Pretrazivaci otvaraju sami nove tabove sa sumnjivim stranicama.

Pretrazivaci otvaraju sami nove tabove sa sumnjivim stranicama.

offline
  • Pridružio: 19 Feb 2009
  • Poruke: 188
  • Gde živiš: Kucevo

Od pre nekoliko dan primetio sam da kad kliknem na neki link na bilo kojoj stanici, otvara se sasvim druga stanica ili cak po dve i u drugom tabu.
Nisam nista instalirao niti skidao, bar koliko ja znam.
Primetio sam slicnu temu, pa sam nasao u proigramima (Discover Treasure ) za koji ne znam kako se nasao tamo. Njega sam deinstaliro ali roblema i dalje ima.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-12-2015
Ran by Mile (administrator) on MILET (28-12-2015 16:53:30)
Running from C:\Users\Mile\Desktop\frst
Loaded Profiles: Mile (Available Profiles: Mile)
Platform: Microsoft Windows 8 Pro (X86) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Windows\KMS-R@1n.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(A4Tech Co.,Ltd.) C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(FlashPeak Inc.) C:\Users\Mile\Desktop\New folder (5)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Users\Mile\Desktop\New folder (5)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Users\Mile\Desktop\New folder (5)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Users\Mile\Desktop\New folder (5)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Users\Mile\Desktop\New folder (5)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Users\Mile\Desktop\New folder (5)\Slimjet\slimjet.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12336856 2015-09-26] (Realtek Semiconductor)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [iKeyWorks] => C:\Program Files\A4Tech\Keyboard\Ikeymain.exe [65536 2007-06-25] (A4Tech Co.,Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKU\S-1-5-21-3893990192-3725226574-2333194970-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3893990192-3725226574-2333194970-1001\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [4245400 2013-03-10] (Hagel Technologies Ltd.)
HKU\S-1-5-21-3893990192-3725226574-2333194970-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\ccleaner.exe [6490904 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-3893990192-3725226574-2333194970-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3893990192-3725226574-2333194970-1001\...\MountPoints2: {bd0f8198-da9c-11e2-b0e6-806e6f6e6963} - "D:\setup.exe"
BootExecute: autocheck autochk *
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 178.79.22.6 8.8.8.8
Tcpip\..\Interfaces\{6F2661E3-6C52-4950-A68E-94EA8D95514B}: [DhcpNameServer] 178.79.22.6 8.8.8.8
Tcpip\..\Interfaces\{D648EED2-3651-4EA8-BB6A-4A2866D10BA3}: [DhcpNameServer] 178.79.22.6 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3893990192-3725226574-2333194970-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.rs/
HKU\S-1-5-21-3893990192-3725226574-2333194970-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cool-tvlive.net/terra
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-02] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-02] (AO Kaspersky Lab)
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://20.30.5.228/RtspVaPgDec.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Mile\AppData\Roaming\Mozilla\Firefox\Profiles\x1wjdq4e.default-1448347418443
FF Homepage: hxxp://www.google.rs/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3893990192-3725226574-2333194970-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mile\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2012-10-11] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2013-04-12] (Nullsoft, Inc.)
FF Extension: X-notifier - C:\Users\Mile\AppData\Roaming\Mozilla\Firefox\Profiles\x1wjdq4e.default-1448347418443\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-11-24]
FF Extension: Xmarks - C:\Users\Mile\AppData\Roaming\Mozilla\Firefox\Profiles\x1wjdq4e.default-1448347418443\extensions\foxmarks@kei.com [2015-11-24]
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-02]
FF Extension: Video DownloadHelper - C:\Users\Mile\AppData\Roaming\Mozilla\Firefox\Profiles\x1wjdq4e.default-1448347418443\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-19] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-19] [not signed]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2015-02-17] [not signed]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2015-02-17] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.rs/
CHR StartupUrls: Default -> "chrome://newtab/","hxxp://www.mystartsearch.com/?type=hp&ts=1427609290&from=amt&uid=SAMSUNGXHD321KJ_S0MQJ1QP418130"
CHR Profile: C:\Users\Mile\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-07]
CHR Extension: (Facebook Unseen) - C:\Users\Mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof [2015-01-07]
CHR Extension: (Kaspersky Protection) - C:\Users\Mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-12-08]
CHR Extension: (Kaspersky Protection) - C:\Users\Mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-01-07]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-30]
CHR Extension: (Anti-Banner) - C:\Users\Mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-07]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-05-02]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-05-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-10-13] (Kaspersky Lab ZAO)
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [2385304 2013-03-10] (Hagel Technologies Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [922928 2015-11-12] (NVIDIA Corporation)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [22528 2015-03-29] () [File not signed]
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6288688 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4611888 2015-11-12] (NVIDIA Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2161976 2015-01-30] (AVG Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\Windows\System32\drivers\amdide.sys [11944 2015-01-17] (Advanced Micro Devices Inc.)
R2 ASTRA32; C:\Program Files\ASTRA32\ASTRA32.sys [30864 2007-02-22] (Licensed for Sysinfo Lab)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R3 DUMeterDrv; C:\Program Files\DU Meter\DUMETR32.SYS [19944 2013-03-01] (Hagel Technologies Ltd.) [File not signed]
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [15968 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10208 2014-11-18] ()
S3 gdrv; C:\Windows\gdrv.sys [17488 2013-06-19] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-06-19] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-14] (REALiX(tm))
S3 ivusb; C:\Windows\System32\drivers\ivusb.sys [25112 2010-07-28] (Initio Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [57712 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [58040 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [25208 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [147336 2015-12-02] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [44216 2015-12-02] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [763776 2015-12-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [37560 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2015-10-13] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [76168 2015-12-02] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18736 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation)
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [181912 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2015-01-13] (TuneUp Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38928 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [244600 2015-07-06] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo32.dll [13264 2015-08-09] (wisecleaner.com)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 16:53 - 2015-12-28 16:53 - 00000000 ____D C:\FRST
2015-12-28 16:52 - 2015-12-28 16:53 - 00000000 ____D C:\Users\Mile\Desktop\frst
2015-12-27 12:17 - 2015-12-27 12:17 - 00001421 _____ C:\Users\Public\Desktop\Living Legends Frozen Beauty.lnk
2015-12-27 12:17 - 2015-12-27 12:17 - 00000000 ____D C:\Users\Mile\AppData\Roaming\4 Friends Games
2015-12-27 12:12 - 2015-12-22 11:38 - 576146641 _____ C:\Users\Mile\Downloads\Setup.gcd
2015-12-27 12:12 - 2015-12-22 11:38 - 02542688 _____ (giveawayoftheday.com) C:\Users\Mile\Downloads\Setup.exe
2015-12-27 12:12 - 2013-11-15 14:15 - 00000781 _____ C:\Users\Mile\Downloads\Readme.txt
2015-12-27 10:31 - 2015-12-27 12:11 - 578289978 _____ C:\Users\Mile\Downloads\LivingLegendsFrozenBeauty-ro9td1.zip
2015-12-26 19:21 - 2015-12-26 19:28 - 00000000 ____D C:\AdwCleaner
2015-12-25 13:15 - 2015-12-25 13:15 - 00001434 _____ C:\Users\Mile\Desktop\Skype.exe - Shortcut.lnk
2015-12-25 13:03 - 2015-12-25 13:04 - 00000000 ____D C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
2015-12-25 13:03 - 2015-12-25 13:04 - 00000000 ____D C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77
2015-12-25 06:15 - 2015-12-25 06:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-25 06:15 - 2015-12-25 06:15 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-23 18:07 - 2015-12-23 18:08 - 00042011 _____ C:\Users\Mile\Desktop\Extraction.srt
2015-12-23 15:21 - 2015-12-23 16:01 - 732471120 _____ C:\Users\Mile\Desktop\Extraction.avi
2015-12-23 15:21 - 2015-12-23 15:21 - 00042011 _____ C:\Users\Mile\Downloads\Extraction.srt
2015-12-17 09:05 - 2015-12-17 09:06 - 15606657 _____ C:\Users\Mile\Desktop\Kako napraviti USB za butanje sistema windows-1.mp4
2015-12-17 09:02 - 2015-12-17 09:13 - 09463422 _____ C:\Users\Mile\Desktop\Kako napraviti USB za butanje sistema windows.mp4
2015-12-12 17:39 - 2015-12-12 17:39 - 00000849 _____ C:\Users\Mile\Desktop\FamilyVacation.exe - Shortcut.lnk
2015-12-12 17:28 - 2015-12-12 17:28 - 00000000 ____D C:\Users\Mile\AppData\Roaming\FamilyVacationCalifornia
2015-12-08 17:57 - 2015-12-08 17:57 - 00000000 ____D C:\Users\Mile\AppData\Local\PopcornTimeDesktop
2015-12-08 06:37 - 2015-12-08 06:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetClientOCX
2015-12-08 06:37 - 2015-12-08 06:37 - 00000000 ____D C:\Program Files\NetClientOCX
2015-12-02 13:55 - 2015-12-02 13:55 - 00002061 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-12-02 13:55 - 2015-12-02 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-12-02 13:53 - 2015-12-02 14:32 - 00763776 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-12-02 13:53 - 2015-12-02 14:32 - 00147336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-12-02 12:17 - 2015-12-02 12:17 - 00002083 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-02 12:17 - 2015-10-13 16:04 - 00608048 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-12-02 12:14 - 2015-10-13 20:01 - 24199344 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-12-02 12:14 - 2015-10-13 20:01 - 15293104 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-12-02 12:14 - 2015-10-13 20:01 - 11272048 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 12:14 - 2015-10-13 20:01 - 11209376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 12:14 - 2015-10-13 20:01 - 10707120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 12:14 - 2015-10-13 20:01 - 03987760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 12:14 - 2015-10-13 20:01 - 01060656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234192.dll
2015-12-02 12:14 - 2015-10-13 20:01 - 00911536 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234192.dll
2015-12-02 12:14 - 2015-10-13 20:01 - 00907440 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-12-02 12:14 - 2015-10-13 20:01 - 00869040 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-12-02 12:05 - 2015-12-02 12:15 - 00000000 ____D C:\Windows\LastGood
2015-12-02 12:05 - 2015-11-12 19:37 - 00091384 _____ C:\Windows\system32\NvRtmpStreamer32.dll
2015-12-02 12:04 - 2015-08-11 05:55 - 00044840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2015-11-30 06:00 - 2015-12-18 14:05 - 00000000 ____D C:\Users\Mile\AppData\Roaming\IP-TV Player
2015-11-30 06:00 - 2015-11-30 06:00 - 00000000 ____D C:\ProgramData\IP-TV Player
2015-11-30 05:58 - 2015-11-30 06:00 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP-TV Player.lnk
2015-11-30 05:58 - 2015-11-30 06:00 - 00001911 _____ C:\Users\Public\Desktop\IP-TV Player.lnk
2015-11-30 05:58 - 2015-11-30 06:00 - 00000000 ____D C:\Program Files\IP-TV Player
2015-11-30 05:57 - 2015-12-18 14:05 - 00000000 ____D C:\Users\Mile\AppData\Roaming\vlc
2015-11-30 05:57 - 2015-11-30 05:57 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-30 05:57 - 2015-11-30 05:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 16:53 - 2012-07-26 05:43 - 00000000 ____D C:\Windows
2015-12-28 16:47 - 2013-07-09 19:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-28 16:43 - 2013-02-06 01:21 - 00000000 ____D C:\Users\Mile\AppData\Roaming\Skype
2015-12-28 16:21 - 2013-05-12 17:53 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce4f3138bbfe55.job
2015-12-28 14:21 - 2015-08-30 04:15 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 06:24 - 2013-06-29 06:21 - 00000000 ____D C:\ProgramData\MCShield
2015-12-28 06:23 - 2013-02-05 23:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-28 06:23 - 2012-07-26 07:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-27 20:26 - 2012-07-26 05:17 - 00786432 ___SH C:\Windows\system32\config\BBI
2015-12-27 17:08 - 2015-01-14 18:50 - 00000000 ____D C:\ProgramData\ProductData
2015-12-27 13:12 - 2015-11-18 18:17 - 00000276 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Mile.job
2015-12-27 12:17 - 2013-08-03 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playrix Entertainment
2015-12-27 12:14 - 2013-08-03 10:18 - 00000000 ____D C:\Program Files\Playrix Entertainment
2015-12-27 09:35 - 2013-02-05 19:11 - 00000000 ____D C:\Users\Mile\AppData\Roaming\BSplayer PRO
2015-12-26 19:28 - 2015-01-28 08:17 - 00001259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Games.lnk
2015-12-26 19:28 - 2013-11-25 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-26 19:28 - 2013-02-08 05:57 - 00000000 ____D C:\Users\Mile\AppData\Roaming\Yahoo!
2015-12-26 19:28 - 2013-02-08 05:57 - 00000000 ____D C:\Users\Mile\AppData\LocalLow\Yahoo!
2015-12-26 19:28 - 2013-02-05 23:06 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-26 19:28 - 2013-02-05 22:28 - 00001144 _____ C:\Users\Mile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-26 19:25 - 2013-02-06 01:19 - 00000000 ____D C:\Program Files\Everything
2015-12-26 19:20 - 2013-02-05 22:33 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 19:20 - 2012-07-26 05:43 - 00000000 ____D C:\Windows\inf
2015-12-26 16:07 - 2013-02-05 21:26 - 00000000 ____D C:\Program Files\CCleaner
2015-12-25 06:15 - 2014-02-19 18:58 - 00000000 ____D C:\Users\Mile\AppData\Local\Skype
2015-12-25 06:15 - 2013-02-05 16:25 - 00000000 ___RD C:\Program Files\Skype
2015-12-25 06:15 - 2013-02-05 16:24 - 00000000 ____D C:\ProgramData\Skype
2015-12-24 06:20 - 2013-04-12 19:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-24 06:20 - 2013-02-05 23:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-20 20:35 - 2015-06-16 15:20 - 00000000 ____D C:\Users\Mile\Desktop\New folder (5)
2015-12-13 04:53 - 2013-02-06 00:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-12 21:44 - 2015-03-16 08:02 - 00000000 ____D C:\Users\Mile\dwhelper
2015-12-12 17:26 - 2013-02-14 18:19 - 00000000 ____D C:\Games
2015-12-08 07:31 - 2013-04-06 10:02 - 00000000 ____D C:\Users\Mile\AppData\Local\Google
2015-12-08 06:41 - 2012-07-26 07:53 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-12-04 15:56 - 2015-11-12 19:35 - 00000000 ____D C:\Users\Mile\Desktop\New folder (3)
2015-12-02 14:32 - 2015-06-26 23:54 - 00076168 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-12-02 14:30 - 2015-07-04 02:22 - 00044216 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-12-02 13:55 - 2012-07-26 05:17 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-12-02 13:53 - 2014-09-23 20:20 - 00000000 ____D C:\Users\MILET
2015-12-02 13:53 - 2013-07-09 19:00 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-12-02 12:17 - 2014-02-05 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-02 12:05 - 2014-02-05 21:49 - 00000000 ____D C:\Users\Mile\AppData\Local\NVIDIA Corporation
2015-12-02 12:05 - 2014-01-14 11:03 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-30 05:56 - 2015-03-16 11:36 - 00000000 ____D C:\Program Files\VideoLAN

==================== Files in the root of some directories =======

2013-02-17 17:52 - 2013-02-17 17:52 - 0000436 _____ () C:\Users\Mile\AppData\Roaming\Drives Monitor_Settings.ini
2015-05-03 07:04 - 2015-05-24 04:10 - 0000053 _____ () C:\Users\Mile\AppData\Roaming\LogFile.txt
2013-02-17 17:39 - 2013-02-17 17:45 - 0001790 _____ () C:\Users\Mile\AppData\Roaming\System Monitor II_CPU0_Settings.ini
2013-02-05 16:31 - 2013-03-04 02:45 - 0007600 _____ () C:\Users\Mile\AppData\Local\Resmon.ResmonCfg
2015-04-12 07:11 - 2015-04-12 07:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-20 14:43 - 2014-11-20 14:43 - 0000000 _____ () C:\ProgramData\New Text Document.txt

Some files in TEMP:
====================
C:\Users\Mile\AppData\Local\Temp\Quarantine.exe
C:\Users\Mile\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-28 06:59

==================== End of FRST.txt ============================
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CreateRestorePoint:

GroupPolicyScripts: Restriction <======= ATTENTION
Redirect Cache = hxxp://cool-tvlive.net/terra
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR StartupUrls: Default -> "chrome://newtab/","hxxp://www.mystartsearch.com/?type=hp&ts=1427609290&from=amt&uid=SAMSUNGXHD321KJ_S0MQJ1QP418130"
Task: {DB20D1A8-6BAE-48CC-9143-FB02D5FB3D50} - System32\Tasks\{7BFC4253-9AA0-4903-A977-DE8EED7DC3F1} => pcalua.exe -a C:\Users\Mile\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=amt

C:\Users\Mile\AppData\Roaming\mystartsearch
C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77

EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Pridružio: 19 Feb 2009
  • Poruke: 188
  • Gde živiš: Kucevo

Fix result of Farbar Recovery Scan Tool (x86) Version:28-12-2015
Ran by Mile (2015-12-28 20:46:16) Run:1
Running from C:\Users\Mile\Desktop\frst
Loaded Profiles: Mile (Available Profiles: Mile)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:

GroupPolicyScripts: Restriction <======= ATTENTION
Redirect Cache = hxxp://cool-tvlive.net/terra
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR StartupUrls: Default -> "chrome://newtab/","hxxp://www.mystartsearch.com/?type=hp&ts=1427609290&from=amt&uid=SAMSUNGXHD321KJ_S0MQJ1QP418130"
Task: {DB20D1A8-6BAE-48CC-9143-FB02D5FB3D50} - System32\Tasks\{7BFC4253-9AA0-4903-A977-DE8EED7DC3F1} => pcalua.exe -a C:\Users\Mile\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt

C:\Users\Mile\AppData\Roaming\mystartsearch
C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77

EmptyTemp:
*****************

Error: (0) Failed to create a restore point.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
Redirect Cache = hxxp://cool-tvlive.net/terra => Error: No automatic fix found for this entry.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
Chrome StartupUrls => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB20D1A8-6BAE-48CC-9143-FB02D5FB3D50}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB20D1A8-6BAE-48CC-9143-FB02D5FB3D50}" => key removed successfully.
C:\Windows\System32\Tasks\{7BFC4253-9AA0-4903-A977-DE8EED7DC3F1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BFC4253-9AA0-4903-A977-DE8EED7DC3F1}" => key removed successfully.
"C:\Users\Mile\AppData\Roaming\mystartsearch" => not found.
C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77 => moved successfully
C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77 => moved successfully
EmptyTemp: => 394.9 MB temporary data Removed.


The system needed a reboot.

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php



Question

Kakvo je sada stanje?

offline
  • Pridružio: 19 Feb 2009
  • Poruke: 188
  • Gde živiš: Kucevo

Hvala na pomoci! Izgleda da sada ne otvara bez veze nista.
Poslao sam foldere kako ste naveli ako treba jos nesto samo kazite. Pozdrav!

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Trebal obi da obavimo još jednu provjeru reda radi.


Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 19 Feb 2009
  • Poruke: 188
  • Gde živiš: Kucevo

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
malwarebytes.org

Database version:
main: v2015.12.29.01
rootkit: v2015.12.26.01

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.17451
Mile :: MILET [administrator]

29.12.2015. 6:45:50
mbar-log-2015-12-29 (06-45-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 317743
Time elapsed: 27 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-3893990192-3725226574-2333194970-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl (Hijack.AutoConfigURL.ShrtCln) -> Data: unstopp.me/wpad.dat?de15e27888011828eedc3357e15310b43148385 -> Delete on reboot. [3c993179f8938fa71d31987b4eb66799]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to.


Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.







Pozdrav.

offline
  • Pridružio: 19 Feb 2009
  • Poruke: 188
  • Gde živiš: Kucevo

Odradjeno sve i sve je OK. Hvala na pomici i veliki pozdrav!

Ko je trenutno na forumu
 

Ukupno su 582 korisnika na forumu :: 5 registrovanih, 1 sakriven i 576 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, bato, cikadeda, JOntra, slonic_tonic