Poslao: 26 Nov 2016 18:57
|
offline
- comi991
- Zaslužni građanin
- Pridružio: 27 Jun 2009
- Poruke: 525
- Gde živiš: Prijepolje-Srbija
|
-Problem se poceo desavati posle instaliranja sumnjivog softvera sa neta :/
- prvo se pojavio otvoren notepad i izcitavao je par sekundi neke komande, nisam uspeo da vidim koje al kao da je pretrazivao neke lokacija na c disku (razaznao sam da je nesto pisalo yahoo pa neka ekstenzija i facebook pa opet neka ekstenzija...itd , onda se na trenutak zacrneo ekran i ikonice od mozille i chroma su se zatamnile (i dalje su takve), a dobio sam nove dve identicne ikonice tih pretrazivaca al nisu vodile do njih vec do neke druge lokacije na C disku, nisam puno zagledao vac sam ih u brzini izbrisao.
-zbog bojazni preko pravog pretrazivaca sam izmenio sifre za mail i drustvene mreze al ne znam sta li je jos izcitao taj program
-avast ne pronalazi nista
internet je MTS adsl 6 Mbit/s,
- Za sada nista drugo nisam primetio
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by Mx2qi7 (administrator) on KIKICOMI (26-11-2016 18:52:48)
Running from C:\Users\Mx2qi7\Downloads
Loaded Profiles: Mx2qi7 (Available Profiles: Mx2qi7)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY InfoPoisk LLC) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Dell) C:\Users\Mx2qi7\AppData\Local\Apps\2.0\O6PXON18.5NK\7WJ3YK4K.BRR\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CHENGDU Yiwo Tech Development Co., Ltd.) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(MCor) C:\Users\Mx2qi7\AppData\Local\Temp\0E95375D-0326-4D9F-B1E7-536F4CF25A8E\EASEUS_Partition_Master_and_Serial_Key.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1364496 2013-06-28] (ABBYY Production LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2015-07-23] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe [1243328 2016-09-20] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Qualcomm®Atheros®)
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\Run: [uTorrent] => C:\Users\Mx2qi7\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-01] (BitTorrent Inc.)
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\Run: [DellSystemDetect] => C:\Users\Mx2qi7\AppData\Local\Apps\2.0\O6PXON18.5NK\7WJ3YK4K.BRR\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-30] (Dell)
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {29a4d6af-790d-11e5-82bf-bc855628994e} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {47617915-6536-11e5-82bb-bc855628994e} - "F:\LG_PC_Programs.exe"
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {bd98d746-c377-11e4-8257-bc855628994e} - "F:\LG_PC_Programs.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
Startup: C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-03-25]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{1C92EB8A-175B-4E9D-975A-480752D00D66}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450270508&from=mych123&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=d360d047d1e58e1bec72a44g6z8wfe4odm6e6wfe9b
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252002&z=9b6648a7546b512f1925daeg3z8zfm8o7w7oceee5g&from=wpm07173&uid=WDCXWD7500BPVT-75A1YT0_WX21A9298485A9298485&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450270508&from=mych123&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=d360d047d1e58e1bec72a44g6z8wfe4odm6e6wfe9b
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252002&z=9b6648a7546b512f1925daeg3z8zfm8o7w7oceee5g&from=wpm07173&uid=WDCXWD7500BPVT-75A1YT0_WX21A9298485A9298485&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450270508&from=mych123&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=d360d047d1e58e1bec72a44g6z8wfe4odm6e6wfe9b
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450270508&from=mych123&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=d360d047d1e58e1bec72a44g6z8wfe4odm6e6wfe9b
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://d2xkrcja1nf0mp.cloudfront.net/getfileg.ashx?e=7fSdujsAurrRlUsyAxGfFA==
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252002&z=9b6648a7546b512f1925daeg3z8zfm8o7w7oceee5g&from=wpm07173&uid=WDCXWD7500BPVT-75A1YT0_WX21A9298485A9298485&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252002&z=9b6648a7546b512f1925daeg3z8zfm8o7w7oceee5g&from=wpm07173&uid=WDCXWD7500BPVT-75A1YT0_WX21A9298485A9298485&q={searchTerms}
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450270508&from=zzgbkk123&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=d360d047d1e58e1bec72a44g6z8wfe4odm6e6wfe9b&q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2226422450-3240431047-2392391502-1001 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2226422450-3240431047-2392391502-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252002&z=9b6648a7546b512f1925daeg3z8zfm8o7w7oceee5g&from=wpm07173&uid=WDCXWD7500BPVT-75A1YT0_WX21A9298485A9298485&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2226422450-3240431047-2392391502-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450270508&from=zzgbkk123&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=d360d047d1e58e1bec72a44g6z8wfe4odm6e6wfe9b&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2226422450-3240431047-2392391502-1001 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-26] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-26] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-26] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
FireFox:
========
FF DefaultProfile: 3jqdq9h0.default
FF ProfilePath: C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default [2016-11-26]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3jqdq9h0.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\3jqdq9h0.default -> Avast Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3jqdq9h0.default -> Avast Search
FF Homepage: Mozilla\Firefox\Profiles\3jqdq9h0.default -> hxxps://d2xkrcja1nf0mp.cloudfront.net/getfileg.ashx?e=7fSdujsAurrRlUsyAxGfFA==
FF Keyword.URL: Mozilla\Firefox\Profiles\3jqdq9h0.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchPlugin: C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\searchplugins\avast-search.xml [2016-08-30]
FF SearchPlugin: C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\searchplugins\nice-.xml [2016-08-30]
FF ProfilePath: C:\Users\Mx2qi7\AppData\Roaming\ffgogogo\ffgogogo\Profiles\3jqdq9h0.default [2016-04-09]
FF NewTab: ffgogogo\ffgogogo\Profiles\3jqdq9h0.default -> chrome://quick_start/content/index.html
FF SelectedSearchEngine: ffgogogo\ffgogogo\Profiles\3jqdq9h0.default -> yoursites123
FF Homepage: ffgogogo\ffgogogo\Profiles\3jqdq9h0.default -> hxxp://www.yoursites123.com/?type=hp&ts=1452250833&z=46cec1b31d59180b9877721gdz0wdo3o6w6e9b5ccg&from=wpm01073&uid=WDCXWD7500BPVT-75A1YT0_WX21A9298485A9298485
FF Extension: (SimilarWeb) - C:\Users\Mx2qi7\AppData\Roaming\ffgogogo\ffgogogo\Profiles\3jqdq9h0.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2016-03-31] [not signed]
FF Extension: (Default NewTab) - C:\Users\Mx2qi7\AppData\Roaming\ffgogogo\ffgogogo\Profiles\3jqdq9h0.default\Extensions\default_newtabff@gmail.com [2016-03-30] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\extensions\deskCutv2@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\extensions\default_newtabff@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\extensions\arthurj8283@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\extensions\yahooprotected@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursites123.xml [2016-03-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2226422450-3240431047-2392391502-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mx2qi7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1463390428&from=87640516&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=309f615dfd610f2845ab3c7g9z4qfcfc8t6eaz6cbe
CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1463390428&from=87640516&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=309f615dfd610f2845ab3c7g9z4qfcfc8t6eaz6cbe"
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463390428&from=87640516&uid=wdcxwd7500bpvt-75a1yt0_wx21a9298485a9298485&z=309f615dfd610f2845ab3c7g9z4qfcfc8t6eaz6cbe&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Profile: C:\Users\Mx2qi7\AppData\Local\Google\Chrome\User Data\Default [2016-11-26]
CHR Extension: (Avast SafePrice) - C:\Users\Mx2qi7\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Avast Online Security) - C:\Users\Mx2qi7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-01]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Mx2qi7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\Mx2qi7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S2 FFModules; C:\Program Files (x86)\ffgogogo Browser\bin\browserServer.exe [1522392 2016-03-29] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
S2 Update Fact Fire; "C:\Program Files (x86)\Fact Fire\updateFactFire.exe" [X]
S2 Util Fact Fire; "C:\Program Files (x86)\Fact Fire\bin\utilFactFire.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-15] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [19456 2014-04-14] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R1 {35a55ce6-eae8-40c7-a487-ca1ed6a64287}Gw64; C:\Windows\System32\drivers\{35a55ce6-eae8-40c7-a487-ca1ed6a64287}Gw64.sys [48784 2015-10-31] (StdLib)
R1 {679505bf-5d41-4208-be75-41654d5bcc5d}Gw64; C:\Windows\System32\drivers\{679505bf-5d41-4208-be75-41654d5bcc5d}Gw64.sys [48784 2015-11-06] (StdLib)
R1 {77c03b85-8239-448c-86a3-1544af445977}Gw64; C:\Windows\System32\drivers\{77c03b85-8239-448c-86a3-1544af445977}Gw64.sys [48784 2015-10-25] (StdLib)
R1 {b4874625-5b9d-4bca-b0af-4b3587e6c6d2}Gw64; C:\Windows\System32\drivers\{b4874625-5b9d-4bca-b0af-4b3587e6c6d2}Gw64.sys [48784 2015-11-13] (StdLib)
R1 {b8b93792-c76a-4cbd-b107-100ae575ca27}Gw64; C:\Windows\System32\drivers\{b8b93792-c76a-4cbd-b107-100ae575ca27}Gw64.sys [48784 2015-11-10] (StdLib)
R1 {c5e6162e-f8e0-40ea-9237-d0aef65508e4}Gw64; C:\Windows\System32\drivers\{c5e6162e-f8e0-40ea-9237-d0aef65508e4}Gw64.sys [48784 2015-10-22] (StdLib)
R1 {d6e5b4cb-4df8-4cdf-9716-c4567a2c09b7}Gw64; C:\Windows\System32\drivers\{d6e5b4cb-4df8-4cdf-9716-c4567a2c09b7}Gw64.sys [48784 2015-11-03] (StdLib)
R1 {d7144955-56fd-442a-8677-572a933499db}Gw64; C:\Windows\System32\drivers\{d7144955-56fd-442a-8677-572a933499db}Gw64.sys [48784 2015-10-28] (StdLib)
S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 18:52 - 2016-11-26 18:53 - 00024833 _____ C:\Users\Mx2qi7\Downloads\FRST.txt
2016-11-26 18:52 - 2016-11-26 18:52 - 00000000 ____D C:\FRST
2016-11-26 18:51 - 2016-11-26 18:51 - 02412032 _____ (Farbar) C:\Users\Mx2qi7\Downloads\FRST64.exe
2016-11-26 18:24 - 2016-11-26 18:24 - 03951944 _____ (Imagine company) C:\Users\Mx2qi7\Downloads\EASEUS Partition Master and Serial Key.exe
2016-11-26 18:24 - 2016-11-26 18:24 - 00002039 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvаst SаfеZone Browsеr.lnk
2016-11-26 18:24 - 2016-11-26 18:24 - 00001463 ___RS C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxрlоrer.lnk
2016-11-26 18:24 - 2016-11-26 18:24 - 00001184 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
2016-11-26 18:24 - 2016-11-26 18:24 - 00001169 ___RS C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооgle Chrome.lnk
2016-11-26 18:24 - 2016-11-26 18:24 - 00000000 ____D C:\Users\Mx2qi7\AppData\Roaming\SPI
2016-11-26 18:24 - 2016-11-26 18:24 - 00000000 ____D C:\Users\Mx2qi7\AppData\Roaming\Browsers
2016-11-26 18:18 - 2016-11-26 18:18 - 00000000 ___RD C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-26 18:18 - 2016-11-26 18:18 - 00000000 ____D C:\Users\Mx2qi7\AppData\Roaming\epm
2016-11-26 18:14 - 2016-11-26 18:14 - 00000000 _____ C:\Windows\BcdLog.txt
2016-11-26 18:09 - 2016-11-26 18:09 - 00001354 _____ C:\Users\Public\Desktop\EaseUS Partition Master 11.9.lnk
2016-11-26 18:09 - 2016-11-26 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 11.9
2016-11-26 18:09 - 2016-11-26 18:09 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-11-26 18:09 - 2016-10-08 13:46 - 03851456 _____ C:\Windows\system32\BootMan.exe
2016-11-26 18:09 - 2016-10-08 13:45 - 02936512 _____ C:\Windows\SysWOW64\BootMan.exe
2016-11-26 18:09 - 2016-07-11 10:01 - 00101984 _____ C:\Windows\system32\setupempdrvx64.exe
2016-11-26 18:09 - 2016-07-11 10:01 - 00088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2016-11-26 18:09 - 2016-07-11 10:01 - 00010848 _____ C:\Windows\system32\EuGdiDrv.sys
2016-11-26 18:09 - 2016-07-11 10:01 - 00010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2016-11-26 18:09 - 2016-07-08 15:28 - 00248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb
2016-11-26 18:09 - 2016-01-14 10:05 - 00024056 _____ C:\Windows\system32\epmntdrv.sys
2016-11-26 18:09 - 2016-01-14 10:05 - 00021496 _____ C:\Windows\SysWOW64\epmntdrv.sys
2016-11-26 18:09 - 2014-11-18 14:46 - 00021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2016-11-26 18:09 - 2014-11-18 14:46 - 00017504 _____ C:\Windows\system32\EuEpmGdi.dll
2016-11-26 18:07 - 2016-11-26 18:08 - 53242944 _____ (EaseUS ) C:\Users\Mx2qi7\Downloads\epm_trial.exe
2016-11-26 17:58 - 2016-11-26 17:58 - 08578600 _____ (Piriform Ltd) C:\Users\Mx2qi7\Downloads\ccsetup524pro.exe
2016-11-26 17:58 - 2016-11-26 17:58 - 00000000 ____D C:\Users\Mx2qi7\.oracle_jre_usage
2016-11-26 17:14 - 2016-11-26 17:14 - 00000000 ____D C:\Users\Mx2qi7\VirtualBox VMs
2016-11-26 17:09 - 2016-11-26 17:11 - 123014112 _____ (Oracle Corporation) C:\Users\Mx2qi7\Downloads\VirtualBox-5.1.10-112026-Win.exe
2016-11-22 17:51 - 2016-11-25 16:36 - 00009860 _____ C:\Users\Mx2qi7\Documents\igrica.xlsx
2016-11-21 17:44 - 2016-11-21 17:44 - 00206416 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2016-11-21 17:44 - 2016-11-21 17:44 - 00132120 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2016-11-04 18:01 - 2016-11-04 18:01 - 00002109 _____ C:\Users\Mx2qi7\Desktop\Popcorn-Time.lnk
2016-11-04 18:01 - 2016-11-04 18:01 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\Chromium
2016-11-04 17:58 - 2016-11-04 17:58 - 00000000 ____D C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-11-04 17:57 - 2016-11-04 18:01 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\Popcorn-Time
2016-11-04 17:55 - 2016-11-04 17:56 - 61757061 _____ (Popcorn Time) C:\Users\Mx2qi7\Downloads\Popcorn-Time-0.3.10-Setup.exe
2016-11-04 17:48 - 2016-11-04 17:48 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\dummy.txt
2016-11-03 22:05 - 2016-10-30 18:50 - 209778720 _____ C:\Users\Mx2qi7\Desktop\Quantico.S01E14.720p.HDTV.x265.ShAaNiG.mkv
2016-11-03 22:04 - 2016-10-30 18:47 - 209777017 _____ C:\Users\Mx2qi7\Desktop\Quantico.S01E13.720p.HDTV.x265.ShAaNiG.mkv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 18:31 - 2015-03-01 21:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 18:29 - 2015-01-30 21:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2226422450-3240431047-2392391502-1001
2016-11-26 18:25 - 2015-02-08 00:18 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\CrashDumps
2016-11-26 18:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-11-26 18:22 - 2015-01-30 21:52 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 18:22 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-11-26 18:17 - 2015-01-30 21:59 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 18:16 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 18:16 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-11-26 18:04 - 2015-01-30 21:59 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-26 18:01 - 2015-04-01 13:34 - 00000000 ____D C:\Windows\Minidump
2016-11-26 18:01 - 2015-03-10 18:20 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 11
2016-11-26 18:01 - 2015-03-10 17:01 - 00000000 ____D C:\Users\Mx2qi7\AppData\Roaming\uTorrent
2016-11-26 18:01 - 2015-01-31 06:32 - 00000000 ____D C:\Windows\Panther
2016-11-26 18:00 - 2015-08-08 22:58 - 00000000 ____D C:\ProgramData\MCShield
2016-11-26 17:58 - 2015-01-30 21:48 - 00000000 ____D C:\Users\Mx2qi7
2016-11-26 17:51 - 2016-09-26 12:14 - 00000000 ____D C:\Program Files\TrueKey
2016-11-22 20:31 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-22 20:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-16 13:58 - 2016-09-26 12:25 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-11-15 20:07 - 2015-01-30 22:01 - 00002217 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 20:07 - 2015-01-30 22:01 - 00002205 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-09 16:45 - 2015-01-30 23:50 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 18:31 - 2015-03-01 21:04 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 18:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 18:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-04 10:51 - 2016-09-26 12:24 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-11-03 22:07 - 2016-09-13 20:27 - 00000000 ____D C:\Users\Mx2qi7\Desktop\Subs
2016-10-30 19:39 - 2015-03-28 20:58 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-10-30 18:10 - 2016-09-26 12:14 - 00000000 ____D C:\ProgramData\McAfee
2016-10-28 18:27 - 2015-01-30 21:59 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\Google
==================== Files in the root of some directories =======
2015-10-22 19:20 - 2016-03-18 15:11 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\SIntf16.dll
C:\Windows\SysWOW64\SIntf32.dll
C:\Windows\SysWOW64\SIntfNT.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-04 17:26
==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 26 Nov 2016 19:18
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Zdravo,
Potrebno je da reinstaliras Chrome, jer je sad aktivna developer verzija. Pre reinstalacije mozes sacuvati svoje bookmarke i posle ih ubaciti u novoinstalirani Chrome.
-------------
Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
|
|
|
|
Poslao: 26 Nov 2016 19:57
|
offline
- comi991
- Zaslužni građanin
- Pridružio: 27 Jun 2009
- Poruke: 525
- Gde živiš: Prijepolje-Srbija
|
https://www.mycity.rs/must-login.png
Mada meni ovde pise [C0] a ne [C1]
tokom "Cleaning"-a par puta je pisalo not responding, al bi ubrzo nastavio rad...
izbrisao sam chrom i uskoro cu ga opet instalirati ali mi je ikonica od mozile i dalje "bleda" evo na slici msm da se vidi razlika
|
|
|
|
Poslao: 26 Nov 2016 20:48
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Postavi novi FRST log i Addition log, bas kao i pri otvaranju teme.
|
|
|
|
Poslao: 26 Nov 2016 21:02
|
offline
- comi991
- Zaslužni građanin
- Pridružio: 27 Jun 2009
- Poruke: 525
- Gde živiš: Prijepolje-Srbija
|
Napisano: 26 Nov 2016 21:02
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by Mx2qi7 (administrator) on KIKICOMI (26-11-2016 20:59:43)
Running from C:\Users\Mx2qi7\Downloads
Loaded Profiles: Mx2qi7 (Available Profiles: Mx2qi7)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ABBYY InfoPoisk LLC) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Dell) C:\Users\Mx2qi7\AppData\Local\Apps\2.0\O6PXON18.5NK\7WJ3YK4K.BRR\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1364496 2013-06-28] (ABBYY Production LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2015-07-23] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [EaseUS Cleanup] => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe" 10 300
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Qualcomm®Atheros®)
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\Run: [uTorrent] => C:\Users\Mx2qi7\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-01] (BitTorrent Inc.)
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\Run: [DellSystemDetect] => C:\Users\Mx2qi7\AppData\Local\Apps\2.0\O6PXON18.5NK\7WJ3YK4K.BRR\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-30] (Dell)
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {29a4d6af-790d-11e5-82bf-bc855628994e} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {40105b80-a8bf-11e4-824b-806e6f6e6963} - "E:\setup.exe"
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {47617915-6536-11e5-82bb-bc855628994e} - "F:\LG_PC_Programs.exe"
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {bd98d746-c377-11e4-8257-bc855628994e} - "F:\LG_PC_Programs.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
Startup: C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-03-25]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{1C92EB8A-175B-4E9D-975A-480752D00D66}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://d2xkrcja1nf0mp.cloudfront.net/getfileg.ashx?e=7fSdujsAurrRlUsyAxGfFA==
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2226422450-3240431047-2392391502-1001 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2226422450-3240431047-2392391502-1001 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-26] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-26] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-26] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
FireFox:
========
FF DefaultProfile: 3jqdq9h0.default
FF ProfilePath: C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default [2016-11-26]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3jqdq9h0.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\3jqdq9h0.default -> Avast Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3jqdq9h0.default -> Avast Search
FF Homepage: Mozilla\Firefox\Profiles\3jqdq9h0.default -> hxxps://d2xkrcja1nf0mp.cloudfront.net/getfileg.ashx?e=7fSdujsAurrRlUsyAxGfFA==
FF Keyword.URL: Mozilla\Firefox\Profiles\3jqdq9h0.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchPlugin: C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\searchplugins\avast-search.xml [2016-08-30]
FF SearchPlugin: C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\searchplugins\nice-.xml [2016-08-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursites123.xml [2016-03-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2226422450-3240431047-2392391502-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mx2qi7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S2 Update Fact Fire; "C:\Program Files (x86)\Fact Fire\updateFactFire.exe" [X]
S2 Util Fact Fire; "C:\Program Files (x86)\Fact Fire\bin\utilFactFire.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-15] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [19456 2014-04-14] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R1 {35a55ce6-eae8-40c7-a487-ca1ed6a64287}Gw64; C:\Windows\System32\drivers\{35a55ce6-eae8-40c7-a487-ca1ed6a64287}Gw64.sys [48784 2015-10-31] (StdLib)
R1 {679505bf-5d41-4208-be75-41654d5bcc5d}Gw64; C:\Windows\System32\drivers\{679505bf-5d41-4208-be75-41654d5bcc5d}Gw64.sys [48784 2015-11-06] (StdLib)
R1 {77c03b85-8239-448c-86a3-1544af445977}Gw64; C:\Windows\System32\drivers\{77c03b85-8239-448c-86a3-1544af445977}Gw64.sys [48784 2015-10-25] (StdLib)
R1 {b4874625-5b9d-4bca-b0af-4b3587e6c6d2}Gw64; C:\Windows\System32\drivers\{b4874625-5b9d-4bca-b0af-4b3587e6c6d2}Gw64.sys [48784 2015-11-13] (StdLib)
R1 {b8b93792-c76a-4cbd-b107-100ae575ca27}Gw64; C:\Windows\System32\drivers\{b8b93792-c76a-4cbd-b107-100ae575ca27}Gw64.sys [48784 2015-11-10] (StdLib)
R1 {c5e6162e-f8e0-40ea-9237-d0aef65508e4}Gw64; C:\Windows\System32\drivers\{c5e6162e-f8e0-40ea-9237-d0aef65508e4}Gw64.sys [48784 2015-10-22] (StdLib)
R1 {d6e5b4cb-4df8-4cdf-9716-c4567a2c09b7}Gw64; C:\Windows\System32\drivers\{d6e5b4cb-4df8-4cdf-9716-c4567a2c09b7}Gw64.sys [48784 2015-11-03] (StdLib)
R1 {d7144955-56fd-442a-8677-572a933499db}Gw64; C:\Windows\System32\drivers\{d7144955-56fd-442a-8677-572a933499db}Gw64.sys [48784 2015-10-28] (StdLib)
S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 20:58 - 2016-11-26 20:58 - 02412032 _____ (Farbar) C:\Users\Mx2qi7\Downloads\FRST64(1).exe.part
2016-11-26 20:04 - 2016-11-26 20:04 - 00000000 ___RD C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-26 19:51 - 2016-11-26 19:51 - 00015305 _____ C:\Users\Mx2qi7\Desktop\AdwCleaner[C0].txt
2016-11-26 19:30 - 2016-11-26 19:39 - 00000000 ____D C:\AdwCleaner
2016-11-26 19:29 - 2016-11-26 19:29 - 03910208 _____ C:\Users\Mx2qi7\Desktop\AdwCleaner.exe
2016-11-26 18:52 - 2016-11-26 21:00 - 00018088 _____ C:\Users\Mx2qi7\Downloads\FRST.txt
2016-11-26 18:52 - 2016-11-26 20:59 - 00000000 ____D C:\FRST
2016-11-26 18:51 - 2016-11-26 18:51 - 02412032 _____ (Farbar) C:\Users\Mx2qi7\Downloads\FRST64.exe
2016-11-26 18:24 - 2016-11-26 18:24 - 03951944 _____ (Imagine company) C:\Users\Mx2qi7\Downloads\EASEUS Partition Master and Serial Key.exe
2016-11-26 18:24 - 2016-11-26 18:24 - 00002039 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvаst SаfеZone Browsеr.lnk
2016-11-26 18:24 - 2016-11-26 18:24 - 00001463 ___RS C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxрlоrer.lnk
2016-11-26 18:24 - 2016-11-26 18:24 - 00001184 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
2016-11-26 18:24 - 2016-11-26 18:24 - 00001169 ___RS C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооgle Chrome.lnk
2016-11-26 18:24 - 2016-11-26 18:24 - 00000000 ____D C:\Users\Mx2qi7\AppData\Roaming\SPI
2016-11-26 18:14 - 2016-11-26 18:14 - 00000000 _____ C:\Windows\BcdLog.txt
2016-11-26 18:09 - 2016-11-26 18:09 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-11-26 18:07 - 2016-11-26 18:08 - 53242944 _____ (EaseUS ) C:\Users\Mx2qi7\Downloads\epm_trial.exe
2016-11-26 17:58 - 2016-11-26 17:58 - 08578600 _____ (Piriform Ltd) C:\Users\Mx2qi7\Downloads\ccsetup524pro.exe
2016-11-26 17:58 - 2016-11-26 17:58 - 00000000 ____D C:\Users\Mx2qi7\.oracle_jre_usage
2016-11-26 17:14 - 2016-11-26 17:14 - 00000000 ____D C:\Users\Mx2qi7\VirtualBox VMs
2016-11-26 17:09 - 2016-11-26 17:11 - 123014112 _____ (Oracle Corporation) C:\Users\Mx2qi7\Downloads\VirtualBox-5.1.10-112026-Win.exe
2016-11-22 17:51 - 2016-11-25 16:36 - 00009860 _____ C:\Users\Mx2qi7\Documents\igrica.xlsx
2016-11-21 17:44 - 2016-11-21 17:44 - 00206416 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2016-11-21 17:44 - 2016-11-21 17:44 - 00132120 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2016-11-04 18:01 - 2016-11-04 18:01 - 00002109 _____ C:\Users\Mx2qi7\Desktop\Popcorn-Time.lnk
2016-11-04 18:01 - 2016-11-04 18:01 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\Chromium
2016-11-04 17:58 - 2016-11-04 17:58 - 00000000 ____D C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-11-04 17:57 - 2016-11-04 18:01 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\Popcorn-Time
2016-11-04 17:55 - 2016-11-04 17:56 - 61757061 _____ (Popcorn Time) C:\Users\Mx2qi7\Downloads\Popcorn-Time-0.3.10-Setup.exe
2016-11-04 17:48 - 2016-11-04 17:48 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\dummy.txt
2016-11-03 22:05 - 2016-10-30 18:50 - 209778720 _____ C:\Users\Mx2qi7\Desktop\Quantico.S01E14.720p.HDTV.x265.ShAaNiG.mkv
2016-11-03 22:04 - 2016-10-30 18:47 - 209777017 _____ C:\Users\Mx2qi7\Desktop\Quantico.S01E13.720p.HDTV.x265.ShAaNiG.mkv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 20:31 - 2015-03-01 21:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 20:18 - 2015-01-30 21:54 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2226422450-3240431047-2392391502-1001
2016-11-26 20:04 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 19:39 - 2015-11-18 12:56 - 00000000 ____D C:\Windows\system32\log
2016-11-26 19:39 - 2015-01-30 21:49 - 00001003 _____ C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-26 19:30 - 2015-01-30 21:52 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 19:30 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-11-26 19:27 - 2015-01-30 21:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-26 19:26 - 2015-01-30 21:59 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\Google
2016-11-26 18:25 - 2015-02-08 00:18 - 00000000 ____D C:\Users\Mx2qi7\AppData\Local\CrashDumps
2016-11-26 18:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-11-26 18:16 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-11-26 18:01 - 2015-04-01 13:34 - 00000000 ____D C:\Windows\Minidump
2016-11-26 18:01 - 2015-03-10 18:20 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 11
2016-11-26 18:01 - 2015-03-10 17:01 - 00000000 ____D C:\Users\Mx2qi7\AppData\Roaming\uTorrent
2016-11-26 18:01 - 2015-01-31 06:32 - 00000000 ____D C:\Windows\Panther
2016-11-26 18:00 - 2015-08-08 22:58 - 00000000 ____D C:\ProgramData\MCShield
2016-11-26 17:58 - 2015-01-30 21:48 - 00000000 ____D C:\Users\Mx2qi7
2016-11-26 17:51 - 2016-09-26 12:14 - 00000000 ____D C:\Program Files\TrueKey
2016-11-22 20:31 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-22 20:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-16 13:58 - 2016-09-26 12:25 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-11-09 16:45 - 2015-01-30 23:50 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 18:31 - 2015-03-01 21:04 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 18:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 18:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-04 10:51 - 2016-09-26 12:24 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-11-03 22:07 - 2016-09-13 20:27 - 00000000 ____D C:\Users\Mx2qi7\Desktop\Subs
2016-10-30 19:39 - 2015-03-28 20:58 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-10-30 18:10 - 2016-09-26 12:14 - 00000000 ____D C:\ProgramData\McAfee
Some files in TEMP:
====================
C:\Users\Mx2qi7\AppData\Local\Temp\libeay32.dll
C:\Users\Mx2qi7\AppData\Local\Temp\msvcr120.dll
C:\Users\Mx2qi7\AppData\Local\Temp\sqlite3.dll
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\SIntf16.dll
C:\Windows\SysWOW64\SIntf32.dll
C:\Windows\SysWOW64\SIntfNT.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-26 20:18
==================== End of FRST.txt ============================
Dopuna: 26 Nov 2016 21:02
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 26 Nov 2016 22:01
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Pre nego sto pocnemo, za svaki slucaj exportuj i bookmarke za Firefox.
-------------
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
CreateRestorePoint:
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {29a4d6af-790d-11e5-82bf-bc855628994e} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {40105b80-a8bf-11e4-824b-806e6f6e6963} - "E:\setup.exe"
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {47617915-6536-11e5-82bb-bc855628994e} - "F:\LG_PC_Programs.exe"
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\...\MountPoints2: {bd98d746-c377-11e4-8257-bc855628994e} - "F:\LG_PC_Programs.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-2226422450-3240431047-2392391502-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://d2xkrcja1nf0mp.cloudfront.net/getfileg.ashx?e=7fSdujsAurrRlUsyAxGfFA==
FF Homepage: Mozilla\Firefox\Profiles\3jqdq9h0.default -> hxxps://d2xkrcja1nf0mp.cloudfront.net/getfileg.ashx?e=7fSdujsAurrRlUsyAxGfFA==
FF SearchPlugin: C:\Users\Mx2qi7\AppData\Roaming\Mozilla\Firefox\Profiles\3jqdq9h0.default\searchplugins\nice-.xml [2016-08-30]
C:\ProgramData\Guntony
C:\Program Files (x86)\Guntony
Shortcut: C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооgle Chrome.lnk -> C:\Users\Mx2qi7\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxрlоrer.lnk -> C:\Users\Mx2qi7\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоmе.lnk -> C:\Users\Mx2qi7\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnеt Explorеr Вrоwser.lnk -> C:\Users\Mx2qi7\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfоx - Мozillа.lnk -> C:\Users\Mx2qi7\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Mx2qi7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fc055bbd87c30a9d\Guntоny.lnk -> C:\Users\Mx2qi7\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk -> C:\Users\Mx2qi7\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvаst SаfеZone Browsеr.lnk -> C:\Users\Mx2qi7\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
R1 {35a55ce6-eae8-40c7-a487-ca1ed6a64287}Gw64; C:\Windows\System32\drivers\{35a55ce6-eae8-40c7-a487-ca1ed6a64287}Gw64.sys [48784 2015-10-31] (StdLib)
R1 {679505bf-5d41-4208-be75-41654d5bcc5d}Gw64; C:\Windows\System32\drivers\{679505bf-5d41-4208-be75-41654d5bcc5d}Gw64.sys [48784 2015-11-06] (StdLib)
R1 {77c03b85-8239-448c-86a3-1544af445977}Gw64; C:\Windows\System32\drivers\{77c03b85-8239-448c-86a3-1544af445977}Gw64.sys [48784 2015-10-25] (StdLib)
R1 {b4874625-5b9d-4bca-b0af-4b3587e6c6d2}Gw64; C:\Windows\System32\drivers\{b4874625-5b9d-4bca-b0af-4b3587e6c6d2}Gw64.sys [48784 2015-11-13] (StdLib)
R1 {b8b93792-c76a-4cbd-b107-100ae575ca27}Gw64; C:\Windows\System32\drivers\{b8b93792-c76a-4cbd-b107-100ae575ca27}Gw64.sys [48784 2015-11-10] (StdLib)
R1 {c5e6162e-f8e0-40ea-9237-d0aef65508e4}Gw64; C:\Windows\System32\drivers\{c5e6162e-f8e0-40ea-9237-d0aef65508e4}Gw64.sys [48784 2015-10-22] (StdLib)
R1 {d6e5b4cb-4df8-4cdf-9716-c4567a2c09b7}Gw64; C:\Windows\System32\drivers\{d6e5b4cb-4df8-4cdf-9716-c4567a2c09b7}Gw64.sys [48784 2015-11-03] (StdLib)
R1 {d7144955-56fd-442a-8677-572a933499db}Gw64; C:\Windows\System32\drivers\{d7144955-56fd-442a-8677-572a933499db}Gw64.sys [48784 2015-10-28] (StdLib)
EmptyTemp:
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
|
|
|
|
|
|
|
|