Molim za pomoc

Molim za pomoc

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 112

Napisano: 16 Jan 2017 18:18

Treba mi pomoc za drugarov racunar

1.browserModifier:win32/kipodtoolscby

2.hacktool:win32/keygen

3.Trojan:win32/rundas!plock

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by Pex (administrator) on PEX-PC (16-01-2017 18:12:36)
Running from C:\Users\Pex\Desktop
Loaded Profiles: Pex (Available Profiles: Pex)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27214296 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\...\MountPoints2: {7a6076d8-f72a-11e3-90fe-6cf0490b8dc3} - G:\setup.exe
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\...\MountPoints2: {911d97f1-87a9-11e6-9ec6-6cf0490b8dc3} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\...\MountPoints2: {cfa6ae93-f726-11e3-8ca2-6cf0490b8dc3} - I:\LGAutoRun.exe
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk [2014-07-05]
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{82881CB6-7A48-423D-8AAB-FC4AC66DB732}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131289877733699724&GUID=8F5F8796-413E-487B-B4F8-F1BF91B62319
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2177309800-2805517138-2395984326-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2177309800-2805517138-2395984326-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2177309800-2805517138-2395984326-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150415__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2177309800-2805517138-2395984326-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-10] (Oracle Corporation)
BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Pex\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-01-13] (Mail.Ru)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-10] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Pex\AppData\Roaming\Mozilla\Firefox\Profiles\gcfj4yws.default [2017-01-16]
FF NewTab: Mozilla\Firefox\Profiles\gcfj4yws.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gcfj4yws.default -> Поиск@Mail.Ru
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\gcfj4yws.default -> default-search.net
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gcfj4yws.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\gcfj4yws.default -> hxxps://www.google.rs/
FF Keyword.URL: Mozilla\Firefox\Profiles\gcfj4yws.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B4653C656-BA05-4A88-9E61-A5328589CFC2%7D&gp=811037
FF SearchPlugin: C:\Users\Pex\AppData\Roaming\Mozilla\Firefox\Profiles\gcfj4yws.default\searchplugins\google-default.xml [2015-04-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2177309800-2805517138-2395984326-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=503&aid=101&itype=a&ver=13337&tm=385&src=hmp"
CHR DefaultSearchURL: Default -> hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default [2017-01-15]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-01-14]
CHR Extension: (uTorrentControl_v6) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2014-06-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3289075&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Adobe Acrobat) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-13]
CHR Extension: (Skype) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-26]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-01-14]
CHR Extension: (Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Pex\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Pex\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-07-04] (Autodesk)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-10-31] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
S3 mi-raysat_3dsmax2015_64; H:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-18] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [862704 2014-06-18] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 18:12 - 2017-01-16 18:13 - 00018860 _____ C:\Users\Pex\Desktop\FRST.txt
2017-01-16 18:12 - 2017-01-16 18:12 - 00000000 ____D C:\FRST
2017-01-16 18:12 - 2017-01-16 18:11 - 02419200 _____ (Farbar) C:\Users\Pex\Desktop\FRST64.exe
2017-01-13 22:01 - 2017-01-13 22:04 - 00000000 ____D C:\Program Files (x86)\Mail.Ru
2017-01-13 22:00 - 2017-01-13 22:04 - 00000000 ____D C:\Users\Pex\AppData\Local\Mail.Ru
2017-01-13 22:00 - 2017-01-13 22:00 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-01-13 21:59 - 2017-01-13 21:59 - 00003588 _____ C:\Windows\System32\Tasks\WinCSS
2017-01-13 21:53 - 2017-01-13 21:53 - 00000000 ____D C:\Users\Pex\AppData\Local\UnrealEngine
2017-01-13 21:53 - 2017-01-13 21:53 - 00000000 ____D C:\Users\Pex\AppData\Local\FishingGame
2017-01-13 21:44 - 2017-01-13 21:44 - 00001273 _____ C:\Users\Pex\Desktop\Euro Fishing.lnk
2017-01-13 21:44 - 2017-01-13 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Fishing
2017-01-13 19:42 - 2017-01-13 19:42 - 00000000 ____D C:\Users\Pex\AppData\Roaming\Milestone
2017-01-13 19:40 - 2017-01-13 19:40 - 00000653 _____ C:\Users\Public\Desktop\WRC 4 FIA World Rally Championship.lnk
2017-01-13 19:40 - 2017-01-13 19:40 - 00000653 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WRC 4 FIA World Rally Championship.lnk
2017-01-11 20:46 - 2017-01-11 20:46 - 00001737 _____ C:\Users\Public\Desktop\3ds Max 2015.lnk
2017-01-11 20:46 - 2017-01-11 20:46 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-01-11 17:56 - 2017-01-11 17:56 - 00000000 ____D C:\Users\Pex\Tracing
2017-01-10 19:48 - 2017-01-13 18:01 - 00000000 ___HD C:\Users\Pex\AppData\Local\CrashDumps
2017-01-10 17:31 - 2017-01-10 17:32 - 01352381 _____ C:\Users\Pex\Downloads\znaci video.mp4
2017-01-09 22:13 - 2016-11-14 13:30 - 01756560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-01-09 22:13 - 2016-11-14 13:30 - 01316136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-01-09 22:13 - 2016-11-14 13:30 - 00112168 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-01-09 22:11 - 2016-11-14 10:45 - 00615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-01-09 22:05 - 2016-11-14 13:30 - 31523384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 24208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 23000000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 17559384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 16128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 15301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 13915720 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 13826968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 12905016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-01-09 22:05 - 2016-11-14 13:30 - 11270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 11208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 04253240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 03995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 01908272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434201.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 01557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434201.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 00951232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 00913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 00909760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 00876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 00104512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-01-09 22:05 - 2016-11-14 13:30 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-12-25 18:58 - 2017-01-11 19:16 - 00000000 ____D C:\Users\Pex\Documents\3dsMaxDesign
2016-12-25 18:57 - 2017-01-11 20:00 - 00000000 ____D C:\Program Files\Autodesk
2016-12-25 18:48 - 2016-12-25 18:48 - 00000508 _____ C:\Users\Pex\Documents\Autodesk 3ds Max Setup Launcher.html
2016-12-18 21:46 - 2016-12-18 21:46 - 00000000 ____D C:\Users\Pex\Documents\Direct Connect
2016-12-18 21:16 - 2017-01-11 20:14 - 00000000 ____D C:\Users\Pex\Documents\3dsMax
2016-12-18 21:12 - 2016-12-18 21:12 - 00000000 ____D C:\Users\Pex\Documents\Autodesk Application Manager
2016-12-18 21:10 - 2017-01-11 21:01 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-12-18 16:48 - 2016-12-18 16:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 18:02 - 2014-10-27 20:51 - 00000000 ____D C:\Users\Pex\AppData\Roaming\Skype
2017-01-16 17:24 - 2014-06-23 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-16 08:58 - 2009-07-14 05:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-16 08:58 - 2009-07-14 05:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-16 08:45 - 2016-11-18 07:55 - 00000000 ____D C:\Users\Pex\AppData\LocalLow\Mozilla
2017-01-16 08:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-16 08:38 - 2014-06-04 20:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-15 22:02 - 2014-02-17 16:13 - 00001072 _____ C:\Users\Pex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-15 22:02 - 2014-02-17 16:13 - 00001042 _____ C:\Users\Pex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-01-15 10:39 - 2014-09-30 17:41 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AA0CEE9E-6DF8-4046-8DAD-CEAFBFBA601F}
2017-01-14 09:41 - 2014-03-01 18:25 - 00000000 ____D C:\Users\Pex\AppData\Local\Unity
2017-01-13 22:00 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-13 22:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-01-13 19:35 - 2015-11-21 11:26 - 00000000 ____D C:\Users\Pex\AppData\LocalLow\uTorrent
2017-01-13 19:35 - 2014-03-22 16:38 - 00000000 ____D C:\Users\Pex\AppData\Roaming\uTorrent
2017-01-13 19:00 - 2014-06-25 20:06 - 00000000 ____D C:\Users\Pex\Documents\SH5
2017-01-13 09:47 - 2015-12-24 21:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-13 09:46 - 2014-12-24 12:03 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 08:41 - 2009-07-14 05:45 - 02408824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-11 21:46 - 2014-07-04 22:06 - 00000000 ____D C:\Users\Pex\AppData\Roaming\Autodesk
2017-01-11 21:09 - 2014-07-05 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-01-11 21:01 - 2014-07-04 22:03 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-01-11 20:07 - 2009-07-14 03:34 - 00017570 _____ C:\Windows\system32\Drivers\etc\services
2017-01-11 20:06 - 2014-11-23 13:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-11 20:05 - 2014-07-05 11:35 - 00000000 ____D C:\ProgramData\Autodesk
2017-01-11 18:20 - 2009-07-14 06:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-11 18:06 - 2014-07-05 15:56 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 18:03 - 2014-07-05 15:56 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-11 17:56 - 2014-02-17 16:12 - 00000000 ___HD C:\Users\Pex
2017-01-11 10:50 - 2014-06-04 20:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-10 22:25 - 2014-06-23 17:58 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 22:25 - 2014-06-23 17:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 22:25 - 2014-06-23 17:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 22:24 - 2014-07-05 11:45 - 00000000 ___HD C:\Users\Pex\AppData\Local\Microsoft Help
2017-01-10 22:24 - 2014-06-23 17:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 22:24 - 2014-06-23 17:58 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 22:06 - 2014-06-20 11:06 - 00000000 ____D C:\2-click run
2017-01-10 06:29 - 2016-11-06 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American Truck Simulator
2017-01-10 06:29 - 2015-03-08 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus & Cable Car Simulator - San Francisco
2017-01-10 06:29 - 2014-12-31 13:28 - 00000000 ____D C:\Users\Pex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Buzz Aldrins Space Program Manager
2017-01-10 06:29 - 2014-11-12 18:42 - 00000000 ____D C:\Users\Pex\Documents\Ubisoft
2017-01-10 06:29 - 2014-11-12 18:41 - 00000000 ____D C:\Users\Pex\AppData\Roaming\Driver - San Francisco
2017-01-10 06:29 - 2014-07-06 08:33 - 00000000 ____D C:\Users\Pex\AppData\Roaming\Back To The Future - The Game
2017-01-10 06:29 - 2014-07-05 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIG Entertainment
2017-01-10 06:29 - 2014-06-24 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2017-01-10 06:29 - 2014-06-22 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012
2017-01-10 06:29 - 2014-06-21 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-01-10 06:29 - 2014-06-21 21:27 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2017-01-10 06:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-01-09 22:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-09 22:14 - 2014-06-26 22:06 - 00000000 ____D C:\Users\Pex\AppData\Local\NVIDIA Corporation
2017-01-09 22:12 - 2014-10-27 19:08 - 00000000 ____D C:\Temp
2017-01-09 22:12 - 2014-06-04 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-09 22:12 - 2014-06-04 20:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-07 22:11 - 2014-11-12 18:42 - 00000000 ____D C:\ProgramData\Orbit
2017-01-07 22:05 - 2014-07-06 08:35 - 00000000 ____D C:\Users\Pex\Documents\Telltale Games
2017-01-03 13:38 - 2014-06-23 17:58 - 00000000 ____D C:\Users\Pex\AppData\Roaming\Adobe
2017-01-03 12:03 - 2015-10-19 17:36 - 00486590 _____ C:\Users\Pex\Desktop\INŽENJERSKE oglas.psd
2016-12-25 19:24 - 2014-07-05 11:35 - 00000000 ___HD C:\Users\Pex\AppData\Local\Autodesk
2016-12-25 18:44 - 2014-09-04 22:14 - 00000000 ___HD C:\Users\Pex\AppData\Local\ElevatedDiagnostics
2016-12-25 18:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-25 18:42 - 2014-09-04 22:14 - 00000000 ___HD C:\Users\Pex\AppData\Local\Diagnostics
2016-12-18 21:51 - 2014-10-31 13:40 - 00000000 ____D C:\ProgramData\FLEXnet
2016-12-18 21:25 - 2016-10-28 07:16 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{eba08c01-9c68-11e6-aab8-6cf0490b8dc3}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 21:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\winsxs
2016-12-18 21:03 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\assembly
2016-12-18 21:02 - 2009-07-14 06:13 - 00794418 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-18 21:02 - 2009-07-14 03:36 - 00661332 _____ C:\Windows\system32\perfh009.dat
2016-12-18 21:02 - 2009-07-14 03:36 - 00121730 _____ C:\Windows\system32\perfc009.dat
2016-12-18 21:01 - 2014-06-04 20:33 - 00766266 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-18 21:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
2016-12-18 21:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\en-US
2016-12-17 11:04 - 2014-02-17 16:32 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 11:04 - 2014-02-17 16:32 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-11-15 16:04 - 2014-11-15 16:04 - 6000640 _____ () C:\Program Files (x86)\GUT17DB.tmp
2014-06-18 23:03 - 2014-06-28 16:36 - 0000376 _____ () C:\Users\Pex\AppData\Roaming\Microsoft\IMG_61846_359718.jpg
2014-06-26 20:07 - 2014-06-26 20:07 - 0000017 ____H () C:\Users\Pex\AppData\Local\resmon.resmoncfg
2014-06-28 16:43 - 2014-06-28 16:43 - 0370933 _____ () C:\ProgramData\1403969865.bdinstall.bin
2014-07-29 17:30 - 2014-07-29 17:30 - 0210150 _____ () C:\ProgramData\1406651219.bdinstall.bin
2014-07-29 17:47 - 2014-07-29 17:47 - 0175239 _____ () C:\ProgramData\1406652144.bdinstall.bin
2014-07-29 17:56 - 2014-07-29 17:56 - 0330266 _____ () C:\ProgramData\1406652738.bdinstall.bin
2014-07-31 11:39 - 2014-07-31 11:39 - 0210399 _____ () C:\ProgramData\1406803085.bdinstall.bin
2014-07-31 12:07 - 2014-07-31 12:07 - 0366641 _____ () C:\ProgramData\1406804564.bdinstall.bin
2014-11-01 14:56 - 2014-11-01 14:56 - 0209931 _____ () C:\ProgramData\1414850118.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-03 12:35

==================== End of FRST.txt ============================

Antivirus mi je detektovao ova tri virusa ali nikako ne mogu da ih obrisem


mycity.rs/must-login.png

Dopuna: 17 Jan 2017 12:12

Jel moze pomoc za ovo?
Hvala.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Zdravo,

Arrow Deinstaliraj preko Control Panela sledece:
Settings Manager
Softonic for Windows


Arrow Uradi back up bookmarkova u Chromu i Firefoxu za svaki slucaj.


Arrow 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
C:\Program Files (x86)\Settings Manager
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2177309800-2805517138-2395984326-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2177309800-2805517138-2395984326-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Pex\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-01-13] (Mail.Ru)
C:\Users\Pex\AppData\Local\Mail.Ru
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gcfj4yws.default -> Поиск@Mail.Ru
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\gcfj4yws.default -> default-search.net
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gcfj4yws.default -> Поиск@Mail.Ru
FF Keyword.URL: Mozilla\Firefox\Profiles\gcfj4yws.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B4653C656-BA05-4A88-9E61-A5328589CFC2%7D&gp=811037
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=503&aid=101&itype=a&ver=13337&tm=385&src=hmp"
CHR DefaultSearchURL: Default -> hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-01-14]
CHR Extension: (uTorrentControl_v6) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2014-06-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3289075&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-01-14]
CHR Extension: (Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-01-14]
CHR HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Pex\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Pex\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
Task: {55F4CAAF-54AC-45B8-AD97-411639678996} - System32\Tasks\WinCSS => Firefox.exe hxxp://cssnews.ru/salessm
ShortcutWithArgument: C:\Users\Pex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
C:\Program Files (x86)\Mail.Ru
C:\Users\Pex\AppData\Local\Mail.Ru
C:\ProgramData\Mail.Ru
C:\Windows\System32\Tasks\WinCSS
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Pex\Downloads\CheatEngine64.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\driver_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\ML-1200_Win7.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\mseinstall.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\vlc-2.1.3-win32.exe:BDU [0]
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 112

Prva dva programa nisam ni imao instalirana , bili su short katovi na desktopu , verovatno sam ih puno ranije reinstalirao.

uradio sam po upustvima sve sto si trazio ,

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by Pex (17-01-2017 20:23:07) Run:1
Running from C:\Users\Pex\Desktop
Loaded Profiles: Pex (Available Profiles: Pex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
C:\Program Files (x86)\Settings Manager
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2177309800-2805517138-2395984326-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2177309800-2805517138-2395984326-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
BHO-x32: Ïîčñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Pex\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-01-13] (Mail.Ru)
C:\Users\Pex\AppData\Local\Mail.Ru
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gcfj4yws.default -> Поиск@Mail.Ru
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\gcfj4yws.default -> default-search.net
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gcfj4yws.default -> Поиск@Mail.Ru
FF Keyword.URL: Mozilla\Firefox\Profiles\gcfj4yws.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B4653C656-BA05-4A88-9E61-A5328589CFC2%7D&gp=811037
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=503&aid=101&itype=a&ver=13337&tm=385&src=hmp"
CHR DefaultSearchURL: Default -> hxxp://www.default-search.net/search?sid=503&aid=101&itype=a&ver=13337&tm=385&src=ds&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-01-14]
CHR Extension: (uTorrentControl_v6) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2014-06-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3289075&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-01-14]
CHR Extension: (Mail.Ru) - C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-01-14]
CHR HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Pex\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Pex\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
Task: {55F4CAAF-54AC-45B8-AD97-411639678996} - System32\Tasks\WinCSS => Firefox.exe hxxp://cssnews.ru/salessm
ShortcutWithArgument: C:\Users\Pex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
C:\Program Files (x86)\Mail.Ru
C:\Users\Pex\AppData\Local\Mail.Ru
C:\ProgramData\Mail.Ru
C:\Windows\System32\Tasks\WinCSS
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Pex\Downloads\CheatEngine64.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\driver_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\ML-1200_Win7.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\mseinstall.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Pex\Downloads\vlc-2.1.3-win32.exe:BDU [0]
EmptyTemp:
*****************

Restore point was successfully created.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value not found.
"C:\Program Files (x86)\Settings Manager" => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} => key not found.
HKCR\Wow6432Node\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} => key not found.
"C:\Users\Pex\AppData\Local\Mail.Ru" => not found.
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gcfj4yws.default -> Поиск@Mail.Ru => not found
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\gcfj4yws.default -> default-search.net => not found
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gcfj4yws.default -> Поиск@Mail.Ru => not found
Firefox "Keyword.URL" removed successfully
Chrome HomePage => not found.
Chrome StartupUrls => not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultSuggestURL => not found.
C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof => not found
C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp <==== ATTENTION => not found
C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj => not found
C:\Users\Pex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd => not found
HKU\S-1-5-21-2177309800-2805517138-2395984326-1000\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => key not found.
C:\Users\Pex\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => key not found.
"C:\Users\Pex\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55F4CAAF-54AC-45B8-AD97-411639678996} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55F4CAAF-54AC-45B8-AD97-411639678996} => key removed successfully
C:\Windows\System32\Tasks\WinCSS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinCSS => key removed successfully
C:\Users\Pex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => not found.
"C:\Program Files (x86)\Mail.Ru" => not found.
"C:\Users\Pex\AppData\Local\Mail.Ru" => not found.
"C:\ProgramData\Mail.Ru" => not found.
"C:\Windows\System32\Tasks\WinCSS" => not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\Users\Pex\Downloads\CheatEngine64.exe => ":BDU" ADS removed successfully.
C:\Users\Pex\Downloads\driver_setup.exe => ":BDU" ADS removed successfully.
C:\Users\Pex\Downloads\ML-1200_Win7.exe => ":BDU" ADS removed successfully.
C:\Users\Pex\Downloads\mseinstall.exe => ":BDU" ADS removed successfully.
C:\Users\Pex\Downloads\SkypeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Pex\Downloads\vlc-2.1.3-win32.exe => ":BDU" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 252322813 B
Java, Flash, Steam htmlcache => 744 B
Windows/system/drivers => 619545313 B
Edge => 0 B
Chrome => 0 B
Firefox => 199449278 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 1677710 B
systemprofile32 => 8461196 B
LocalService => 132244 B
NetworkService => 19016132 B
Pex => 93003364 B

RecycleBin => 1556 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:25:01 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"


--------------

Javi i stanje.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 112

Prvo da se zahvalim na izdvojenom vremenu , evo izvestaj
mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Vau, nisam video cistiji AdwCleaner log u zivotu. Very Happy

Kakvo je sad stanje?

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 112

Za sada radi sve perfektno, hvala jos jednom.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Odlicno.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 112

Sve je obrisao , hvala jos jednom na vremenu .

Ko je trenutno na forumu
 

Ukupno su 451 korisnika na forumu :: 8 registrovanih, 3 sakrivenih i 440 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ageofloneliness, babaroga, Kichma, laurusri, Milometer, ruma, SlaKoj, zziko