Nželjena web adresa u Chrome, na Win 7 - 64bit

Nželjena web adresa u Chrome, na Win 7 - 64bit

offline
  • Зо&#10
  • Pridružio: 03 Sep 2005
  • Poruke: 76
  • Gde živiš: Nis

Nakon pokušaja već ovde datih i obrađenih pomoći, resetovanja i nove instalacije, nisam uspeo da uklonim krlju koja se zalepila.
Kod Mozile je uspelo.





mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Da li si ti instalirao 360 Total Security?

offline
  • Зо&#10
  • Pridružio: 03 Sep 2005
  • Poruke: 76
  • Gde živiš: Nis

Napisano: 12 Apr 2016 14:52

Da
360 Total Security

Dopuna: 12 Apr 2016 14:55

Bio AVG
Iznervila lo me uporno prekriven " KUPI ME ODMAH ". Tako da nisam mogao da vidim radnje koje obavlja.

Dopuna: 12 Apr 2016 15:42

Prenebregao sam AdwCleaner ....
Uklonio je ne željenu adresu, ali još ne mogu podesiti " podrazumevani Chrome "

Dopuna: 12 Apr 2016 16:46

Uz praćenje svih do sadašnjih napisa i svesrdnu pomoć ljudi na MySity Ambulanti.
Uspeo sam da vratim sve kako bi trebalo biti.
Uz veliki pozdrav SVIMA. Hvala

P.S. Admin može obrisati ovu temu. REŠENO

Dopuna: 13 Apr 2016 19:19

NE

Ipak nešto ne štima. GUZ - Glavom U Zid

mycity.rs/must-login.png


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Task: {9624531A-192F-4C9B-BB2A-A03C35612145} - \Bidaily Synchronize Task -> No File <==== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2014-12-06] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
cmd: netsh winsock reset
AppInit_DLLs-x32: C:\ProgramData\Ronzap\Jobstrong.dll => No File
GroupPolicyUsers\S-1-5-21-3260126792-1423750981-341475327-1001\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3260126792-1423750981-341475327-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-04-11 19:07 - 2016-04-11 19:07 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-04-11 19:08 - 2015-08-03 14:46 - 00000008 __RSH C:\Users\Siemena\ntuser.pol
2016-04-11 17:39 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3260126792-1423750981-341475327-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3260126792-1423750981-341475327-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF NewTab: C:\\ProgramData\\sulpnars\\ff.NT
FF DefaultSearchEngine: findit
FF Homepage: about:home
2016-04-11 12:36 - 2016-04-11 12:36 - 00000000 ____D C:\Users\Siemena\AppData\Local\UCBrowser
2016-04-11 12:33 - 2016-04-12 10:31 - 00000000 ____D C:\Program Files (x86)\badu
2016-04-11 12:32 - 2016-04-12 09:10 - 00000000 ____D C:\Program Files\BitTorrent
2016-04-11 12:32 - 2016-04-11 12:32 - 00041472 _____ C:\Users\Siemena\AppData\Local\Runlux.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 06504960 _____ C:\Users\Siemena\AppData\Roaming\agent.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 01626416 _____ C:\Users\Siemena\AppData\Roaming\UnoFinis.tst
2016-04-11 12:30 - 2016-04-11 12:30 - 00126464 _____ C:\Users\Siemena\AppData\Roaming\noah.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 00126464 _____ C:\Users\Siemena\AppData\Roaming\lobby.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 00072699 _____ C:\Users\Siemena\AppData\Roaming\SumZoofresh.tst
2016-04-11 12:30 - 2016-04-11 12:30 - 00065424 _____ C:\Users\Siemena\AppData\Roaming\Config.xml
2016-04-11 12:30 - 2016-04-11 12:30 - 00054272 _____ C:\Users\Siemena\AppData\Roaming\ApplicationHosting.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 00018432 _____ C:\Users\Siemena\AppData\Roaming\Main.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 00005568 _____ C:\Users\Siemena\AppData\Roaming\md.xml
2016-04-11 11:06 - 2016-04-11 12:30 - 00199648 _____ C:\Users\Siemena\AppData\Roaming\inst.lat
2016-04-11 11:06 - 2016-04-11 12:30 - 00127488 _____ C:\Users\Siemena\AppData\Roaming\Installer.dat
2016-04-11 11:06 - 2016-04-11 12:30 - 00016992 _____ C:\Users\Siemena\AppData\Roaming\InstallationConfiguration.xml


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • &#1047;&#1086;&#10
  • Pridružio: 03 Sep 2005
  • Poruke: 76
  • Gde živiš: Nis

Napisano: 13 Apr 2016 22:46

mycity.rs/must-login.png

Dopuna: 13 Apr 2016 22:53

Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Siemena (2016-04-13 23:41:26) Run:1
Running from C:\Users\Siemena\Desktop
Loaded Profiles: Siemena (Available Profiles: Siemena & GOST & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
Task: {9624531A-192F-4C9B-BB2A-A03C35612145} - \Bidaily Synchronize Task -> No File <==== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2014-12-06] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
cmd: netsh winsock reset
AppInit_DLLs-x32: C:\ProgramData\Ronzap\Jobstrong.dll => No File
GroupPolicyUsers\S-1-5-21-3260126792-1423750981-341475327-1001\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3260126792-1423750981-341475327-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-04-11 19:07 - 2016-04-11 19:07 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-04-11 19:08 - 2015-08-03 14:46 - 00000008 __RSH C:\Users\Siemena\ntuser.pol
2016-04-11 17:39 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3260126792-1423750981-341475327-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3260126792-1423750981-341475327-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF NewTab: C:\\ProgramData\\sulpnars\\ff.NT
FF DefaultSearchEngine: findit
FF Homepage: about:home
2016-04-11 12:36 - 2016-04-11 12:36 - 00000000 ____D C:\Users\Siemena\AppData\Local\UCBrowser
2016-04-11 12:33 - 2016-04-12 10:31 - 00000000 ____D C:\Program Files (x86)\badu
2016-04-11 12:32 - 2016-04-12 09:10 - 00000000 ____D C:\Program Files\BitTorrent
2016-04-11 12:32 - 2016-04-11 12:32 - 00041472 _____ C:\Users\Siemena\AppData\Local\Runlux.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 06504960 _____ C:\Users\Siemena\AppData\Roaming\agent.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 01626416 _____ C:\Users\Siemena\AppData\Roaming\UnoFinis.tst
2016-04-11 12:30 - 2016-04-11 12:30 - 00126464 _____ C:\Users\Siemena\AppData\Roaming\noah.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 00126464 _____ C:\Users\Siemena\AppData\Roaming\lobby.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 00072699 _____ C:\Users\Siemena\AppData\Roaming\SumZoofresh.tst
2016-04-11 12:30 - 2016-04-11 12:30 - 00065424 _____ C:\Users\Siemena\AppData\Roaming\Config.xml
2016-04-11 12:30 - 2016-04-11 12:30 - 00054272 _____ C:\Users\Siemena\AppData\Roaming\ApplicationHosting.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 00018432 _____ C:\Users\Siemena\AppData\Roaming\Main.dat
2016-04-11 12:30 - 2016-04-11 12:30 - 00005568 _____ C:\Users\Siemena\AppData\Roaming\md.xml
2016-04-11 11:06 - 2016-04-11 12:30 - 00199648 _____ C:\Users\Siemena\AppData\Roaming\inst.lat
2016-04-11 11:06 - 2016-04-11 12:30 - 00127488 _____ C:\Users\Siemena\AppData\Roaming\Installer.dat
2016-04-11 11:06 - 2016-04-11 12:30 - 00016992 _____ C:\Users\Siemena\AppData\Roaming\InstallationConfiguration.xml
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9624531A-192F-4C9B-BB2A-A03C35612145}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9624531A-192F-4C9B-BB2A-A03C35612145}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task => key not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000002\\LibraryPath => restored successfully (%SystemRoot%\system32\napinsp.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000004\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\winrnr.dll)

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

"C:\ProgramData\Ronzap\Jobstrong.dll" => Value data removed successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3260126792-1423750981-341475327-1001\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3260126792-1423750981-341475327-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
catchme => service removed successfully
VGPU => service removed successfully
C:\ProgramData\ntuser.pol => moved successfully
C:\Users\Siemena\ntuser.pol => moved successfully
C:\Windows\system32\GroupPolicy => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-3260126792-1423750981-341475327-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-3260126792-1423750981-341475327-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox "homepage" removed successfully
C:\Users\Siemena\AppData\Local\UCBrowser => moved successfully
C:\Program Files (x86)\badu => moved successfully
C:\Program Files\BitTorrent => moved successfully
C:\Users\Siemena\AppData\Local\Runlux.dat => moved successfully
C:\Users\Siemena\AppData\Roaming\agent.dat => moved successfully
C:\Users\Siemena\AppData\Roaming\UnoFinis.tst => moved successfully
C:\Users\Siemena\AppData\Roaming\noah.dat => moved successfully
C:\Users\Siemena\AppData\Roaming\lobby.dat => moved successfully
C:\Users\Siemena\AppData\Roaming\SumZoofresh.tst => moved successfully
C:\Users\Siemena\AppData\Roaming\Config.xml => moved successfully
C:\Users\Siemena\AppData\Roaming\ApplicationHosting.dat => moved successfully
C:\Users\Siemena\AppData\Roaming\Main.dat => moved successfully
C:\Users\Siemena\AppData\Roaming\md.xml => moved successfully
C:\Users\Siemena\AppData\Roaming\inst.lat => moved successfully
C:\Users\Siemena\AppData\Roaming\Installer.dat => moved successfully
C:\Users\Siemena\AppData\Roaming\InstallationConfiguration.xml => moved successfully
EmptyTemp: => 488.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:41:58 ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno. Sada bi sve trebalo biti u redu?

offline
  • &#1047;&#1086;&#10
  • Pridružio: 03 Sep 2005
  • Poruke: 76
  • Gde živiš: Nis

Da. HVALA

Još uvek neka rezerva, ne znam da li je to sugestija.

Ne mogu nikako prebaciti Chrome za podrazumevani pregledač, ali to pitanje verovatno spada pod Windows pitanja...
HVQALA još jednom.

Ko je trenutno na forumu
 

Ukupno su 637 korisnika na forumu :: 11 registrovanih, 4 sakrivenih i 622 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Bobrock1, cikadeda, DPera, HrcAk47, Kenanjoz, Krvava Devetka, Lord Nem, nemkea71, slonic_tonic, zlaya011