Nova.rambler.ru

Nova.rambler.ru

offline
  • Dusan
  • Elektrotehnicar Energetike
  • Pridružio: 23 Okt 2014
  • Poruke: 1192
  • Gde živiš: Beograd

Dakle pojavljuje se sledeci pretrazivac. Cistio sam sa Malware Bytes, ADWcleanerom, i nista nije radilo. Uvek se nekako vrati.

Problem se pojavio nakon istalacije nekog peketa kodeka.
Na ovom racunaru ima AVG Business Edition, ni on ga nije uklonio.
Net konekcija ne znam koja je, nije moj racunar.

FIRST SCAN


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2017
Ran by elektronicari (administrator) on HP418 (24-01-2017 10:19:13)
Running from C:\Users\elektronicari\AppData\Local\Temp\scoped_dir5532_31983
Loaded Profiles: elektronicari (Available Profiles: elektronicari & Administrator)
Platform: Microsoft Windows 7 Enterprise N Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Plantronics, Inc.) C:\Program Files\Plantronics\Spokes3G\SpokesUpdateService.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Plantronics, Inc.) C:\Program Files\Plantronics\Spokes3G\PLTHub.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ITSamples.com) C:\Windows\NetworkIndicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Opera Software) C:\Program Files\Opera\launcher.exe
(Opera Software) C:\Windows\Temp\opera autoupdate\CProgram FilesOpera\ready\installer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4431848 2015-12-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-19] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
HKLM\...\Run: [PLTHub.exe] => C:\Program Files\Plantronics\Spokes3G\PLTHub.exe [3534904 2016-05-24] (Plantronics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\...\Run: [OSDownloaderUpdate] => "C:\Program Files\OSDownloader\OSDownloaderUpdate.exe" "sleep"
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\...\Run: [OSDownloader] => "C:\Program Files\OSDownloader\OSDownloader.exe" AutoStart
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2015-05-29]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetworkIndicator - Shortcut.lnk [2015-02-26]
ShortcutTarget: NetworkIndicator - Shortcut.lnk -> C:\Windows\NetworkIndicator.exe (ITSamples.com)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1313822525-380153392-3296115304-1003] => proxy.pnm.co.yu:3128
AutoConfigURL: [S-1-5-21-1313822525-380153392-3296115304-1003] => proxy.pnm.co.yu:3128
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.9.1 192.168.9.2
Tcpip\..\Interfaces\{1CD4E8D3-E2DB-411B-A78A-9EBE2F272A0D}: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{2C454323-1173-4596-89EF-170E89D139CE}: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{33C4FB72-A7DA-4D3C-AFC8-D393B4690791}: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{5653B138-06A6-4D56-AE6B-E8AAAF2FE8D5}: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{A8C94103-03E0-48AA-891A-C0ABDCB47170}: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{C880AC11-EB75-4E63-A6B1-EDC4A248CF18}: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{F86B9B63-CD33-4C83-87D8-3D6624A6BE6C}: [DhcpNameServer] 192.168.9.1 192.168.9.2

Internet Explorer:
==================
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://faststartpage.com/
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-13] (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-13] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1313822525-380153392-3296115304-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} hxxp://192.168.2.164/cab/OCXChecker_6110.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} hxxp://192.168.2.164/cab/DownloadFile_7000.cab

FireFox:
========
FF DefaultProfile: 1ileziud.default
FF ProfilePath: C:\Users\elektronicari\AppData\Roaming\Mozilla\Firefox\Profiles\1ileziud.default [2017-01-24]
FF NewTab: Mozilla\Firefox\Profiles\1ileziud.default -> resource://caa1-adoicaxffmovix-at-jetpack/gomovix/data/index.html
FF Homepage: Mozilla\Firefox\Profiles\1ileziud.default -> user_pref("browser.startup.homepage","hxxp://faststartpage.com/");
FF NetworkProxy: Mozilla\Firefox\Profiles\1ileziud.default -> type", 4
FF Extension: (No Name) - C:\Users\elektronicari\AppData\Roaming\Mozilla\Firefox\Profiles\1ileziud.default\extensions\LVD-SAE@iacsearchandmedia.com.xpi [not found]
FF Extension: (No Name) - C:\Users\elektronicari\AppData\Roaming\Mozilla\Firefox\Profiles\1ileziud.default\extensions\amcontextmenu@loucypher [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-1313822525-380153392-3296115304-1003: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-03-14]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default [2017-01-24]
CHR Extension: (Docs) - C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-03]
CHR Extension: (No Name) - C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-03]
CHR Extension: (No Name) - C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-11]
CHR Extension: (No Name) - C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (No Name) - C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-11]
CHR Extension: (Google Wallet) - C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-11]
CHR Extension: (No Name) - C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-18]
CHR Extension: (No Name) - C:\Users\elektronicari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-03]

Opera:
=======
OPR StartupUrls: "hxxp://www.google.com/"
OPR Extension: (Tampermonkey) - C:\Users\elektronicari\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2016-09-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4948456 2015-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-02-25] (Macrovision Europe Ltd.) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PlantronicsUpdateService; C:\Program Files\Plantronics\Spokes3G\SpokesUpdateService.exe [1798200 2016-05-24] (Plantronics, Inc.)
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1795864 2014-09-22] (UltraVNC)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-09-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [122320 2015-05-21] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [32672 2015-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [278992 2015-05-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [159648 2016-03-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [191440 2015-05-26] (AVG Technologies CZ, s.r.o.)
S3 FETND62; C:\Windows\System32\DRIVERS\DLF62X86.SYS [45568 2009-11-23] (D-Link )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (VIA Technologies, Inc. )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-24] (Malwarebytes)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [807936 2009-09-15] (Ralink Technology Corp.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [33224 2012-11-23] (IObit Information Technology)
S3 Pg4uUSB; C:\Windows\System32\DRIVERS\pg4uusb.sys [121496 2016-06-21] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 10:18 - 2017-01-24 10:19 - 00000000 ____D C:\FRST
2017-01-24 10:18 - 2017-01-24 10:18 - 01762816 _____ (Farbar) C:\Users\elektronicari\Desktop\FRST.exe
2017-01-24 09:54 - 2017-01-24 09:54 - 00000000 ____D C:\Users\elektronicari\AppData\Roaming\Curiolab
2017-01-24 09:53 - 2017-01-24 10:12 - 00000000 ____D C:\Program Files\Exterminate It!
2017-01-24 08:05 - 2017-01-24 08:18 - 00000000 ____D C:\AdwCleaner
2017-01-24 07:54 - 2017-01-24 07:54 - 03988944 _____ C:\Users\elektronicari\Desktop\adwcleaner_6.042.exe
2017-01-23 13:54 - 2017-01-23 13:54 - 02676628 _____ C:\Users\elektronicari\Desktop\FX2N.pdf
2017-01-19 06:49 - 2017-01-24 07:45 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-19 06:48 - 2017-01-19 06:48 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-19 06:48 - 2017-01-19 06:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-19 06:48 - 2017-01-19 06:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-19 06:48 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-19 06:46 - 2017-01-19 06:48 - 54199488 _____ (Malwarebytes ) C:\Users\elektronicari\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-18 21:28 - 2017-01-18 21:28 - 00083121 _____ C:\Users\elektronicari\Downloads\247628-roman.empire.reign.of.blood.s01.webrip.zip
2017-01-18 20:23 - 2017-01-18 20:23 - 00116915 _____ C:\Users\elektronicari\Downloads\247903-arrival_2016_.zip
2017-01-18 10:41 - 2017-01-18 14:22 - 00000000 ___HD C:\Users\elektronicari\AppData\Roaming\com
2017-01-18 10:40 - 2017-01-18 10:40 - 00001403 ___RS C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Explоrеr.lnk
2017-01-18 10:40 - 2017-01-18 10:40 - 00001245 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firefох.lnk
2017-01-18 10:40 - 2017-01-18 10:40 - 00001215 ___RS C:\Users\Public\Desktop\Моzillа Firеfoх.lnk
2017-01-18 10:40 - 2017-01-18 10:40 - 00001171 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоme.lnk
2017-01-18 10:39 - 2017-01-18 10:39 - 00000000 ____D C:\Users\elektronicari\AppData\Roaming\SPI
2017-01-13 10:51 - 2017-01-13 11:07 - 00000000 ____D C:\Users\elektronicari\Desktop\LE32S81BX
2017-01-12 23:00 - 2017-01-12 23:00 - 20358232 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-01-12 21:50 - 2017-01-12 21:50 - 00000000 ____D C:\Users\elektronicari\AppData\LocalLow\BitTorrent
2017-01-11 07:58 - 2017-01-05 18:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 07:58 - 2017-01-05 18:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 07:58 - 2017-01-05 18:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 07:58 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 07:58 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 07:58 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 07:58 - 2017-01-05 18:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 07:58 - 2017-01-05 18:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 07:58 - 2017-01-05 18:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 07:58 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 07:58 - 2017-01-05 18:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 07:58 - 2017-01-05 18:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-08 20:57 - 2017-01-08 20:57 - 00189748 ____H C:\Windows\system32\mlfcache.dat
2017-01-02 17:34 - 2017-01-24 02:45 - 00000000 ___RD C:\Users\elektronicari\Documents\JANUAR 17
2016-12-27 15:15 - 2016-12-27 15:15 - 00027015 _____ C:\Users\elektronicari\Downloads\sise.jpg
2016-12-27 13:04 - 2016-12-27 13:04 - 00284160 _____ C:\Users\elektronicari\Desktop\Raspored EL. januar 17.doc
2016-12-27 11:37 - 2016-12-27 11:37 - 00000000 ___SD C:\Users\elektronicari\Documents\My Shapes
2016-12-27 11:36 - 2016-12-27 11:36 - 00000039 _____ C:\Windows\vbaddin.ini
2016-12-27 11:14 - 2016-12-27 11:14 - 00015528 _____ C:\Users\elektronicari\Downloads\Microsoft Visio PRO 2013 RTM.torrent
2016-12-27 10:54 - 2016-12-27 10:54 - 00018429 _____ C:\Users\elektronicari\Downloads\Microsoft Visio Professional 2013 VL (x86-x64) EN (MSDN-TechNet).torrent
2016-12-27 10:38 - 2016-12-27 10:38 - 00001769 _____ C:\Users\elektronicari\Desktop\MagicISO.lnk
2016-12-27 10:38 - 2016-12-27 10:38 - 00001769 _____ C:\Users\Administrator\Desktop\MagicISO.lnk
2016-12-27 10:38 - 2016-12-27 10:38 - 00000000 ____D C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2016-12-27 10:38 - 2016-12-27 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2016-12-27 10:38 - 2016-12-27 10:38 - 00000000 ____D C:\Program Files\MagicISO
2016-12-27 10:37 - 2016-12-27 10:38 - 03067400 _____ C:\Users\elektronicari\Downloads\Setup_MagicISO.exe
2016-12-27 10:22 - 2016-12-27 10:22 - 00026358 _____ C:\Users\elektronicari\Downloads\MICROSOFT.OFFICE.VISIO.PROFESSIONAL.2007-EcHoS.torrent
2016-12-27 00:16 - 2016-12-27 00:16 - 00017097 _____ C:\Users\elektronicari\Downloads\246658-the.man.in.the.high.castle.s02e05.720p.webrip.x264deflate.zip
2016-12-26 21:44 - 2016-12-26 21:44 - 00019852 _____ C:\Users\elektronicari\Downloads\246657-the.man.in.the.high.castle.s02e04.720p.webrip.x264deflate.srt.zip
2016-12-26 19:24 - 2016-12-26 19:24 - 00022403 _____ C:\Users\elektronicari\Downloads\246656-the.man.in.the.high.castle.s02e03.720p.webrip.x264deflate.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 09:59 - 2014-12-05 18:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-24 09:36 - 2014-12-05 18:17 - 00000000 ____D C:\ProgramData\MFAData
2017-01-24 08:31 - 2009-07-14 05:02 - 00021408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-24 08:31 - 2009-07-14 05:02 - 00021408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-24 08:22 - 2015-06-16 11:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-24 08:22 - 2009-07-14 05:17 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-22 23:16 - 2015-03-09 16:41 - 00000010 _____ C:\Windows\popcinfo.dat
2017-01-22 15:44 - 2014-12-05 18:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-22 01:25 - 2015-11-11 02:04 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-21 02:01 - 2015-02-24 20:23 - 00000000 ___RD C:\Users\elektronicari\Documents\IVAN
2017-01-21 02:00 - 2010-11-20 22:03 - 00785698 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-21 02:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-01-19 21:47 - 2016-12-13 18:00 - 00000000 ____D C:\Users\elektronicari\Desktop\MOV
2017-01-19 16:23 - 2016-05-19 01:42 - 00000000 ____D C:\Users\elektronicari\Desktop\Optokapleri
2017-01-19 06:48 - 2014-12-05 18:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-18 09:10 - 2015-02-26 08:59 - 00037376 _____ C:\Users\elektronicari\Desktop\Ciscenje i filteri stamparija.xls
2017-01-13 04:07 - 2016-05-11 18:06 - 00000000 ____D C:\Users\elektronicari\AppData\Roaming\BitTorrent
2017-01-12 23:00 - 2014-12-05 18:36 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-12 23:00 - 2014-12-05 18:36 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-12 09:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2017-01-12 02:57 - 2014-12-05 19:29 - 00000000 ____D C:\Windows\system32\MRT
2017-01-12 02:52 - 2014-12-05 19:29 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-02 17:36 - 2015-02-26 09:14 - 00000000 ___RD C:\Users\elektronicari\Documents\RADNE LISTE
2016-12-29 04:02 - 2015-02-24 19:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-29 04:02 - 2014-12-05 18:17 - 00000000 __SHD C:\Windows\Installer
2016-12-27 13:05 - 2015-02-26 10:03 - 00000000 ___RD C:\Users\elektronicari\Documents\Raspored
2016-12-27 11:37 - 2015-02-24 19:16 - 00000000 ____D C:\Users\elektronicari\AppData\Local\Microsoft
2016-12-27 11:36 - 2015-02-24 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-12-27 11:36 - 2009-07-14 03:37 - 00000000 __RSD C:\Windows\assembly
2016-12-27 11:34 - 2009-07-14 03:37 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-27 11:34 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-27 11:31 - 2014-12-05 19:10 - 00000510 _____ C:\Windows\ODBC.INI
2016-12-27 11:20 - 2016-12-23 13:45 - 00000000 ____D C:\Users\elektronicari\Desktop\Win 7 SP1
2016-12-27 10:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Tasks
2016-12-27 10:38 - 2015-02-23 10:54 - 01048576 ___SH C:\Users\Administrator\NTUSER.DAT
2016-12-27 10:38 - 2015-02-23 10:54 - 00000000 ___RD C:\Users\Administrator\Desktop

==================== Files in the root of some directories =======

2015-03-04 19:04 - 2015-03-04 19:05 - 10328598 _____ (Nullsoft, Inc.) C:\Program Files\winamp5666_full_en-us_redux.exe
2015-02-24 20:43 - 2015-02-26 08:50 - 0024609 _____ () C:\Users\elektronicari\AppData\Roaming\Comma Separated Values (Windows).ADR

Some files in TEMP:
====================
2016-09-23 01:46 - 2016-09-23 01:46 - 0000000 _____ () C:\Users\elektronicari\AppData\Local\Temp\7b5a-04d8-65bb-c262.exe
2010-11-09 08:29 - 2010-11-09 08:29 - 3056008 _____ (Ask) C:\Users\elektronicari\AppData\Local\Temp\askToolbarInstaller.exe
2017-01-18 10:29 - 2017-01-18 10:30 - 1851678 _____ () C:\Users\elektronicari\AppData\Local\Temp\cpa.exe
2017-01-18 10:36 - 2017-01-18 10:36 - 0016384 _____ (LordeX) C:\Users\elektronicari\AppData\Local\Temp\cubecc.exe
1999-01-18 19:34 - 1999-01-18 19:34 - 0060044 _____ () C:\Users\elektronicari\AppData\Local\Temp\DIAG.EXE
2015-09-24 03:24 - 2015-09-24 03:24 - 0341120 _____ (Gretech Corporation) C:\Users\elektronicari\AppData\Local\Temp\ExPromo.exe
2016-11-04 09:30 - 2013-11-18 08:04 - 0199913 _____ () C:\Users\elektronicari\AppData\Local\Temp\get-size.exe
2009-10-30 05:37 - 2009-10-30 05:37 - 0217088 _____ (Gretech Corporation) C:\Users\elektronicari\AppData\Local\Temp\GomEncDnInstaller.exe
1998-04-10 17:17 - 1998-04-10 17:17 - 0086538 _____ () C:\Users\elektronicari\AppData\Local\Temp\INSTALL.EXE
2016-08-02 09:46 - 2016-08-02 09:46 - 0741440 _____ (Oracle Corporation) C:\Users\elektronicari\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-12-13 08:09 - 2016-12-13 08:09 - 0737856 _____ (Oracle Corporation) C:\Users\elektronicari\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-02-05 22:52 - 2016-02-05 22:52 - 0736352 _____ (Oracle Corporation) C:\Users\elektronicari\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-31 08:39 - 2016-03-31 08:39 - 0736320 _____ (Oracle Corporation) C:\Users\elektronicari\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-27 10:33 - 2016-04-27 10:33 - 0739904 _____ (Oracle Corporation) C:\Users\elektronicari\AppData\Local\Temp\jre-8u91-windows-au.exe
1993-11-17 07:14 - 1993-11-17 07:14 - 0078654 _____ () C:\Users\elektronicari\AppData\Local\Temp\NETX.EXE
2015-09-24 03:24 - 2015-09-24 03:24 - 0262144 _____ () C:\Users\elektronicari\AppData\Local\Temp\NSISPromotionEx.dll
1998-04-10 17:17 - 1998-04-10 17:17 - 0013839 _____ () C:\Users\elektronicari\AppData\Local\Temp\PCIINFO.EXE
2017-01-18 10:30 - 2017-01-18 10:30 - 0011285 _____ () C:\Users\elektronicari\AppData\Local\Temp\voi.exe
2017-01-18 10:30 - 2017-01-18 10:30 - 0020480 _____ (WoaleD) C:\Users\elektronicari\AppData\Local\Temp\wait.exe
2017-01-18 10:30 - 2017-01-18 10:30 - 6138750 _____ () C:\Users\elektronicari\AppData\Local\Temp\XvidCod.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-23 07:25

==================== End of FRST.txt ============================




https://www.mycity.rs/must-login.png



Hvala!

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pozdrav!


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
GroupPolicy: Restriction ? <======= ATTENTION
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://faststartpage.com/
FF NewTab: Mozilla\Firefox\Profiles\1ileziud.default -> resource://caa1-adoicaxffmovix-at-jetpack/gomovix/data/index.html
FF Homepage: Mozilla\Firefox\Profiles\1ileziud.default -> user_pref("browser.startup.homepage","hxxp://faststartpage.com/");
FF NetworkProxy: Mozilla\Firefox\Profiles\1ileziud.default -> type", 4
FF Extension: (No Name) - C:\Users\elektronicari\AppData\Roaming\Mozilla\Firefox\Profiles\1ileziud.default\extensions\LVD-SAE@iacsearchandmedia.com.xpi [not found]
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Explоrеr.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Exрlorеr (No Add-ons).lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оpеrа.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоme.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firefох.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfoх.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat
File: C:\Windows\System32\DRIVERS\pg4uusb.sys
File: C:\Users\elektronicari\Desktop\MASMsetup.EXE
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Nakon toga,


Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Dusan
  • Elektrotehnicar Energetike
  • Pridružio: 23 Okt 2014
  • Poruke: 1192
  • Gde živiš: Beograd

Fix result of Farbar Recovery Scan Tool (x86) Version: 22-01-2017
Ran by elektronicari (25-01-2017 07:44:39) Run:1
Running from C:\Users\elektronicari\Documents\DUĆA\Programi
Loaded Profiles: elektronicari (Available Profiles: elektronicari & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Restriction ? <======= ATTENTION
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://faststartpage.com/
FF NewTab: Mozilla\Firefox\Profiles\1ileziud.default -> resource://caa1-adoicaxffmovix-at-jetpack/gomovix/data/index.html
FF Homepage: Mozilla\Firefox\Profiles\1ileziud.default -> user_pref("browser.startup.homepage","hxxp://faststartpage.com/");
FF NetworkProxy: Mozilla\Firefox\Profiles\1ileziud.default -> type", 4
FF Extension: (No Name) - C:\Users\elektronicari\AppData\Roaming\Mozilla\Firefox\Profiles\1ileziud.default\extensions\LVD-SAE@iacsearchandmedia.com.xpi [not found]
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t Expl?r?r.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rnet Ex?lor?r (No Add-ons).lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?p?r?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle ?hr?me.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Firef??.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\??zill? Fir?fo?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat
File: C:\Windows\System32\DRIVERS\pg4uusb.sys
File: C:\Users\elektronicari\Desktop\MASMsetup.EXE
EmptyTemp:
*****************

Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-1313822525-380153392-3296115304-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Firefox "newtab" removed successfully.
Firefox "homepage" removed successfully.
Firefox Proxy settings were reset.
C:\Users\elektronicari\AppData\Roaming\Mozilla\Firefox\Profiles\1ileziud.default\extensions\LVD-SAE@iacsearchandmedia.com.xpi => path removed successfully.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t Expl?r?r.lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rnet Ex?lor?r (No Add-ons).lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?p?r?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle ?hr?me.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Firef??.lnk" => Could not move.
"C:\Users\Public\Desktop\??zill? Fir?fo?.lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat" => not found.

========================= File: C:\Windows\System32\DRIVERS\pg4uusb.sys ========================

File is digitally signed
MD5: 1E9BBC5FA2CC5A8A1213AFD2280CD576
Creation and modification date: 2015-02-26 11:43 - 2016-06-21 14:17
Size: 0121496
Attributes: ----A
Company Name:
Internal Name: pg4uusb
Original Name: pg4uusb.sys
Product: Windows 2k/XP USB driver for device programmer
Description: pg4uusb
File Version: 3.24.00.00
Product Version: 3.24.00.00
Copyright: (c) Elnec 2006

====== End of File: ======


========================= File: C:\Users\elektronicari\Desktop\MASMsetup.EXE ========================

File is digitally signed
MD5: 2DB5F0A1AB127255AC65879FFE455326
Creation and modification date: 2016-11-09 12:58 - 2016-11-09 12:58
Size: 0317712
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: Wextract
Original Name: WEXTRACT.EXE
Product: Microsoft® Windows® Operating System
Description: Win32 Cabinet Self-Extractor
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 6.00.2900.2180
Copyright: © Microsoft Corporation. All rights reserved.

====== End of File: ======


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3869303 B
Java, Flash, Steam htmlcache => 1265 B
Windows/system/drivers => 416894623 B
Edge => 0 B
Chrome => 7800756 B
Firefox => 373093058 B
Opera => 276756769 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 25464 B
LocalService => 0 B
NetworkService => 0 B
elektronicari => 1062106946 B
Administrator => 880946 B
admin => 3876060 B

RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:49:34 ====



https://www.mycity.rs/must-login.png

PS: Sa ADWcleanorm sam cistio pre nego sto sam postavio ovu temu, ali je problem nastavio da egzistira. Sada nema Ramblera.

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Cisto da budemo sigurni...

Arrow Ovog puta, fajl fixlist.txt sacuvaj tako sto ces otici na File > Save Us i dole u desnom uglu, pod Encoding: u padajucem meniju izaberi Unicode zapis (default je ANSI). Sacuvaj promene.

+ Slikovit prikaz primera




1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t Expl?r?r.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rnet Ex?lor?r (No Add-ons).lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?p?r?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle ?hr?me.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Firef??.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\??zill? Fir?fo?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Dusan
  • Elektrotehnicar Energetike
  • Pridružio: 23 Okt 2014
  • Poruke: 1192
  • Gde živiš: Beograd

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-01-2017
Ran by elektronicari (26-01-2017 14:24:06) Run:2
Running from C:\Users\elektronicari\Documents\DUĆA\Programi
Loaded Profiles: elektronicari (Available Profiles: elektronicari & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t Expl?r?r.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rnet Ex?lor?r (No Add-ons).lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?p?r?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle ?hr?me.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Firef??.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\??zill? Fir?fo?.lnk -> C:\Users\elektronicari\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat
*****************

Restore point was successfully created.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t Expl?r?r.lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rnet Ex?lor?r (No Add-ons).lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?p?r?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle ?hr?me.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Firef??.lnk" => Could not move.
"C:\Users\Public\Desktop\??zill? Fir?fo?.lnk" => Could not move.
"C:\Users\elektronicari\AppData\Roaming\Browsers\exe.erolpxei.bat" => not found.

==== End of Fixlog 14:24:32 ====

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju .

offline
  • Dusan
  • Elektrotehnicar Energetike
  • Pridružio: 23 Okt 2014
  • Poruke: 1192
  • Gde živiš: Beograd

Sve ok sad...


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Odlicno. To bi bilo to.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Dusan
  • Elektrotehnicar Energetike
  • Pridružio: 23 Okt 2014
  • Poruke: 1192
  • Gde živiš: Beograd

U redu, radim sutra. Hvala puno Void...

Ko je trenutno na forumu
 

Ukupno su 997 korisnika na forumu :: 38 registrovanih, 10 sakrivenih i 949 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Sale, babaroga, bojank, bokisha253, danilopu, doktor1964, DonRumataEstorski, drimer, dule10savic, elenemste, Excalibur13, FOX, Georgius, Ivica1102, Kubovac, Lutvo_Redzepagic, Magistar78, mercedesamg, milenko crazy north, milutin134, Motocar, nemkea71, nextyamb, nick79, nuke92, pacika, royst33, sevenino, slonic_tonic, sombrero, Steeeefan, trajkoni018, vlada035, Yugol33, YugoSlav, zdrebac, Čivi