Ceste prijave Avasta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Poslednjih dana imam manjih problema sa PC-jem. Avast se cesto aktivira (izbacuje upozorenja), imam problema sa deinstalacijom pojedinih aplikacija (ili sta li su vec) --> Nemogucnost Deinstalacije

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2014
Ran by G31M (administrator) on G31M-PC on 13-12-2014 11:13:52
Running from C:\Users\G31M\Desktop
Loaded Profile: G31M (Available profiles: G31M)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Connectify) C:\Program Files\Connectify\ConnectifyNetServices.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [4326176 2014-07-28] (Connectify)
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\Run: [LiveSupport] => "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\Run: [winhotspot] => C:\Program Files\winhotspot\Winhotspot.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {358feb3b-bee4-11e3-95e4-6cf049a4d321} - F:\autorun.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {55c8525c-a679-11e3-a56a-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {656733af-c529-11e3-8a52-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {656c8e83-5c47-11e4-97b7-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2180428478-2044508922-3083944251-1000] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1418.....0279602796
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: BuYNssaave -> {81320074-4cf1-446b-a479-b882cce74513} -> C:\Program Files\BuYNssaave\EjeV1xYzTInqE4.dll ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: YaoutUBeAdBlocke -> {9fc9f480-9390-4330-b8c3-afde46d760c1} -> C:\Program Files\YaoutUBeAdBlocke\w2WKG6aaNOWgSz.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.66.189.137 195.66.189.138

FireFox:
========
FF ProfilePath: C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: omiga-plus
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchmania.info/?pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: omiga-plus
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1418118850&from=smt&uid=WDCXWD1600AAJS-98PSA0_WD-WMAP9530279602796
FF Keyword.URL: hxxp://websearch.searchmania.info/?pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: Fast Start - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\faststartff@gmail.com [2014-12-09]
FF Extension: BUyNssave - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\Iog@0becm.org [2014-12-09]
FF Extension: YaoutUBeAdBlocke - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\lgRnJ8m@NOs.net [2014-12-09]
FF Extension: DownloadHelper - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-16]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\extensions\faststartff@gmail.com
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 556EA71CB2399563C88A1364710C6B59F417621C97C9E2BB1FECEB5AB735B7D8
CHR DefaultSearchURL: Default -> BD453A4CE184EE95F2F458A59002F404E075041B94976CD74C45953C31581C3E
CHR Profile: C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google документи) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]
CHR Extension: (Google диск) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-04]
CHR Extension: (http://www.invazija.com/) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfcjmipmbdlblolgckfdicgopiecdpi [2013-08-30]
CHR Extension: (YouTube) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]
CHR Extension: (Adblock Plus) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-26]
CHR Extension: (Google претрага) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]
CHR Extension: (PartyCloud DJ) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2013-05-11]
CHR Extension: (Фејсбук) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo [2013-08-30]
CHR Extension: (Extra Cafe - Početna) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkfekkmkdkngmdmeecpabggcnjehjea [2013-08-30]
CHR Extension: (SaveFrom.net helper lite) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok [2013-08-03]
CHR Extension: (Avast Online Security) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-06]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-24]
CHR Extension: (Keep Me) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-12-09]
CHR Extension: (Google провера поште) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-04-14]
CHR Extension: (Google новчаник) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Outlook.com) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-09-22]
CHR Extension: (Gmail) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]
CHR Extension: (Audio Cutter) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2013-04-21]
CHR Extension: (BUyNssave) - C:\ProgramData\jpnepfdhpdlnilemojhfmbknedfgnonj\ [2013-04-21]
CHR Profile: C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-31]
CHR Extension: (No Name) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2013-03-31]
CHR Extension: (No Name) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-03-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1418.....0279602796

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [4095488 2014-12-09] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2014-07-28] (Connectify) [File not signed]
U2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-04] ()
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-02-23] (Atheros Communications, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2014-12-10] (Connectify)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 11:13 - 2014-12-13 11:14 - 00019111 _____ () C:\Users\G31M\Desktop\FRST.txt
2014-12-13 11:13 - 2014-12-13 11:13 - 00000000 ____D () C:\FRST
2014-12-13 11:12 - 2014-12-13 11:13 - 01111040 _____ (Farbar) C:\Users\G31M\Desktop\FRST.exe
2014-12-13 10:59 - 2014-12-13 10:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-13 10:58 - 2014-12-13 10:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\G31M\Downloads\revosetup.exe
2014-12-13 10:43 - 2014-12-13 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-13 10:43 - 2014-12-13 10:43 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-12-10 07:35 - 2014-12-10 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
2014-12-10 07:34 - 2014-12-13 11:05 - 00000000 ____D () C:\Program Files\Connectify
2014-12-10 07:34 - 2014-12-10 07:39 - 00000000 ____D () C:\ProgramData\Connectify
2014-12-10 07:34 - 2014-12-10 07:34 - 00036520 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2014-12-09 20:36 - 2014-12-09 20:36 - 00001394 _____ () C:\Users\G31M\Documents\hosts.txt
2014-12-09 12:03 - 2014-12-09 12:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 10:54 - 2014-12-10 07:29 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-09 10:54 - 2014-12-09 10:55 - 00000000 ____D () C:\Program Files\SupTab
2014-12-09 10:53 - 2014-12-09 10:55 - 00000000 ____D () C:\Program Files\Winhotspot
2014-12-09 10:04 - 2014-12-09 10:43 - 00000000 ____D () C:\Program Files\MyPublicWiFi
2014-12-09 10:04 - 2012-12-07 10:34 - 00025416 _____ (Khalil Azzouzi) C:\Windows\system32\Drivers\ndiskhaz.sys
2014-12-09 09:58 - 2014-12-09 09:58 - 00000000 ____D () C:\Program Files\DeltaFix
2014-12-09 09:57 - 2014-12-09 09:57 - 00000000 ____D () C:\Program Files\YaoutUBeAdBlocke
2014-12-09 09:57 - 2014-12-09 09:57 - 00000000 ____D () C:\Program Files\Keep Me
2014-12-09 09:57 - 2014-12-09 09:57 - 00000000 ____D () C:\Program Files\BuYNssaave
2014-12-09 09:56 - 2014-12-09 09:56 - 00000000 ____D () C:\ProgramData\jpnepfdhpdlnilemojhfmbknedfgnonj
2014-12-09 09:56 - 2014-12-09 09:56 - 00000000 ____D () C:\ProgramData\9838410214693775557
2014-12-09 09:56 - 2014-12-09 09:56 - 00000000 ____D () C:\Program Files\BUyNssave
2014-12-09 09:53 - 2014-12-09 09:53 - 00000000 __RSH () C:\MSDOS.SYS
2014-12-09 09:53 - 2014-12-09 09:53 - 00000000 __RSH () C:\IO.SYS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 11:14 - 2013-04-14 13:03 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 11:05 - 2013-03-17 15:25 - 00000000 ____D () C:\Windows\Minidump
2014-12-13 11:04 - 2013-03-03 14:58 - 00000000 ____D () C:\Users\G31M\Desktop\program
2014-12-13 11:02 - 2013-03-04 14:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 10:46 - 2013-04-14 13:03 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-13 10:43 - 2014-04-06 20:39 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-13 10:43 - 2013-03-03 16:18 - 00000000 ___RD () C:\Program Files\Skype
2014-12-13 10:43 - 2013-03-03 16:18 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\Skype
2014-12-13 10:43 - 2013-03-03 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-12-11 22:30 - 2013-03-03 14:11 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 07:28 - 2014-03-16 15:14 - 00000000 ____D () C:\Program Files\Virtual Router
2014-12-09 20:53 - 2014-08-05 23:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 10:54 - 2014-08-05 23:41 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 10:54 - 2014-08-05 23:41 - 00001327 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 10:54 - 2013-03-03 14:07 - 00001635 _____ () C:\Users\G31M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-08 17:30 - 2014-09-28 22:21 - 00000000 ____D () C:\Users\G31M\Desktop\tijana
2014-11-30 13:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-29 22:33 - 2014-07-13 13:36 - 00000000 ____D () C:\Users\G31M\Downloads\030468317304565

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 13:41

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li si ti lično instalirao developer verziju Google Chromea?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne. Kada sam instalirao to je bilo kao i svaki prethodni put. Skinuo sam sa https://www.google.com/chrome/browser/desktop/

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

BuYNssaave
Keep Me
PointerMirror
YaoutUBeAdBlocke




Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {358feb3b-bee4-11e3-95e4-6cf049a4d321} - F:\autorun.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {55c8525c-a679-11e3-a56a-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {656733af-c529-11e3-8a52-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {656c8e83-5c47-11e4-97b7-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1418.....0279602796
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70
BHO: BuYNssaave -> {81320074-4cf1-446b-a479-b882cce74513} -> C:\Program Files\BuYNssaave\EjeV1xYzTInqE4.dll ()
BHO: YaoutUBeAdBlocke -> {9fc9f480-9390-4330-b8c3-afde46d760c1} -> C:\Program Files\YaoutUBeAdBlocke\w2WKG6aaNOWgSz.dll ()
FF DefaultSearchEngine: omiga-plus
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchmania.info/?pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: omiga-plus
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1418118850&from=smt&uid=WDCXWD1600AAJS-98PSA0_WD-WMAP9530279602796
FF Keyword.URL: hxxp://websearch.searchmania.info/?pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70&l=1&q=
FF SearchPlugin: C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Fast Start - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\faststartff@gmail.com [2014-12-09]
FF Extension: BUyNssave - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\Iog@0becm.org [2014-12-09]
FF Extension: YaoutUBeAdBlocke - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\lgRnJ8m@NOs.net [2014-12-09]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\extensions\faststartff@gmail.com
CHR Extension: (SaveFrom.net helper lite) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok [2013-08-03]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-24]
CHR Extension: (Keep Me) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-12-09]
CHR Extension: (BUyNssave) - C:\ProgramData\jpnepfdhpdlnilemojhfmbknedfgnonj\ [2013-04-21]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1418.....0279602796
R2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [4095488 2014-12-09] () [File not signed]
Task: {0311608C-456F-4A5D-BFA5-9F17BADC3017} - System32\Tasks\{83D3D5DD-7DEF-4BD4-8CCC-C44A7C2F040A} => pcalua.exe -a C:\Users\G31M\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=smt
Task: {8B8DEC5A-BBEB-46A2-9AB2-1CABBA2F10DB} - System32\Tasks\{3751A929-521E-458A-9F56-5EEF22955CF6} => pcalua.exe -a "C:\programi\vegaspro11\Video Cutter 2\Uninstall.exe"
C:\Program Files\BuYNssaave
C:\ProgramData\jpnepfdhpdlnilemojhfmbknedfgnonj
c:\Program Files\DeltaFix
C:\Program Files\YaoutUBeAdBlocke
C:\Program Files\Keep Me
C:\Program Files\BuYNssaave
C:\ProgramData\9838410214693775557
C:\Users\G31M\AppData\Roaming\omiga-plus
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Korak 3

Idi u Control Idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data.
Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš.

Kada ga deinstaliraš, skini ga sa Google sajta, https://www.google.com/chrome/browser/ i instaliraj opet.




Korak 4

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014
Ran by G31M at 2014-12-13 13:46:30 Run:1
Running from C:\Users\G31M\Desktop
Loaded Profile: G31M (Available profiles: G31M)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {358feb3b-bee4-11e3-95e4-6cf049a4d321} - F:\autorun.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {55c8525c-a679-11e3-a56a-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {656733af-c529-11e3-8a52-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\MountPoints2: {656c8e83-5c47-11e4-97b7-6cf049a4d321} - F:\HTC_Sync_Manager_PC.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418.....0279602796
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1418.....0279602796
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....796&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2180428478-2044508922-3083944251-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70
BHO: BuYNssaave -> {81320074-4cf1-446b-a479-b882cce74513} -> C:\Program Files\BuYNssaave\EjeV1xYzTInqE4.dll ()
BHO: YaoutUBeAdBlocke -> {9fc9f480-9390-4330-b8c3-afde46d760c1} -> C:\Program Files\YaoutUBeAdBlocke\w2WKG6aaNOWgSz.dll ()
FF DefaultSearchEngine: omiga-plus
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchmania.info/?pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: omiga-plus
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1418118850&from=smt&uid=WDCXWD1600AAJS-98PSA0_WD-WMAP9530279602796
FF Keyword.URL: hxxp://websearch.searchmania.info/?pid=3458&r=2014/12/09&hid=12373045324182123524&lg=EN&cc=ME&unqvl=70&l=1&q=
FF SearchPlugin: C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Fast Start - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\faststartff@gmail.com [2014-12-09]
FF Extension: BUyNssave - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\Iog@0becm.org [2014-12-09]
FF Extension: YaoutUBeAdBlocke - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\lgRnJ8m@NOs.net [2014-12-09]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\extensions\faststartff@gmail.com
CHR Extension: (SaveFrom.net helper lite) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok [2013-08-03]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-24]
CHR Extension: (Keep Me) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-12-09]
CHR Extension: (BUyNssave) - C:\ProgramData\jpnepfdhpdlnilemojhfmbknedfgnonj\ [2013-04-21]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1418.....0279602796
R2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [4095488 2014-12-09] () [File not signed]
Task: {0311608C-456F-4A5D-BFA5-9F17BADC3017} - System32\Tasks\{83D3D5DD-7DEF-4BD4-8CCC-C44A7C2F040A} => pcalua.exe -a C:\Users\G31M\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=smt
Task: {8B8DEC5A-BBEB-46A2-9AB2-1CABBA2F10DB} - System32\Tasks\{3751A929-521E-458A-9F56-5EEF22955CF6} => pcalua.exe -a "C:\programi\vegaspro11\Video Cutter 2\Uninstall.exe"
C:\Program Files\BuYNssaave
C:\ProgramData\jpnepfdhpdlnilemojhfmbknedfgnonj
c:\Program Files\DeltaFix
C:\Program Files\YaoutUBeAdBlocke
C:\Program Files\Keep Me
C:\Program Files\BuYNssaave
C:\ProgramData\9838410214693775557
C:\Users\G31M\AppData\Roaming\omiga-plus
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
EmptyTemp:
*****************

"HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2180428478-2044508922-3083944251-1000" => Key not found.
"HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{358feb3b-bee4-11e3-95e4-6cf049a4d321}" => Key deleted successfully.
"HKCR\CLSID\{358feb3b-bee4-11e3-95e4-6cf049a4d321}" => Key not found.
"HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8525c-a679-11e3-a56a-6cf049a4d321}" => Key deleted successfully.
"HKCR\CLSID\{55c8525c-a679-11e3-a56a-6cf049a4d321}" => Key not found.
"HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{656733af-c529-11e3-8a52-6cf049a4d321}" => Key deleted successfully.
"HKCR\CLSID\{656733af-c529-11e3-8a52-6cf049a4d321}" => Key not found.
"HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{656c8e83-5c47-11e4-97b7-6cf049a4d321}" => Key deleted successfully.
"HKCR\CLSID\{656c8e83-5c47-11e4-97b7-6cf049a4d321}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
"HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
"HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81320074-4cf1-446b-a479-b882cce74513}" => Key not found.
"HKCR\CLSID\{81320074-4cf1-446b-a479-b882cce74513}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fc9f480-9390-4330-b8c3-afde46d760c1}" => Key not found.
"HKCR\CLSID\{9fc9f480-9390-4330-b8c3-afde46d760c1}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\searchplugins\WebSearch.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\faststartff@gmail.com => Moved successfully.
C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\Iog@0becm.org => Moved successfully.
C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\lgRnJ8m@NOs.net => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully.
C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok => Moved successfully.
C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak => Moved successfully.
C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb => Moved successfully.
C:\ProgramData\jpnepfdhpdlnilemojhfmbknedfgnonj\ => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
24c54e38 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0311608C-456F-4A5D-BFA5-9F17BADC3017}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0311608C-456F-4A5D-BFA5-9F17BADC3017}" => Key deleted successfully.
C:\Windows\System32\Tasks\{83D3D5DD-7DEF-4BD4-8CCC-C44A7C2F040A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{83D3D5DD-7DEF-4BD4-8CCC-C44A7C2F040A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B8DEC5A-BBEB-46A2-9AB2-1CABBA2F10DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B8DEC5A-BBEB-46A2-9AB2-1CABBA2F10DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3751A929-521E-458A-9F56-5EEF22955CF6} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3751A929-521E-458A-9F56-5EEF22955CF6}" => Key deleted successfully.
"C:\Program Files\BuYNssaave" => File/Directory not found.
"C:\ProgramData\jpnepfdhpdlnilemojhfmbknedfgnonj" => File/Directory not found.
c:\Program Files\DeltaFix => Moved successfully.
"C:\Program Files\YaoutUBeAdBlocke" => File/Directory not found.
C:\Program Files\Keep Me => Moved successfully.
"C:\Program Files\BuYNssaave" => File/Directory not found.
C:\ProgramData\9838410214693775557 => Moved successfully.
"C:\Users\G31M\AppData\Roaming\omiga-plus" => File/Directory not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully.
EmptyTemp: => Removed 107.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

https://www.mycity.rs/must-login.png

Prvi i treci korak takodje odradjeni. Google Chrome se sada vratio u normalu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obavićemo još i ARK provjeru.

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.14.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
G31M :: G31M-PC [administrator]

14.12.2014 10:29:40
mbar-log-2014-12-14 (10-29-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 321735
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To bi bilo to.

• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala na nesebicnoj pomoci po ko zna koji put.