Brljotina

Brljotina

offline
  • Pridružio: 22 Feb 2011
  • Poruke: 33

Pozdrav
Naime pre neki dan sam naivno skino erki torent i komp je poceo da brljavi.Uradio sam sken MBM i pocistio sve.Medjutim jos uvek primecujem da to nije sve.
Primera radi na vicinu klikova na Opera brosweru otvaraju mi se novi glupavi prozori.

Hvala u napred na pomoci....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by kuureee (administrator) on KUUREEE-PC (14-06-2016 20:27:15)
Running from G:\Users\kuureee\Desktop
Loaded Profiles: kuureee (Available Profiles: kuureee)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) G:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) G:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) G:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() G:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
(Microsoft Corporation) G:\Program Files\Windows Sidebar\sidebar.exe
() F:\New folder\Viber.exe
(Popcorn Time) G:\Program Files (x86)\Popcorn Time\Updater.exe
(VMware, Inc.) G:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) F:\New folder (2)\vmware-authd.exe
(VMware, Inc.) G:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) G:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) G:\Windows\System32\alg.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera_crashreporter.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(TeamSpeak Systems GmbH) G:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(CCP hf.) G:\Program Files (x86)\CCP\EVE\bin\exefile.exe
(CCP hf.) G:\Program Files (x86)\CCP\EVE\bin\exefile.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\38.0.2220.29\opera.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\...\Run: [Viber] => F:\New folder\Viber.exe [51512528 2015-09-27] ()
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\...\Run: [uTorrent] => G:\Users\kuureee\AppData\Roaming\uTorrent\uTorrent.exe [1987584 2016-06-08] (BitTorrent Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-4139358893-2112486851-1280740277-1000] => hxxp://un-stop.info/wpad.dat?d4e2e2a1e93e09e04617b27368802d7c11545583
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{01A0C17A-2E49-4034-B5A0-A408A5FAEDE4}: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{0221840B-C6DA-4CA9-82D3-3E647A66EDBC}: [DhcpNameServer] 192.168.44.2
Tcpip\..\Interfaces\{2FF08D6A-4582-4A4B-8EC0-666DD75E5940}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4701C615-2985-432E-87D9-498FF9DAB727}: [DhcpNameServer] 192.168.187.1
Tcpip\..\Interfaces\{80B82E65-B0D1-4E76-A07F-6259AD41CD27}: [DhcpNameServer] 192.168.42.129
ManualProxies: 0hxxp://un-stop.info/wpad.dat?d4e2e2a1e93e09e04617b27368802d7c11545583

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ihotsee.com/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> G:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-05] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> G:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> G:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> G:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> G:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> G:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> G:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> G:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> G:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> G:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> G:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4139358893-2112486851-1280740277-1000: @my.com/Games -> G:\Users\kuureee\AppData\Local\MyComGames\NPMyComDetector.dll [2015-11-05] (My.com, Inc)

Chrome:
=======
CHR Profile: G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Google Docs) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-14]
CHR Extension: (Google Drive) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-14]
CHR Extension: (YouTube) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-14]
CHR Extension: (Google Sheets) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-14]
CHR Extension: (Google Docs Offline) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-14]
CHR Extension: (Gmail) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-14]
CHR Profile: G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-14]
CHR Extension: (Google Drive) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14]
CHR Extension: (YouTube) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-14]
CHR Extension: (Google Search) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Google Sheets) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-14]
CHR Extension: (Google Docs Offline) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-14]

Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (gera2ld) - G:\Users\kuureee\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2016-06-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; G:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 JSWHwBtn; G:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe [16384 2008-02-29] () [File not signed]
S3 jswpsapi; G:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 Update service; G:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 VMAuthdService; F:\New folder (2)\vmware-authd.exe [87768 2014-07-02] (VMware, Inc.)
R2 WinDefend; G:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 QqrCloudsrv; "G:\Program Files (x86)\Qiqerylugase\QqrCloudsrv.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; G:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 dtsoftbus01; G:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-11-26] (Disc Soft Ltd)
S3 ebdrv; G:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 NSNDIS5; G:\Windows\SysWOW64\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 SASDIFSV; G:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; G:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; G:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R2 VMparport; G:\Windows\system32\drivers\VMparport.sys [32472 2014-07-02] (VMware, Inc.)
R0 vsock; G:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-14 20:27 - 2016-06-14 20:27 - 00012073 _____ G:\Users\kuureee\Desktop\FRST.txt
2016-06-14 20:26 - 2016-06-14 20:26 - 02385920 _____ (Farbar) G:\Users\kuureee\Desktop\FRST64.exe
2016-06-14 19:39 - 2016-06-14 19:39 - 00468105 _____ G:\Users\kuureee\Desktop\Southpark.torrent
2016-06-13 23:42 - 2016-06-13 23:42 - 00008984 _____ G:\Windows\System32\Tasks\Qiqerylugase Cloud
2016-06-13 23:41 - 2016-06-13 23:45 - 00000000 ____D G:\Program Files (x86)\Atatuch
2016-06-13 23:41 - 2016-06-13 23:42 - 00000000 ____D G:\Program Files (x86)\Qiqerylugase
2016-06-13 23:41 - 2016-06-13 23:42 - 00000000 ____D G:\Program Files (x86)\Libasaraming
2016-06-13 23:41 - 2016-06-13 23:41 - 00000000 ____D G:\extensions
2016-06-13 23:28 - 2016-06-13 23:28 - 00039313 _____ G:\Users\kuureee\Desktop\South.Park.S10.720p.WEB-DL.h264-CtrlHD.torrent
2016-06-09 16:34 - 2016-06-09 16:34 - 00000000 ____D G:\ProgramData\Verimatrix
2016-06-08 14:10 - 2016-06-08 14:10 - 00000000 ____D G:\ProgramData\WarThunder
2016-06-06 16:49 - 2016-06-06 16:49 - 00000010 _____ G:\Users\kuureee\Desktop\id.txt
2016-06-06 11:14 - 2016-06-06 11:14 - 00000000 ____D G:\ProgramData\Gaijin
2016-05-23 22:22 - 2016-05-23 22:22 - 00017941 _____ G:\Users\kuureee\Desktop\The Man in the High Castle.Season.01.WebRip x264-Zamunda.NET.torrent
2016-05-23 13:13 - 2016-05-24 06:45 - 00002896 _____ G:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-05-23 13:13 - 2016-05-24 06:45 - 00002896 _____ G:\Windows\system32\LavasoftTcpServiceOff.ini
2016-05-23 13:13 - 2016-05-23 13:13 - 00425744 _____ (Lavasoft Limited) G:\Windows\system32\LavasoftTcpService64.dll
2016-05-23 13:13 - 2016-05-23 13:13 - 00345360 _____ (Lavasoft Limited) G:\Windows\SysWOW64\LavasoftTcpService.dll
2016-05-22 14:52 - 2016-05-22 14:53 - 01788712 _____ (techPowerUp (www.techpowerup.com)) G:\Users\kuureee\Desktop\GPU-Z.0.8.8.exe
2016-05-22 09:10 - 2016-06-06 10:07 - 00000000 ____D G:\Windows\SysWOW64\.launcher_log
2016-05-21 19:34 - 2016-06-13 23:58 - 00001458 _____ G:\Users\Public\Desktop\WarThunder.lnk
2016-05-21 19:34 - 2016-06-10 22:50 - 00000000 ____D G:\WarThunder
2016-05-21 19:34 - 2016-05-21 19:34 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2016-05-21 19:32 - 2016-05-21 19:33 - 05446888 _____ (Gaijin Entertainment ) G:\Users\kuureee\Desktop\wt_launcher_1.0.1.632.exe
2016-05-15 13:19 - 2016-06-13 23:58 - 00001119 _____ G:\Users\Public\Desktop\NRadioBox.exe.lnk
2016-05-15 13:19 - 2016-05-15 13:19 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\NRadioBox
2016-05-15 13:19 - 2016-05-15 13:19 - 00000000 ____D G:\Program Files (x86)\NRadioBox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-14 20:27 - 2016-04-12 17:20 - 00000000 ____D G:\FRST
2016-06-14 20:02 - 2015-11-05 00:58 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\TS3Client
2016-06-14 19:50 - 2015-11-05 00:37 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\uTorrent
2016-06-14 19:43 - 2016-05-06 15:47 - 00000830 _____ G:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-14 19:35 - 2015-11-05 01:01 - 00000898 _____ G:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 19:21 - 2009-07-14 06:45 - 00021072 ____H G:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-14 19:21 - 2009-07-14 06:45 - 00021072 ____H G:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-14 19:18 - 2009-07-14 07:13 - 00785910 _____ G:\Windows\system32\PerfStringBackup.INI
2016-06-14 19:18 - 2009-07-14 05:20 - 00000000 ____D G:\Windows\inf
2016-06-14 19:15 - 2015-11-05 00:02 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\ViberPC
2016-06-14 19:13 - 2016-01-13 09:12 - 00000000 ____D G:\ProgramData\VMware
2016-06-14 19:13 - 2015-11-05 01:01 - 00000894 _____ G:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-14 19:13 - 2009-07-14 07:08 - 00000006 ____H G:\Windows\Tasks\SA.DAT
2016-06-14 00:10 - 2015-11-05 00:48 - 00192216 _____ (Malwarebytes) G:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-14 00:06 - 2015-11-05 00:38 - 00000832 _____ G:\Users\Public\Desktop\CCleaner.lnk
2016-06-14 00:04 - 2016-02-13 17:05 - 00000000 ____D G:\Users\kuureee\Desktop\SLIKE
2016-06-13 23:58 - 2016-05-14 14:45 - 00001092 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
2016-06-13 23:58 - 2016-03-19 01:36 - 00001224 _____ G:\Users\Public\Desktop\Wise Auto Shutdown.lnk
2016-06-13 23:58 - 2016-03-18 18:01 - 00003133 _____ G:\Users\kuureee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Readon TV Movie Radio Player.lnk
2016-06-13 23:58 - 2016-03-18 18:01 - 00003127 _____ G:\Users\kuureee\Desktop\Readon TV Movie Radio Player.lnk
2016-06-13 23:58 - 2016-03-13 10:26 - 00000693 _____ G:\Users\Public\Desktop\Hitman Absolution - Professional Edition.lnk
2016-06-13 23:58 - 2016-03-05 01:14 - 00001856 _____ G:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-06-13 23:58 - 2016-02-14 14:15 - 00002061 _____ G:\Users\kuureee\Desktop\VirusTotal Uploader 2.0.lnk
2016-06-13 23:58 - 2016-02-01 17:43 - 00001345 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\American Truck Simulator.lnk
2016-06-13 23:58 - 2016-02-01 17:43 - 00001339 _____ G:\Users\Public\Desktop\American Truck Simulator.lnk
2016-06-13 23:58 - 2016-01-26 11:32 - 00000796 _____ G:\Users\Public\Desktop\QSS.lnk
2016-06-13 23:58 - 2016-01-17 14:25 - 00001327 _____ G:\Users\kuureee\Desktop\Who Is On My Wifi.lnk
2016-06-13 23:58 - 2016-01-15 10:59 - 00001216 _____ G:\ProgramData\Microsoft\Windows\Start Menu\TMAC v6.lnk
2016-06-13 23:58 - 2016-01-15 10:59 - 00001204 _____ G:\Users\Public\Desktop\TMAC v6.lnk
2016-06-13 23:58 - 2016-01-13 09:12 - 00001591 _____ G:\Users\Public\Desktop\VMware Player.lnk
2016-06-13 23:58 - 2015-11-29 18:46 - 00001115 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2016-06-13 23:58 - 2015-11-29 18:46 - 00001039 _____ G:\Users\Public\Desktop\foobar2000.lnk
2016-06-13 23:58 - 2015-11-22 23:31 - 00001205 _____ G:\Users\Public\Desktop\Popcorn Time.lnk
2016-06-13 23:58 - 2015-11-14 21:51 - 00001260 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\zc1h3r7o5m4e.lnk
2016-06-13 23:58 - 2015-11-13 21:30 - 00001178 _____ G:\Users\Public\Desktop\Smart Defrag 4.lnk
2016-06-13 23:58 - 2015-11-07 21:20 - 00001223 _____ G:\Users\kuureee\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-06-13 23:58 - 2015-11-07 21:20 - 00001193 _____ G:\Users\Public\Desktop\GOM Player.lnk
2016-06-13 23:58 - 2015-11-07 09:04 - 00000917 _____ G:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-06-13 23:58 - 2015-11-05 01:43 - 00001998 _____ G:\Users\kuureee\Desktop\My.com Game Center.lnk
2016-06-13 23:58 - 2015-11-05 01:16 - 00000760 _____ G:\Users\Public\Desktop\EVE Online.lnk
2016-06-13 23:58 - 2015-11-05 01:01 - 00002193 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 23:58 - 2015-11-05 00:57 - 00001015 _____ G:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-06-13 23:58 - 2015-11-05 00:47 - 00001110 _____ G:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-13 23:58 - 2015-11-05 00:39 - 00002429 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-06-13 23:58 - 2015-11-05 00:39 - 00002023 _____ G:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-06-13 23:58 - 2015-11-05 00:39 - 00001155 _____ G:\Users\Public\Desktop\CDBurnerXP.lnk
2016-06-13 23:58 - 2015-11-05 00:39 - 00001107 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-06-13 23:58 - 2015-11-05 00:38 - 00002593 _____ G:\Users\kuureee\Desktop\µTorrent.lnk
2016-06-13 23:58 - 2015-11-05 00:38 - 00002573 _____ G:\Users\kuureee\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-06-13 23:58 - 2015-11-05 00:14 - 00001125 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-06-13 23:58 - 2015-11-05 00:14 - 00001119 _____ G:\Users\Public\Desktop\Opera.lnk
2016-06-13 23:58 - 2015-11-04 23:41 - 00001315 _____ G:\Users\kuureee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-13 23:58 - 2015-07-19 00:40 - 00001333 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-06-13 23:58 - 2015-07-19 00:40 - 00001314 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-06-13 23:58 - 2009-07-14 07:01 - 00001218 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-06-13 23:58 - 2009-07-14 06:57 - 00001511 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-13 23:58 - 2009-07-14 06:57 - 00001292 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-06-13 23:58 - 2009-07-14 06:57 - 00001234 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-06-13 23:58 - 2009-07-14 06:54 - 00001198 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-06-13 23:58 - 2009-07-14 06:49 - 00001246 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-06-13 23:57 - 2009-07-14 05:20 - 00000000 ____D G:\Windows\schemas
2016-06-13 23:39 - 2016-05-02 11:43 - 00000000 ____D G:\Users\kuureee\Desktop\New folder (2)
2016-06-13 19:21 - 2015-11-07 17:53 - 00000000 ____D G:\Users\kuureee\Documents\ViberDownloads
2016-06-12 22:29 - 2015-11-29 18:46 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\foobar2000
2016-06-12 00:52 - 2016-05-06 15:47 - 00000892 _____ G:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-11 17:05 - 2009-07-14 05:20 - 00000000 ____D G:\Windows\system32\NDF
2016-06-09 19:23 - 2015-11-05 00:14 - 00003850 _____ G:\Windows\System32\Tasks\Opera scheduled Autoupdate 1446675288
2016-06-09 19:23 - 2015-11-05 00:13 - 00000000 ____D G:\Program Files (x86)\Opera
2016-06-09 13:46 - 2015-11-22 23:31 - 00000000 ____D G:\Users\kuureee\Downloads\PopcornTime
2016-06-08 09:05 - 2016-01-10 19:37 - 00000000 ____D G:\Program Files\SUPERAntiSpyware
2016-06-05 01:56 - 2016-03-19 01:36 - 00000000 ____D G:\Windows\System32\Tasks\WiseCleaner
2016-06-05 01:56 - 2016-03-19 01:36 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Auto Shutdown
2016-05-27 22:07 - 2016-03-18 18:11 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\vlc
2016-05-27 22:05 - 2016-03-18 18:01 - 00000000 ____D G:\Users\kuureee\Documents\Readon Player
2016-05-21 19:34 - 2015-11-26 19:59 - 00000000 ____D G:\Users\kuureee\Documents\My Games
2016-05-21 10:14 - 2015-11-04 23:54 - 00000000 ____D G:\Users\kuureee\AppData\Local\ElevatedDiagnostics
2016-05-17 09:35 - 2009-07-14 07:08 - 00032580 _____ G:\Windows\Tasks\SCHEDLGU.TXT
2016-05-15 00:43 - 2016-05-06 15:47 - 00003894 _____ G:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-05-15 00:43 - 2016-05-06 15:47 - 00003768 _____ G:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-15 00:43 - 2015-11-05 01:00 - 00797376 _____ (Adobe Systems Incorporated) G:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 00:43 - 2015-11-05 01:00 - 00142528 _____ (Adobe Systems Incorporated) G:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
G:\Users\kuureee\AppData\Local\Temp\hIIzsEPA7n.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

G:\Windows\system32\winlogon.exe => File is digitally signed
G:\Windows\system32\wininit.exe => File is digitally signed
G:\Windows\SysWOW64\wininit.exe => File is digitally signed
G:\Windows\explorer.exe => File is digitally signed
G:\Windows\SysWOW64\explorer.exe => File is digitally signed
G:\Windows\system32\svchost.exe => File is digitally signed
G:\Windows\SysWOW64\svchost.exe => File is digitally signed
G:\Windows\system32\services.exe => File is digitally signed
G:\Windows\system32\User32.dll => File is digitally signed
G:\Windows\SysWOW64\User32.dll => File is digitally signed
G:\Windows\system32\userinit.exe => File is digitally signed
G:\Windows\SysWOW64\userinit.exe => File is digitally signed
G:\Windows\system32\rpcss.dll => File is digitally signed
G:\Windows\system32\dnsapi.dll => File is digitally signed
G:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
G:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-09 19:31

==================== End of FRST.txt ============================


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Pozdrav,

Pokreni MalwareBytes, klikni na History, zatim na Applicaton Logs, klikni dva puta na Type kako bi ti sortirao izvestaje tako da prvo ide Scan Log.

Zatim klikni na jedan po jedan (samo me Scan Log interesuje), pa na Export >> Text file. Nazovi ih (ukoliko ih ima vise) kako zelis i prikaci sve u narednoj poruci.

offline
  • Pridružio: 22 Feb 2011
  • Poruke: 33

Sinoc sam pustio opet MBM i opet mi nasao nekke gluposti .Pobrisao sam to i rekao bi da mi sad radi sve ok.Posle nekog vremena sam opet radio scen i nije nasp nista.

Ja cu ti svakako ,,zakacitii,, predposednji scen log.
Hvala.....


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Da li bi mogao da prikacis sve Scan izvestaje, jako bi mi znacilo. Hvala.

offline
  • Pridružio: 22 Feb 2011
  • Poruke: 33

Naravno.
Redosled je sledeci ,prvi je pocetak kada se ev desilo ,drugi je sa manje zaraze i treci je posledni cist .


mycity.rs/must-login.png


mycity.rs/must-login.png


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Odlicno. Nadam se da je sada sve u redu?

Ova infekcija je malo teza za ukloniti i zna da se pojavi dan nakon sto se racunar ocisti:

Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://un-stop.info/wpad.dat?d4e2e2a1e93e09e04617b27368802d7c11545583, Quarantined, [8755a458dcbd1c1a460de8d51de550b0]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://un-stop.info/wpad.dat?d4e2e2a1e93e09e04617b27368802d7c11545583, Quarantined, [0ece7e7e1d7cf83ee36d2e8fc939d22e]

Ako primetis neke simptome ili ako opet dobijes ove dve linije prilikom skeniranja, javi se da procesljamo sistem ponovo.

offline
  • Pridružio: 22 Feb 2011
  • Poruke: 33

Vazi...
Hvala puno....

Ko je trenutno na forumu
 

Ukupno su 581 korisnika na forumu :: 4 registrovanih, 1 sakriven i 576 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ALBION101, saputnik plavetnila, Vexon