MyCity » Ambulanta -> Arhiva Ambulante » Funny collection se otvara u google chrom

Funny collection se otvara u google chrom

Napisano na dan: 25.2.2017

Funny collection se otvara u google chrom

Idi na vrh

Poslao: 25 Feb 2017 09:16
Idi na vrh
offline
  • Pridružio: 25 Feb 2017
  • Poruke: 1

pojavljuje mi se neki funnt collection i ne mogu ga obrisati ni sa jednim programom za viruse.
[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by korisnik (administrator) on KORISNIK-PC (25-02-2017 08:31:45)
Running from C:\Users\korisnik\Downloads
Loaded Profiles: korisnik (Available Profiles: korisnik)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-06] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e] => C:\Users\korisnik\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat [830 2017-02-25] () <===== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2492076799-3374336809-1742307433-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2492076799-3374336809-1742307433-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2492076799-3374336809-1742307433-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2492076799-3374336809-1742307433-1000\...\RunOnce: [Uninstall C:\Users\korisnik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\korisnik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-18\...\Run: [] => [X]
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ce614374-7223-4a80-98a6-037be7a42e46}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2492076799-3374336809-1742307433-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2492076799-3374336809-1742307433-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-11-02] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-11-02] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-19] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: f76wtsxu.default
FF ProfilePath: C:\Users\korisnik\AppData\Roaming\Firefox\Firefox\Profiles\f76wtsxu.default [2017-02-15]
FF Homepage: Firefox\Firefox\Profiles\f76wtsxu.default -> [Link mogu videti samo ulogovani korisnici]
FF Extension: (FF Adr) - C:\Users\korisnik\AppData\Roaming\Firefox\Firefox\Profiles\f76wtsxu.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-15] [not signed]
FF SearchPlugin: C:\Users\korisnik\AppData\Roaming\Firefox\Firefox\Profiles\f76wtsxu.default\searchplugins\searchinme.xml [2017-02-15]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-11-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-11-02] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-25] <==== ATTENTION
CHR Extension: (SQLite Viewer with Google Drive) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aaeojgplhedihcdhfcgodiepddeecepl [2016-10-26]
CHR Extension: (Google презентације) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-18]
CHR Extension: (Google документи) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-18]
CHR Extension: (Google диск) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-18]
CHR Extension: (YouTube) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-04]
CHR Extension: (Google табеле) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-18]
CHR Extension: (Google документи офлајн) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-18]
CHR Extension: (AdBlock) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-18]
CHR Extension: (Chrome Media Router) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - [Link mogu videti samo ulogovani korisnici]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-06] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-17] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 APPLE_update; C:\ProgramData\Apple Computer\Installer\Upgrade.dll [X]
S4 QHActiveDefense; "C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2017-02-06] (360.cn)
R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [93192 2016-06-12] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2016-07-16] (Marvell)
R3 360Box64; system32\DRIVERS\360Box64.sys [X]
U3 idsvc; no ImagePath
S1 vwqiqwhn; \??\C:\WINDOWS\system32\drivers\vwqiqwhn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 08:31 - 2017-02-25 08:32 - 00016164 _____ C:\Users\korisnik\Downloads\FRST.txt
2017-02-25 08:31 - 2017-02-25 08:31 - 02423296 _____ (Farbar) C:\Users\korisnik\Downloads\FRST64.exe
2017-02-25 08:31 - 2017-02-25 08:31 - 00000000 ____D C:\FRST
2017-02-25 03:12 - 2017-02-25 03:12 - 00000000 ____D C:\SUPERDelete
2017-02-25 03:11 - 2017-02-25 04:04 - 703033344 _____ C:\Users\korisnik\Downloads\rescue-system.iso
2017-02-25 02:53 - 2017-02-25 03:06 - 00000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2048ee28-64d4-4d7e-85fe-aafec814021a.job
2017-02-25 02:53 - 2017-02-25 03:06 - 00000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1d1b0641-8ccf-478a-a791-f142b35d88e1.job
2017-02-25 02:53 - 2017-02-25 02:53 - 00003778 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 2048ee28-64d4-4d7e-85fe-aafec814021a
2017-02-25 02:53 - 2017-02-25 02:53 - 00003696 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 1d1b0641-8ccf-478a-a791-f142b35d88e1
2017-02-25 02:52 - 2017-02-25 02:52 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-02-25 02:52 - 2017-02-25 02:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-25 02:50 - 2017-02-25 02:52 - 29369840 _____ (SUPERAntiSpyware) C:\Users\korisnik\Downloads\SUPERAntiSpyware.exe
2017-02-25 02:39 - 2017-02-25 03:18 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-02-25 02:39 - 2017-02-25 02:39 - 00000000 ____D C:\Program Files (x86)\reports
2017-02-25 02:10 - 2017-02-25 02:11 - 00418024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-25 01:56 - 2017-02-25 01:56 - 00000000 _____ C:\autoexec.bat
2017-02-25 01:18 - 2017-02-25 03:08 - 00002516 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-25 01:02 - 2017-02-25 01:02 - 01129376 _____ (Google Inc.) C:\Users\korisnik\Downloads\ChromeSetup (2).exe
2017-02-25 00:59 - 2017-02-25 01:00 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-02-25 00:58 - 2017-02-25 01:01 - 01129376 _____ (Google Inc.) C:\Users\korisnik\Downloads\ChromeSetup (1).exe
2017-02-25 00:52 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-25 00:52 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-02-25 00:37 - 2017-02-25 00:37 - 01129376 _____ (Google Inc.) C:\Users\korisnik\Downloads\ChromeSetup.exe
2017-02-25 00:34 - 2017-02-25 02:11 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-02-25 00:09 - 2017-02-25 00:09 - 00000000 ____D C:\WINDOWS\Tasks\360Disabled
2017-02-24 23:59 - 2017-02-25 00:17 - 153832593 _____ C:\Users\korisnik\Downloads\rescue-system.iso.crdownload
2017-02-24 23:58 - 2017-02-25 00:01 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\korisnik\Downloads\SpyHunter-Installer.exe
2017-02-24 23:54 - 2017-02-24 23:55 - 00000000 __SHD C:\$360Section
2017-02-24 23:41 - 2017-02-24 23:56 - 04015056 _____ C:\Users\korisnik\Downloads\adwcleaner_6.043.exe
2017-02-24 23:29 - 2017-02-25 03:10 - 00000000 ____D C:\Users\korisnik\AppData\LocalLow\360WD
2017-02-24 23:29 - 2017-02-06 09:14 - 00095232 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys
2017-02-24 23:28 - 2017-02-24 23:28 - 00000000 ____D C:\Program Files (x86)\360
2017-02-24 23:28 - 2017-02-06 09:14 - 00400384 _____ (360.cn) C:\WINDOWS\system32\Drivers\360FsFlt.sys.072
2017-02-24 23:28 - 2017-02-06 09:14 - 00339456 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys.782
2017-02-24 23:28 - 2017-02-06 09:14 - 00197632 _____ (360.cn) C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS.upd
2017-02-24 23:28 - 2017-02-06 09:14 - 00160768 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker64.removed
2017-02-24 23:28 - 2017-02-06 09:14 - 00095232 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys.000
2017-02-24 23:28 - 2017-02-06 09:14 - 00057856 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera64.removed
2017-02-24 23:20 - 2017-02-24 23:26 - 50400176 _____ C:\Users\korisnik\Downloads\360TS_Setup.exe
2017-02-24 23:18 - 2017-02-24 23:20 - 01477032 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\korisnik\Downloads\360TS_Setup_Mini.exe
2017-02-23 19:14 - 2017-02-23 19:14 - 00000000 ____D C:\Program Files (x86)\deskapp
2017-02-23 18:27 - 2017-02-24 23:54 - 00000898 _____ C:\Program Files (x86)\metadata
2017-02-23 18:26 - 2017-02-23 18:27 - 00000000 ____D C:\ProgramData\dbg
2017-02-15 22:34 - 2017-02-25 00:20 - 00000000 ____D C:\WINDOWS\system32\log
2017-02-15 22:33 - 2017-02-25 02:01 - 00000902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-15 22:33 - 2017-02-15 22:33 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Firefox
2017-02-15 22:33 - 2017-02-15 22:33 - 00000000 ____D C:\Users\korisnik\AppData\LocalLow\Mozilla
2017-02-15 22:33 - 2017-02-15 22:33 - 00000000 ____D C:\Users\korisnik\AppData\Local\Firefox
2017-02-15 13:07 - 2017-02-15 13:07 - 00000000 ____D C:\Program Files (x86)\58A44474_jumpeasy
2017-02-15 13:06 - 2017-02-15 13:06 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-15 13:03 - 2017-02-15 13:03 - 00003696 _____ C:\WINDOWS\System32\Tasks\WinTOOL
2017-02-13 20:50 - 2017-02-24 08:46 - 00003642 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-02-13 20:48 - 2017-02-24 08:44 - 00034328 _____ (Sysinternals - [Link mogu videti samo ulogovani korisnici]) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-13 20:48 - 2017-02-13 20:48 - 00000000 ____D C:\Program Files\e54s1i22
2017-01-28 21:46 - 2017-02-25 05:35 - 00005236 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for korisnik-PC-korisnik korisnik-PC
2017-01-28 21:21 - 2017-02-25 00:50 - 00000000 ____D C:\AdwCleaner
2017-01-28 21:21 - 2017-01-28 21:21 - 03988944 _____ C:\Users\korisnik\Downloads\AdwCleaner.exe
2017-01-28 21:16 - 2017-01-28 21:50 - 00000000 ____D C:\WINDOWS\AutoKMS
2017-01-28 21:16 - 2017-01-28 21:16 - 00003654 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-01-28 21:13 - 2017-01-28 21:14 - 58981376 _____ () C:\Users\korisnik\Desktop\Microsoft Toolkit 2.6 Final.exe
2017-01-28 21:02 - 2017-01-28 21:02 - 57992506 _____ C:\Users\korisnik\Downloads\Microsoft Toolkit 2.6 Final (1).zip
2017-01-28 20:54 - 2017-01-28 20:54 - 57992506 _____ C:\Users\korisnik\Downloads\Microsoft Toolkit 2.6 Final.zip
2017-01-28 20:46 - 2017-01-28 20:46 - 00000000 ____D C:\ProgramData\Avira
2017-01-28 20:46 - 2017-01-28 20:46 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-28 20:44 - 2017-02-24 23:54 - 00000000 ____D C:\Program Files (x86)\Atiqerleanmige Monitor
2017-01-28 20:44 - 2017-01-28 20:46 - 00000000 ____D C:\Users\korisnik\AppData\Local\Tureyherqele
2017-01-28 20:44 - 2017-01-28 20:44 - 00006100 _____ C:\WINDOWS\System32\Tasks\Atiqerleanmige Monitor
2017-01-28 20:44 - 2017-01-28 20:44 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Grarichqwocult
2017-01-28 20:43 - 2017-01-28 21:08 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-01-28 20:43 - 2017-01-28 21:08 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-01-28 20:43 - 2017-01-28 21:08 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-01-28 20:43 - 2017-01-28 20:43 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-01-28 20:43 - 2017-01-28 20:43 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-01-28 20:43 - 2017-01-28 20:43 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-01-28 20:42 - 2017-01-28 20:42 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-28 20:42 - 2017-01-28 20:42 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-28 20:41 - 2017-02-04 13:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2017-01-28 20:37 - 2017-01-28 20:37 - 03966436 _____ C:\Users\korisnik\Downloads\MTK pass - 123456.rar
2017-01-28 20:29 - 2017-01-28 20:38 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 08:21 - 2016-10-05 23:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 06:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-25 05:58 - 2016-07-18 23:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-25 05:54 - 2016-07-18 18:27 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-25 05:53 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-25 03:06 - 2016-10-06 00:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-25 03:05 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 01:35 - 2016-10-22 01:39 - 00000000 ____D C:\Users\korisnik\.VirtualBox
2017-02-25 01:35 - 2016-07-19 08:39 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\TeamViewer
2017-02-25 01:35 - 2016-07-19 00:26 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Skype
2017-02-25 01:23 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-25 01:17 - 2016-07-18 18:46 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-24 23:27 - 2016-07-18 18:29 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-24 23:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-24 23:24 - 2016-11-08 22:44 - 00000000 ____D C:\Users\korisnik\Documents\Corel
2017-02-24 23:22 - 2016-11-08 22:20 - 00000000 ____D C:\ProgramData\Corel
2017-02-24 08:42 - 2016-07-23 15:27 - 00000000 ____D C:\Program Files\TrueKey
2017-02-24 08:41 - 2016-10-05 23:30 - 00000000 ____D C:\Users\korisnik
2017-02-23 18:27 - 2016-12-16 22:30 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-23 18:27 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-23 18:26 - 2016-10-25 12:55 - 00000000 ____D C:\Users\korisnik\AppData\Local\Bluestacks
2017-02-23 18:24 - 2016-10-25 12:56 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-23 18:15 - 2016-07-25 11:13 - 00000000 ____D C:\Users\korisnik\.android
2017-02-23 18:15 - 2016-07-25 11:08 - 00000000 ____D C:\Users\korisnik\AppData\Local\Android
2017-02-23 18:03 - 2016-07-25 11:05 - 00000000 ____D C:\Program Files\Android
2017-02-19 23:29 - 2016-07-23 15:44 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-02-19 23:27 - 2016-07-23 15:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-15 22:33 - 2016-10-25 14:49 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Mozilla
2017-02-13 20:46 - 2016-07-19 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-13 20:46 - 2016-07-19 00:51 - 00000000 ____D C:\Users\korisnik\AppData\Local\Avg
2017-02-13 19:49 - 2016-07-19 00:51 - 00000000 ____D C:\ProgramData\Avg
2017-02-13 19:49 - 2016-07-19 00:51 - 00000000 ____D C:\Program Files (x86)\AVG
2017-02-13 19:48 - 2016-07-19 00:51 - 00000000 ____D C:\Users\korisnik\AppData\Local\AvgSetupLog
2017-02-13 19:45 - 2016-07-19 00:52 - 00000000 ___HD C:\$AVG
2017-02-13 19:45 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-13 19:45 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-10 22:09 - 2016-07-24 13:26 - 00000000 ____D C:\Program Files (x86)\AppInsights
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-28 22:10 - 2016-07-19 08:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-28 20:46 - 2016-07-24 11:36 - 00000000 ____D C:\Program Files (x86)\ShellDir
2017-01-28 20:46 - 2016-07-19 00:13 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-28 20:38 - 2016-07-18 18:40 - 00002376 _____ C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-28 20:38 - 2016-07-18 18:40 - 00000000 ___RD C:\Users\korisnik\OneDrive

==================== Files in the root of some directories =======

2017-02-23 18:27 - 2017-02-24 23:54 - 0000898 _____ () C:\Program Files (x86)\metadata
2017-02-25 02:39 - 2017-02-25 03:18 - 0000040 _____ () C:\Program Files (x86)\settings.dat

Files to move or delete:
====================
C:\Users\korisnik\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat


Some files in TEMP:
====================
2017-02-25 03:18 - 2017-02-06 09:14 - 0345000 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\korisnik\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_360tray.exe
2017-02-25 03:18 - 2017-02-06 09:14 - 1920936 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\korisnik\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_SystemCompact.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-23 18:49

==================== End of FRST.txt ============================



Poslao: 25 Feb 2017 12:57
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start

HKLM-x32\...\RunOnce: [360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e] => C:\Users\korisnik\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat [830 2017-02-25] () <===== ATTENTION
FF Homepage: Firefox\Firefox\Profiles\f76wtsxu.default -> hxxp://www.searchinme.com/?type=hp&ts=1487194386806&z=&from=official&uid=ST9500325AS_5VEA8A89XXXX5VEA8A89
FF Extension: (FF Adr) - C:\Users\korisnik\AppData\Roaming\Firefox\Firefox\Profiles\f76wtsxu.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-15] [not signed]
FF SearchPlugin: C:\Users\korisnik\AppData\Roaming\Firefox\Firefox\Profiles\f76wtsxu.default\searchplugins\searchinme.xml [2017-02-15]
CHR Profile: C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-25] <==== ATTENTION
S4 QHActiveDefense; "C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe" [X]
Task: {16958033-58FE-4758-BC82-B1B57C1992C9} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {20EFAAB1-6128-48F4-ACA4-C2F2E73E1CE8} - System32\Tasks\Atiqerleanmige Monitor => C:\Program Files (x86)\Arcipyqofge\ghozaward.exe
Task: {7EACD56C-6728-4D3D-BE4A-734C3730784E} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {98DA0AA6-A2C0-4EF5-AA32-B5E1A92156CE} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {B0BF867F-FC3E-4FF0-8713-597BD5F784A1} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe
Task: {B4D70491-53AE-418E-B88C-DB5A36D4BFE7} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk"

C:\Program Files (x86)\360
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\Arcipyqofge
C:\Program Files (x86)\MIO
C:\ProgramData\wintools
C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk

EmptyTemp:

End


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).



MyCity » Ambulanta -> Arhiva Ambulante » Funny collection se otvara u google chrom

Ko je trenutno na forumu
 

Ukupno su 1038 korisnika na forumu :: 74 registrovanih, 5 sakrivenih i 959 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 13297 - dana 20 Jan 2026 17:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Agape, amadeus, Apok, Aristotle2002, Armadillo, Aska, babaroga, bojan1234, Crazzer, darionis, darkkran, darkojbn, Django777, Dorijan Grej, draganl, dunavzed, DuškoMraz, feanor, Feller, Futog 74, Goran_, goxin, gradimirb, Hans Gajger, hyla, Igor Antonic, ivan979, Jakonjveliki, K-1A, Karla, Kobrim, kreker, Kudun, KUZMAR, kybonacci, Leonov, Lotus, madza, mercedesamg, milenko crazy north, Miler88, mir juzni, Mldo, mnn2, MrNo, museum, nisamBot, nobutado, Orc, paja69, pavle_pzs, pein, Petar888, PlayerOne, proka89, RJ, S94, sasak05, sekretar, Smiljkovich, sspp, stegonosa, Stojan Mrsavi, suton, tm, Tumansky, vidra1, voja64, wolf431, zokizemun, Zoran1959, 79693