Problem sa otvaranjem početne stranice u Mozili

1

Problem sa otvaranjem početne stranice u Mozili

offline
  • Pridružio: 05 Jul 2005
  • Poruke: 201

Pozdrav svima, ovu temu sam postavio u ''internet klijenti'' ali su me obavestili da je prebacim ovde kod vas u ambulantu.Imam problem sa početnom stranicom na Mozili.Podešena je u opcijama na ''google.rs'' međutim čim resetujem mozilu i svaki sledeći ulazak na nju otvara mi neki ruski sajt ''mail.ru''.Uvek kada kliknem dugme home on mi otvori ''mail.ru'', u opcijama iako pre toga podesim home page da bude ''google.rs'' otvara se ovaj drugi sajt.Kada uđem u podešavanja umesto google.rs stoji mail.ru.Reistalirao sam mozilu, brisao sam iz registra sve što je napisano ''mail.ru'' al ne pomaže i dalje otvara ovaj sajt.Kako da ga blokiram ili da ga uklonim ako sve ovo što sam uradio nije pomoglo. Računar je starije generacije P4, procesor na 3GHz, 1,5 gb ram memorije, grafika ati 9550 512 mb, OS XP sp3 gold edition, antivirusni program NOD Eset Smart Security 4.
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
Ran by dejo (administrator) on DEJO-55AA6AB813 (13-09-2016 17:28:09)
Running from D:\Instalacije
Loaded Profiles: dejo (Available Profiles: dejo)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(H+H Software GmbH) C:\Program Files\Virtual CD v4\System\VCDSecS.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(H+H Software GmbH) C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
() C:\Program Files\LClock\LClock.exe
() C:\Program Files\RocketDock\RocketDock.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-03-01] ()
HKLM\...\Run: [CmPCIaudio] => RunDll32 CMICNFG3.CPL,CMICtrlWnd
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2054360 2009-11-16] (ESET)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [561263 2010-05-21] ()
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [VCDPlayer] => C:\Program Files\Virtual CD v4\System\VCDPlay.exe [94208 2002-09-16] (H+H Software GmbH)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-07-08] (ATI Technologies Inc.)
HKU\S-1-5-20\...\Run: [True Transparency] => "C:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
HKU\S-1-5-20\...\Run: [LClock] => C:\Program Files\LClock\LClock.exe [65536 2004-09-19] ()
HKU\S-1-5-20\...\RunOnce: [nltide_3] => C:\WINDOWS\system32\advpack.dll [124928 2008-04-27] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-329068152-436374069-1177238915-1004\...\Run: [LClock] => C:\Program Files\LClock\lclock.exe [65536 2004-09-19] ()
HKU\S-1-5-21-329068152-436374069-1177238915-1004\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-329068152-436374069-1177238915-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [True Transparency] => "C:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
HKU\S-1-5-18\...\Run: [LClock] => C:\Program Files\LClock\LClock.exe [65536 2004-09-19] ()
HKU\S-1-5-18\...\RunOnce: [nltide_3] => C:\WINDOWS\system32\advpack.dll [124928 2008-04-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{1A84AB45-4684-42E2-AEB3-A075E57C7D9B}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-436374069-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-329068152-436374069-1177238915-1004 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
SearchScopes: HKU\S-1-5-21-329068152-436374069-1177238915-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-329068152-436374069-1177238915-1004 -> {2C806C00-4E04-4628-9083-0AFEA195EA4F} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-329068152-436374069-1177238915-1004 -> {9FF74B9D-16AB-4B83-9926-50FA7AF58542} URL = hxxp://search.eshield.com/serp?guid={ECAC88E3-879D-46BA-B7CA-244E11235CF8}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1177238915-1004 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25] (Sun Microsystems, Inc.)
BHO: No Name -> {8E8F97CD-60B5-456F-A201-73065652D099} -> No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default
FF NewTab: hxxp://www.trotux.com/?z=0f428badcda40b4c9f6897bgfzbq7qctczcg3zab5w&from=epf1&uid=WDCXWD5000AAKS-00A7B2_WD-WCAT0062991529915&type=hp
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=trotux
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=811001
FF Keyword.URL: undefined://undefined/
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-09-03]
FF Extension: (gomusix) - C:\Documents and Settings\dejo\Application Data\Mozilla\Firefox\Profiles\zpescydn.default\Extensions\ar1er-ewrgfdgomusix@jetpack.xpi [2016-06-26]
FF Extension: (GsearchFinder) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-06-24]
FF Extension: (gomusix) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\ar1er-ewrgfdgomusix@jetpack.xpi [2016-06-26]
FF Extension: (Домашняя страница Mail.Ru) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\homepage@mail.ru [2016-09-03]
FF Extension: (Поиск@Mail.Ru) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\search@mail.ru [2016-09-03]
FF Extension: (TSearch) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-06-26] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: (Eset Plugin) - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2016-06-18] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\1643101575.js [2016-09-12] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\1643101575.cfg [2016-09-12] <==== ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2010-05-21] (Atheros) [File not signed]
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [573440 2008-07-08] (ATI Technologies Inc.) [File not signed]
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-11-16] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [735960 2009-11-16] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 idsvc; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 VCDSecS; C:\Program Files\Virtual CD v4\System\vcdsecs.exe [40960 2002-09-16] (H+H Software GmbH) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2008-04-27] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2008-04-27] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3257344 2008-07-08] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cmuda3; C:\WINDOWS\System32\drivers\cmuda3.sys [801280 2004-09-24] (C-Media Inc) [File not signed]
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [116520 2009-11-16] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [108792 2009-11-16] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [135048 2009-11-16] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [33096 2009-06-19] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [55768 2009-11-16] (ESET)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 si3114r5; C:\WINDOWS\System32\DRIVERS\Si3114r5.sys [209200 2007-02-07] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [10368 2004-11-01] (Silicon Image, Inc.)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [5504 2006-10-18] (Silicon Image, Inc.)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361344 2008-04-27] (Microsoft Corporation) [File not signed]
S3 ts_arnusb; C:\WINDOWS\System32\DRIVERS\ts_arnusb.sys [1613512 2014-03-22] (TamoSoft)
R1 vcdmpdrv; C:\WINDOWS\System32\DRIVERS\vcdmpdrv.sys [49296 2002-09-24] (H+H Software GmbH) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 VIAMRAID; C:\WINDOWS\System32\DRIVERS\viamraid.sys [117248 2008-01-22] (VIA Technologies inc,.ltd) [File not signed]
R0 VIDEX32; C:\WINDOWS\system32\Drivers\VIDEX32.sys [9216 2008-04-27] (VIA Technologies, Inc.) [File not signed]
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2010-05-21] (Atheros Communications, Inc.) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2008-04-27] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2008-04-27] (Microsoft Corporation) [File not signed]
S4 IntelIde; no ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-03-01] () [File not signed]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 17:28 - 2016-09-13 17:28 - 00000000 ____D C:\FRST
2016-09-12 20:41 - 2016-09-12 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Webitar Production Inc
2016-09-11 19:31 - 2016-09-11 19:31 - 00000000 ____D C:\Documents and Settings\dejo\Local Settings\Application Data\Gearbox Software
2016-09-11 18:13 - 2016-09-12 20:41 - 00000854 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-11 18:13 - 2016-09-11 18:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-03 11:29 - 2016-09-03 11:30 - 00021840 ____T C:\WINDOWS\system32\SIntfNT.dll
2016-09-03 11:29 - 2016-09-03 11:30 - 00017212 ____T C:\WINDOWS\system32\SIntf32.dll
2016-09-03 11:29 - 2016-09-03 11:30 - 00012067 ____T C:\WINDOWS\system32\SIntf16.dll
2016-09-03 11:25 - 2016-09-03 11:25 - 00000122 _____ C:\WINDOWS\SIERRA.INI
2016-09-03 11:18 - 2016-09-10 00:19 - 00000546 _____ C:\WINDOWS\Tasks\Prervasghonert Reports.job
2016-09-03 10:36 - 2016-09-03 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-09-03 10:36 - 2016-09-03 10:36 - 00000000 ____D C:\Documents and Settings\dejo\Application Data\MailProducts
2016-09-03 10:35 - 2016-09-03 11:05 - 00000000 ____D C:\Program Files\Mail.Ru
2016-09-03 10:35 - 2016-09-03 11:05 - 00000000 ____D C:\Documents and Settings\dejo\Local Settings\Application Data\Mail.Ru
2016-09-03 10:35 - 2016-09-03 10:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mail.Ru
2016-08-27 13:22 - 2016-08-27 13:22 - 00000000 _____ C:\WINDOWS\Pool.INI
2016-08-27 12:31 - 2016-08-27 12:31 - 00031832 _____ (Phoenix Technologies) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
2016-08-27 12:31 - 2016-08-27 12:31 - 00000000 ____D C:\Documents and Settings\dejo\Local Settings\Application Data\eSupport.com
2016-08-27 12:30 - 2001-08-17 12:48 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2016-08-21 20:38 - 2016-08-21 20:38 - 00000000 ____D C:\Documents and Settings\dejo\Start Menu\Programs\IGI 2 - Covert Strike
2016-08-18 18:28 - 2016-08-18 18:28 - 00000000 ____D C:\Documents and Settings\dejo\My Documents\Virtual CDs
2016-08-18 18:25 - 2016-08-18 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Activision Value
2016-08-16 20:48 - 2016-08-16 20:48 - 00000000 ____D C:\Documents and Settings\dejo\My Documents\My Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 17:28 - 2016-06-18 22:49 - 00000000 ____D C:\Documents and Settings\dejo\Local Settings\Temp
2016-09-13 16:52 - 2016-06-26 22:50 - 00000292 _____ C:\WINDOWS\Tasks\DriverMaxWelcomes.job
2016-09-13 16:52 - 2016-06-18 22:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-13 16:52 - 2015-09-04 21:45 - 00003568 _____ C:\WINDOWS\system32\ativvaxx.cap
2016-09-13 16:52 - 2001-08-23 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-13 01:43 - 2016-06-18 23:40 - 00458752 _____ C:\WINDOWS\system32\config\ACS.evt
2016-09-13 01:43 - 2016-06-18 22:49 - 00000278 ___SH C:\Documents and Settings\dejo\ntuser.ini
2016-09-13 01:43 - 2016-06-18 22:49 - 00000000 ____D C:\Documents and Settings\dejo\Application Data\uTorrent
2016-09-13 01:43 - 2016-06-18 22:47 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt
2016-09-13 01:33 - 2016-07-01 14:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-12 21:47 - 2016-06-18 22:45 - 00000000 ____D C:\Program Files\Unlocker
2016-09-12 20:41 - 2016-06-26 21:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-12 19:55 - 2016-06-18 22:49 - 00000000 ____D C:\Documents and Settings\dejo
2016-09-11 23:00 - 2016-06-26 22:50 - 00000292 _____ C:\WINDOWS\Tasks\DriverMaxWelcome.job
2016-09-11 22:39 - 2016-06-19 00:21 - 00000000 ____D C:\WINDOWS\ime
2016-09-07 23:16 - 2016-06-18 23:08 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-09-03 10:36 - 2016-06-18 22:49 - 00000803 _____ C:\Documents and Settings\dejo\Start Menu\Programs\Internet Explorer.lnk
2016-08-29 12:33 - 2016-08-09 19:37 - 00000000 ____D C:\Documents and Settings\dejo\Application Data\ViberPC
2016-08-21 20:05 - 2016-06-19 00:21 - 00000000 ____D C:\WINDOWS\msagent
2016-08-18 18:28 - 2016-06-18 22:49 - 00000000 ___RD C:\Documents and Settings\dejo\My Documents
2016-08-15 19:52 - 2016-08-09 19:38 - 00000000 ____D C:\Documents and Settings\dejo\My Documents\ViberDownloads
2016-08-14 22:36 - 2016-06-19 00:27 - 00602906 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2016-06-29 20:18 - 2016-08-02 15:40 - 0021504 _____ () C:\Documents and Settings\dejo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-26 12:11 - 2016-06-26 12:11 - 0000016 _____ () C:\Documents and Settings\All Users\Application Data\mntemp
2016-06-26 12:11 - 2016-06-26 12:11 - 0004927 _____ () C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe

Some files in TEMP:
====================
C:\Documents and Settings\dejo\Local Settings\Temp\ICReinstall_InstallMonster_Download_Manager.exe
C:\Documents and Settings\dejo\Local Settings\Temp\utt10DD.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pozdrav!

Na pocetku bih te zamolio da obrises ovaj program:
Ask Toolbar

Nakon toga,

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-436374069-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-329068152-436374069-1177238915-1004 -> {9FF74B9D-16AB-4B83-9926-50FA7AF58542} URL = hxxp://search.eshield.com/serp?guid={ECAC88E3-879D-46BA-B7CA-244E11235CF8}&action=default_search&k={searchTerms}
FF NewTab: hxxp://www.trotux.com/?z=0f428badcda40b4c9f6897bgfzbq7qctczcg3zab5w&from=epf1&uid=WDCXWD5000AAKS-00A7B2_WD-WCAT0062991529915&type=hp
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=trotux
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=811001
FF Keyword.URL: undefined://undefined/
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-09-03]
FF Extension: (gomusix) - C:\Documents and Settings\dejo\Application Data\Mozilla\Firefox\Profiles\zpescydn.default\Extensions\ar1er-ewrgfdgomusix@jetpack.xpi [2016-06-26]
FF Extension: (GsearchFinder) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-06-24]
FF Extension: (gomusix) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\ar1er-ewrgfdgomusix@jetpack.xpi [2016-06-26]
FF Extension: (Домашняя страница Mail.Ru) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\homepage@mail.ru [2016-09-03]
FF Extension: (Поиск@Mail.Ru) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\search@mail.ru [2016-09-03]
FF Extension: (TSearch) - C:\Documents and Settings\dejo\Application Data\Profiles\ckt24824.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-06-26] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\1643101575.js [2016-09-12] <==== ATTENTION (Points to *.cfg file)
C:\Program Files\mozilla firefox\defaults\pref\1643101575.js
FF ExtraCheck: C:\Program Files\mozilla firefox\1643101575.cfg [2016-09-12] <==== ATTENTION
C:\Program Files\mozilla firefox\1643101575.cfg
2016-09-03 10:36 - 2016-09-03 10:36 - 00000000 ____D C:\Documents and Settings\dejo\Application Data\MailProducts
2016-09-03 10:35 - 2016-09-03 11:05 - 00000000 ____D C:\Program Files\Mail.Ru
2016-09-03 10:35 - 2016-09-03 11:05 - 00000000 ____D C:\Documents and Settings\dejo\Local Settings\Application Data\Mail.Ru
2016-09-03 10:35 - 2016-09-03 10:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mail.Ru
2016-08-27 12:31 - 2016-08-27 12:31 - 00000000 ____D C:\Documents and Settings\dejo\Local Settings\Application Data\eSupport.com
2016-06-26 12:11 - 2016-06-26 12:11 - 0000016 _____ () C:\Documents and Settings\All Users\Application Data\mntemp
2016-06-26 12:11 - 2016-06-26 12:11 - 0004927 _____ () C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
Task: C:\WINDOWS\Tasks\Prervasghonert Reports.job => C:\Program Files\Aromocult\peruther.exe
C:\Program Files\Aromocult
ShortcutWithArgument: C:\Documents and Settings\dejo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://tech-connect.biz/?ssid=1473705534&a=1106533&src=sh&uuid=518fa158-ede5-43f9-aeda-b2cb001e5f02,1473705507645"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://tech-connect.biz/?ssid=1473705534&a=1106533&src=sh&uuid=518fa158-ede5-43f9-aeda-b2cb001e5f02,1473705507645"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Activision Value\FUN labs\Dangerous Hunts\Dangerous Hunts.lnk -> D:\Igrice\DangerHunt\Launcher.exe () -> "hxxp://safesurfs.net/?ssid=1471801691&a=1077859&src=sh&uuid=6abd7792-421d-4d53-b0b0-c2f1d0faf1e7"
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\dejo\Local Settings\Application Data\TNT2\2.0.0.2100\TNT2User.exe] => Enabled:TNT2
StandardProfile\AuthorizedApplications: [C:\Program Files\LuckyBrowse\app\LuckyBrowse.exe] => Enabled:LuckyBrowse
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\dejo\Local Settings\Application Data\TNT2\2.0.0.2100\TNT2User.exe] => Enabled:TNT2
StandardProfile\AuthorizedApplications: [C:\Program Files\SrpnFiles\SrpnFiles.exe] => Enabled:SrpnFiles
C:\Program Files\SrpnFiles
C:\Program Files\LuckyBrowse
C:\Documents and Settings\dejo\Local Settings\Application Data\TNT2
StandardProfile\AuthorizedApplications: [C:\Program Files\SrpnFiles\downloader.exe] => Enabled:SrpnFiles
Hosts:
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 05 Jul 2005
  • Poruke: 201

Ne dozvoljava mi uninstal, izbacuje mi sledeće prozorčiće.


offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Nista, u tom slucaju, uradi ostala uputstva iz mog posta, pa cemo se time pozabaviti posle.

offline
  • Pridružio: 05 Jul 2005
  • Poruke: 201

Rešen je problem sa početnom stranom poštujući prethodna uputstva, evo postavljam ovaj drugi log fajl.
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

U redu, sada isprati ovo uputstvo.

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Pridružio: 05 Jul 2005
  • Poruke: 201

Evo fajla
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Reci mi, kakvo je sada stanje? Da li i dalje imas probleme koje si imao?
Proveri da li je AskToolbar obrisan (trebalo bi da jeste).

Nakon toga,

Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 05 Jul 2005
  • Poruke: 201

Evo ovih fajlova, našao je jednu infekciju!
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Reci mi, kakvo je sada stanje?

Da li i dalje imas probleme koje si imao?
Da li je uklonjen AskToolbar?

Ko je trenutno na forumu
 

Ukupno su 1109 korisnika na forumu :: 31 registrovanih, 7 sakrivenih i 1071 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., bladesu, BORUTUS, Bubimir, bufanje, draganl, Duh sa sekirom, FOX, goxin, GveX, havoc995, Istman, kinez88, kybonacci, Lucije Kvint, mackenzie, menges, naki011, pedja.st, sevenino, Sir Budimir, Sirius, Stanlio, styg, uruk, virked, VP6919, YU-UKI, |_MeD_|, 223223