Rambler

Rambler

offline
  • Pridružio: 28 Dec 2009
  • Poruke: 126

Imam problem sa pretrazivacem i ne mogu nikako da ga rijesim. Naime kada ukucam na google nesto i hocu da mi pronadje direktno mi prebaci na nekakvi ruski Rambler. Pokusao sam da ga pronadjem u programi i nisam nasao nikakav sumnjiv toolbar. Takodje u Mozilli sam isao na "Exstension" da vidim da nije dodao ali bez uspjeha. Je li se neko susretao sa slicnim problemom ?? Prisutan je na Mozilli i na Chrome, jedino na Internet explorer mogu normalno da pretrazujem.


mycity.rs/must-login.png


mycity.rs/must-login.png



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by PC (administrator) on 132FOJMQ5XM3T5H (19-01-2017 16:41:51)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC & UpdatusUser (Available Profiles: PC & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1153448 2016-08-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-18\...\Run: [] => 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{060AFE0A-B564-4B80-9775-E4D1BECDCA89}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3841987362-15127488-506806976-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3841987362-15127488-506806976-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3841987362-15127488-506806976-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3841987362-15127488-506806976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://123.itiankong.com/?1
HKU\S-1-5-21-3841987362-15127488-506806976-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-09-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-09-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-09-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-09-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default [2017-01-19]
FF Homepage: Mozilla\Firefox\Profiles\mtjubn89.default -> google.hr
FF Extension: (Fast search) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\amcontextmenu@loucypher [2017-01-18]
FF Extension: (Link Virus Checker: Security Plus) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\jid0-DjsrWcAS3Wgq2xyyqqVL8Dqk1Lo@jetpack.xpi [2016-12-15]
FF Extension: (Tab Scope) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\tabscope@xuldev.org.xpi [2016-11-17]
FF Extension: (The Addon Bar (restored)) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-11-16]
FF Extension: (360 Internet Protection) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\WebProtection@360safe.com [2017-01-14]
FF Extension: (FEBE) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-30]
FF Extension: (Speed Dial) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-11-17]
FF Extension: (Download Status Bar) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-11-16]
FF Extension: (Adblock Plus) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (Tab Mix Plus) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\mtjubn89.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-01-12]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-16] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-10-15] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-10-15] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.NDWL4ORHBQI6FWGSY7XD2UFIV4 - C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [914344 2016-08-10] (QIHU 360 SOFTWARE CO. LIMITED)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-08-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-08-10] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-08-10] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-08-10] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190696 2016-08-10] (360.cn)
S3 vmusbmouse; C:\Windows\System32\DRIVERS\vmusbmouse.sys [15512 2014-03-21] (VMware, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 16:41 - 2017-01-19 16:42 - 00012758 _____ C:\Users\PC\Desktop\FRST.txt
2017-01-19 16:41 - 2017-01-19 16:41 - 00000000 ____D C:\FRST
2017-01-19 16:38 - 2017-01-19 16:40 - 02419712 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2017-01-19 16:30 - 2017-01-19 16:30 - 00243552 _____ C:\Users\PC\Downloads\Firefox Setup Stub 50.1.0 (1).exe
2017-01-19 15:43 - 2017-01-19 15:43 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-19 15:07 - 2017-01-19 15:07 - 00002108 _____ C:\Users\PC\Documents\Linkovi vaznijih stranica.txt
2017-01-18 23:08 - 2017-01-18 23:08 - 00000000 ____D C:\ProgramData\Microleaves
2017-01-18 23:05 - 2017-01-19 16:42 - 00000316 ____H C:\Windows\Tasks\Traffic Exchange v2.job
2017-01-18 23:05 - 2017-01-19 16:42 - 00000316 ____H C:\Windows\Tasks\Traffic Exchange v2 Guardian.job
2017-01-18 23:05 - 2017-01-19 16:42 - 00000316 ____H C:\Windows\Tasks\Traffic Exchange v2 Guard.job
2017-01-18 23:05 - 2017-01-19 14:08 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
2017-01-18 23:05 - 2017-01-18 23:13 - 00000000 ____D C:\Users\PC\AppData\Roaming\Browsers
2017-01-18 23:05 - 2017-01-18 23:05 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
2017-01-18 23:05 - 2017-01-18 23:05 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
2017-01-18 23:05 - 2017-01-18 23:05 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
2017-01-18 23:05 - 2017-01-18 23:05 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
2017-01-18 23:05 - 2017-01-18 23:05 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 Guardian
2017-01-18 23:05 - 2017-01-18 23:05 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 Guard
2017-01-18 23:05 - 2017-01-18 23:05 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2
2017-01-18 23:05 - 2017-01-18 23:05 - 00000000 ____D C:\Users\PC\AppData\Roaming\SPI
2017-01-18 23:05 - 2017-01-18 23:05 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-01-18 23:04 - 2017-01-18 23:05 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microleaves
2017-01-18 23:04 - 2017-01-18 23:05 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-18 23:04 - 2017-01-18 23:05 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-18 17:57 - 2017-01-18 17:58 - 00000000 ____D C:\Users\PC\AppData\Roaming\PhotoScape
2017-01-18 17:57 - 2017-01-18 17:57 - 00001027 _____ C:\Users\UpdatusUser\Desktop\PhotoScape.lnk
2017-01-18 00:19 - 2017-01-18 00:18 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-01-16 23:57 - 2017-01-18 22:55 - 00000000 ____D C:\Users\PC\AppData\LocalLow\uTorrent
2017-01-16 17:45 - 2017-01-19 14:55 - 00000000 __SHD C:\$360Section
2017-01-16 16:26 - 2017-01-19 14:55 - 00000000 ____D C:\ProgramData\360Quarant
2017-01-14 11:40 - 2017-01-18 23:04 - 00000000 ____D C:\Users\PC\AppData\Roaming\360Safe
2017-01-13 12:29 - 2017-01-19 16:40 - 00000000 ____D C:\Users\PC\AppData\LocalLow\360WD
2017-01-13 12:29 - 2017-01-18 23:13 - 00000000 ____D C:\ProgramData\360safe
2017-01-13 12:29 - 2017-01-17 19:43 - 00000000 _RSHD C:\360SANDBOX
2017-01-13 12:29 - 2017-01-16 17:45 - 00000000 ____D C:\ProgramData\360TotalSecurity
2017-01-13 12:29 - 2017-01-13 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-01-13 12:29 - 2017-01-13 12:29 - 00000000 ____D C:\Program Files (x86)\360
2017-01-13 12:29 - 2016-08-10 11:54 - 00391392 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2017-01-13 12:29 - 2016-08-10 11:54 - 00330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2017-01-13 12:29 - 2016-08-10 11:54 - 00190696 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2017-01-13 12:29 - 2016-08-10 11:54 - 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2017-01-13 12:29 - 2016-08-10 11:54 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2017-01-13 12:29 - 2016-08-10 11:54 - 00086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2017-01-13 12:29 - 2016-08-10 11:54 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2017-01-12 12:58 - 2017-01-17 11:10 - 00000000 ____D C:\Users\PC\Documents\ViberDownloads
2017-01-12 12:57 - 2017-01-17 11:02 - 00000000 ____D C:\Users\PC\AppData\Roaming\ViberPC
2017-01-12 12:57 - 2017-01-12 12:57 - 00000911 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2017-01-12 12:57 - 2017-01-12 12:57 - 00000000 ____D C:\Users\PC\AppData\Roaming\NVIDIA
2017-01-12 12:57 - 2017-01-12 12:57 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2017-01-12 12:57 - 2017-01-12 12:57 - 00000000 ____D C:\Users\PC\AppData\Local\Viber
2017-01-12 12:57 - 2017-01-12 12:57 - 00000000 ____D C:\Users\PC\AppData\Local\Package Cache
2017-01-12 12:11 - 2017-01-16 23:58 - 00000000 ____D C:\Users\PC\Downloads\ESET NOD 32 4.0.0 + Serials - DivXNL-Team (32&64bit)
2017-01-12 12:07 - 2017-01-12 12:07 - 00002586 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-01-12 12:07 - 2017-01-12 12:07 - 00000000 ____D C:\Users\PC\Downloads\NOD32 Antivirus System 2.7.0 +(zabranjeno)
2017-01-12 12:06 - 2017-01-18 23:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2017-01-05 15:54 - 2017-01-05 15:54 - 00001189 _____ C:\Users\PC\Documents\GOM Player.lnk
2017-01-05 15:54 - 2017-01-05 15:54 - 00000355 _____ C:\Users\PC\Documents\Computer - Shortcut.lnk
2016-12-26 09:25 - 2016-12-21 20:24 - 00988307 _____ C:\Users\PC\Documents\MIILINOVIĆ Nemanja_Diplomski rad.docx
2016-12-20 12:39 - 2017-01-18 22:49 - 03312589 _____ C:\Users\PC\Desktop\MIILINOVIĆ Nemanja_Diplomski rad.docx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 16:35 - 2016-11-26 19:45 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla
2017-01-19 16:35 - 2016-11-26 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-19 16:34 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-19 16:34 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-19 16:29 - 2016-11-16 16:48 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-19 16:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-19 15:43 - 2014-10-05 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-19 15:38 - 2014-10-12 11:08 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-19 15:38 - 2014-10-05 14:14 - 00000000 ____D C:\Users\PC\AppData\Local\Google
2017-01-18 22:26 - 2014-10-05 18:03 - 00000000 ____D C:\Users\PC\AppData\Local\Deployment
2017-01-18 22:26 - 2014-10-05 13:23 - 00000000 ____D C:\Users\PC
2017-01-18 19:38 - 2016-12-15 20:09 - 00000000 ____D C:\Users\PC\Documents\Plinska dobava goriva
2017-01-18 00:25 - 2014-10-05 14:33 - 00000000 ____D C:\ProgramData\Oracle
2017-01-18 00:20 - 2014-10-05 14:48 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-18 00:20 - 2014-10-05 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-18 00:19 - 2014-10-05 14:33 - 00000000 ____D C:\Program Files\Java
2017-01-18 00:18 - 2014-11-16 15:19 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-18 00:17 - 2014-10-05 14:49 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-17 18:14 - 2014-10-05 14:20 - 00000000 ____D C:\Users\PC\AppData\Roaming\Skype
2017-01-16 16:26 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-16 16:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-01-14 12:26 - 2016-11-17 18:14 - 00000000 ____D C:\Users\PC\AppData\Local\Microsoft Games
2017-01-13 12:28 - 2014-10-13 12:10 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-13 12:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-11 15:09 - 2016-11-16 23:34 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-12-28 23:17 - 2014-10-05 13:23 - 00000000 ___RD C:\Users\PC\Music
2016-12-28 21:13 - 2014-10-05 13:23 - 00000000 ___RD C:\Users\PC\Saved Games
2016-12-25 17:31 - 2009-07-14 06:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-25 14:43 - 2014-10-05 13:48 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{501b1fdd-4c8d-11e4-8226-000c29b66189}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 17:25 - 2016-11-17 17:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-21 17:25 - 2014-10-05 14:19 - 00000000 ____D C:\ProgramData\Skype

Some files in TEMP:
====================
C:\Users\PC\AppData\Local\Temp\AutoTime51495.exe
C:\Users\PC\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\PC\AppData\Local\Temp\component.exe
C:\Users\PC\AppData\Local\Temp\cubecc.exe
C:\Users\PC\AppData\Local\Temp\gcapi_dll.dll
C:\Users\PC\AppData\Local\Temp\gdapi.dll
C:\Users\PC\AppData\Local\Temp\GoogleSetup.exe
C:\Users\PC\AppData\Local\Temp\gtapi_signed.dll
C:\Users\PC\AppData\Local\Temp\GTGCAPI.exe
C:\Users\PC\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\PC\AppData\Local\Temp\jre-8u121-windows-au.exe
C:\Users\PC\AppData\Local\Temp\msvcr90.dll
C:\Users\PC\AppData\Local\Temp\MyProg.exe
C:\Users\PC\AppData\Local\Temp\TMP28111.exe
C:\Users\PC\AppData\Local\Temp\vibesound.exe
C:\Users\PC\AppData\Local\Temp\wait.exe
C:\Users\PC\AppData\Local\Temp\windows.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-14 00:53

==================== End of FRST.txt ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop.


Arrow Kada preuzimanje bude zavrseno:

Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija.
Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan.
Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke.
Ako ti zatrazi da restartujes racunar, klikni na Reboot.
Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje.


Arrow Nakon toga, potrebno je da dostavis izvestaj/e:

Na tastaturi pritisni + R u isto vreme.
Kopiraj sledecu komandu i potvrdi sa OK:
%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports
Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

offline
  • Pridružio: 28 Dec 2009
  • Poruke: 126

Uradio sam kako je napisano. Ovo je izvjestaj


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Hajde ponovo pokreni FRST Scan i prikaci oba izvestaja.

offline
  • Pridružio: 28 Dec 2009
  • Poruke: 126

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kakva je sada situacija?

offline
  • Pridružio: 28 Dec 2009
  • Poruke: 126

Napisano: 21 Jan 2017 18:42

Reinstalirao sam pretrazivace prije nego sto sam skenirao sa Anti Malware tako da sada mogu noralno da pretrazujem. Djeluje mi kad upalim racunar da mu je potrebno malo vise vremena da "odradi", al mozda sam i umislio zbog ovog problema.

Dopuna: 22 Jan 2017 11:18

Juce sam ponovo skenirao i svak put i Antimalware i 360 total security pronadju zarazene fajlove u sistemu ili u pretrazivacu.

Dopuna: 24 Jan 2017 16:39

Jos uvijek mi security 360 izbacuje viruse kod skeniranja. Ne mogu nikako da ih se rijesim.




Ko je trenutno na forumu
 

Ukupno su 680 korisnika na forumu :: 9 registrovanih, 1 sakriven i 670 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ageofloneliness, Bobrock1, Japidson, Koridor, M1los, mrav pesadinac, Ognjen D., wizzardone, zlaya011