Document) i iskopiraj sledeæi tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Task: {F0CACA7A-4CD1-4E1C-ABD9-B4541F5D6970} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe [2015-12-27] () <==== ATTENTION
C:\Program Files (x86)\LuckyBrowse
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Aurora.lnk -> C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora.lnk -> C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
ShortcutWithArgument: C:\Users\Public\Desktop\Aurora.lnk -> C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
C:\Program Files (x86)\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77
AutoConfigURL: [S-1-5-21-4209369173-3384524162-1790046760-1000] => hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
BHO-x32: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files (x86)\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll [2015-12-26] ()
C:\Program Files (x86)\Discover Treasure
FF Homepage: hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\g4f0kqkw.default-1441441600492\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\user.js [2015-12-27]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\searchplugins\search-simple.xml [2015-03-19]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\bingp.xml [2013-08-22]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\search-simple.xml [2015-03-19]
FF Extension: Discover Treasure - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\extensions\deskCutv2@gmail.com => not found
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\g4f0kqkw.default-1441441600492\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
CHR HomePage: Default -> hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
CHR StartupUrls: Default -> "hxxp://houmpage.com/?src=nt&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
CHR DefaultSearchURL: Default -> hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
R2 Update Mgr DiscoverTreasure; C:\Program Files (x86)\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77\updater.exe [639712 2015-12-26] () <==== ATTENTION
R2 Service Mgr DiscoverTreasure; C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugincontainer.exe [775392 2015-12-26] () <==== ATTENTION
2015-12-27 01:25 - 2015-12-27 01:25 - 00003056 _____ C:\Windows\System32\Tasks\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\ProgramData\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
2015-12-27 01:24 - 2015-12-27 01:24 - 00000000 ____D C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
2015-12-27 01:24 - 2015-12-27 01:24 - 00000000 ____D C:\Program Files (x86)\Discover Treasure
2012-12-08 18:20 - 2012-12-08 18:20 - 0000032 RSHOT () C:\Users\Mesh\AppData\Local\t65s2tb.dat

2. Saèuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i saèekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat æe formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da, da. Odavde sam pokušao da skinem film: sotorrents.com/pier-paolo-pasolini-salo.....4679.html#
Sve je rešeno. Velika hvala. Evo ga i Fixlog.txt



Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Mesh (2015-12-28 21:41:00) Run:2
Running from C:\Users\Mesh\Desktop
Loaded Profiles: Mesh (Available Profiles: Mesh)
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
Task: {F0CACA7A-4CD1-4E1C-ABD9-B4541F5D6970} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe [2015-12-27] () <==== ATTENTION
C:\Program Files (x86)\LuckyBrowse
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Aurora.lnk -> C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora.lnk -> C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
ShortcutWithArgument: C:\Users\Public\Desktop\Aurora.lnk -> C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451175863&a=1024132&src=sh&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
C:\Program Files (x86)\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77
AutoConfigURL: [S-1-5-21-4209369173-3384524162-1790046760-1000] => hxxp://unstopp.me/wpad.dat?e23600a7ad08a7937189c427f746b5d13251931
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
BHO-x32: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files (x86)\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll [2015-12-26] ()
C:\Program Files (x86)\Discover Treasure
FF Homepage: hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\g4f0kqkw.default-1441441600492\user.js [2015-12-27]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\user.js [2015-12-27]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\searchplugins\search-simple.xml [2015-03-19]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\bingp.xml [2013-08-22]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\search-simple.xml [2015-03-19]
FF Extension: Discover Treasure - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\extensions\deskCutv2@gmail.com => not found
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\g4f0kqkw.default-1441441600492\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi [2015-12-26] [not signed]
CHR HomePage: Default -> hxxp://houmpage.com/?src=hp&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
CHR StartupUrls: Default -> "hxxp://houmpage.com/?src=nt&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8"
CHR DefaultSearchURL: Default -> hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451175863&a=1024132&uuid=92c336e3-3af9-4ccf-8297-a9f3bb6a8fe8
R2 Update Mgr DiscoverTreasure; C:\Program Files (x86)\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77\updater.exe [639712 2015-12-26] () <==== ATTENTION
R2 Service Mgr DiscoverTreasure; C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugincontainer.exe [775392 2015-12-26] () <==== ATTENTION
2015-12-27 01:25 - 2015-12-27 01:25 - 00003056 _____ C:\Windows\System32\Tasks\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\ProgramData\LuckyBrowse
2015-12-27 01:25 - 2015-12-27 01:25 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
2015-12-27 01:24 - 2015-12-27 01:24 - 00000000 ____D C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
2015-12-27 01:24 - 2015-12-27 01:24 - 00000000 ____D C:\Program Files (x86)\Discover Treasure
2012-12-08 18:20 - 2012-12-08 18:20 - 0000032 RSHOT () C:\Users\Mesh\AppData\Local\t65s2tb.dat
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0CACA7A-4CD1-4E1C-ABD9-B4541F5D6970}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0CACA7A-4CD1-4E1C-ABD9-B4541F5D6970}" => key removed successfully
C:\Windows\System32\Tasks\LuckyBrowse => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyBrowse" => key removed successfully
C:\Program Files (x86)\LuckyBrowse => moved successfully
C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Mesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk => Shortcut argument removed successfully.
C:\Users\Mesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Aurora.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Aurora.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
"C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77" => not found.
"C:\Program Files (x86)\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77" => not found.
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf34d395-9ff1-49a0-98a5-8db1636431b1}" => key removed successfully
HKCR\CLSID\{cf34d395-9ff1-49a0-98a5-8db1636431b1} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfa55139-82af-4663-a19b-e135dac8d043} => key not found.
HKCR\Wow6432Node\CLSID\{bfa55139-82af-4663-a19b-e135dac8d043} => key not found.
"C:\Program Files (x86)\Discover Treasure" => not found.
Firefox "homepage" removed successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\user.js => moved successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\user.js => moved successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\g4f0kqkw.default-1441441600492\user.js => moved successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\user.js => moved successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\searchplugins\search-simple.xml => moved successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\bingp.xml => moved successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\search-simple.xml => moved successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => value removed successfully
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\y5ffwpys.default-1443258431762\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi => not found.
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\g4f0kqkw.default-1441441600492\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi => not found.
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{e9c94edb-860e-4318-8a92-be5f2dee566e}.xpi => not found.
Chrome HomePage => not found.
Chrome StartupUrls => not found.
Chrome DefaultSearchURL => not found.
Update Mgr DiscoverTreasure => service not found.
Service Mgr DiscoverTreasure => service not found.
"C:\Windows\System32\Tasks\LuckyBrowse" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse => moved successfully
C:\ProgramData\LuckyBrowse => moved successfully
"C:\Program Files (x86)\LuckyBrowse" => not found.
"C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77" => not found.
"C:\Program Files (x86)\Discover Treasure" => not found.
C:\Users\Mesh\AppData\Local\t65s2tb.dat => moved successfully
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:42:06 ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odlicno

Mozes obrisati FRST, kao i C:\FRST folder. To bi bilo to.