Google upozorenje o neobicnom prometu sa racunara

Google upozorenje o neobicnom prometu sa racunara

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Google me poceo upozoravati da je primijetio neobican promet sa mog kompa te mi za otvaranje stranica trazi da ukucam kod da bi vidio da nije automatski. Pocelo se desaviti prije par minuta. Racunar je prastari (novi na popravku) P4 na 2,4 ghz i 1,25 gb RAM-a. Od antivirusa tu je Panda koja cuti i MBAM koji takodje nista ne nalazi a podrska je MC shield. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by Win XP (administrator) on WIN-8634860F760 on 14-10-2014 21:22:32
Running from C:\Documents and Settings\Win XP\Desktop
Loaded Profile: Win XP (Available profiles: Win XP & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\Pac7302\Monitor.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.)
HKU\S-1-5-21-2025429265-746137067-682003330-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - URL search.conduit.com/Results.aspx?ctid=CT3319.....578&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {468CABE7-C20B-42A5-8B6F-D3CAF9ACD28A} URL = trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN14038302471758030&UM=4
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\kwso1rpm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eudict.xml

Chrome:
=======
CHR Profile: C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-26]
CHR Extension: (Google disk) - C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-26]
CHR Extension: (Google pretraživanje) - C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-26]
CHR Extension: (Browse Save Win) - C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-03-21]
CHR Extension: (Google Novčanik) - C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-05-05] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 aeaudio; C:\WINDOWS\System32\drivers\aeaudio.sys [4816 2002-04-01] (Andrea Electronics Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [88992 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [166816 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [110496 2014-05-02] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [125216 2014-05-02] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [46464 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [96160 2014-05-02] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52384 2014-05-02] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [121888 2014-05-02] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [288032 2014-05-02] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [208800 2014-05-02] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [109856 2014-05-02] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [243872 2014-05-02] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [96928 2014-05-02] (Panda Security, S.L.)
R3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [138656 2014-05-05] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [101536 2014-05-05] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [170656 2014-05-05] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [112544 2014-05-05] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [123168 2014-05-06] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [98336 2014-05-05] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [493896 2002-05-07] (Analog Devices, Inc.) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 NPF; system32\drivers\NPF.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 21:22 - 2014-10-14 21:22 - 00010345 _____ () C:\Documents and Settings\Win XP\Desktop\FRST.txt
2014-10-14 21:22 - 2014-10-14 21:22 - 00000000 ____D () C:\FRST
2014-10-14 21:21 - 2014-10-14 21:21 - 01101824 _____ (Farbar) C:\Documents and Settings\Win XP\Desktop\FRST.exe
2014-10-10 15:40 - 2014-10-10 15:41 - 00000000 ____D () C:\Documents and Settings\Win XP\Desktop\pastir
2014-10-06 16:14 - 2014-10-06 20:48 - 00002501 _____ () C:\Documents and Settings\Win XP\Desktop\Microsoft Word 2010.lnk
2014-10-06 16:07 - 2014-10-06 16:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-10-06 16:07 - 2014-10-06 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
2014-10-06 16:07 - 2014-10-06 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2014-10-06 16:06 - 2014-10-06 16:06 - 00000000 ____D () C:\Program Files\MSBuild
2014-10-06 16:03 - 2014-10-06 16:03 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-10-06 16:01 - 2014-10-06 16:01 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-10-06 16:00 - 2014-10-06 16:00 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-10-06 15:59 - 2014-10-06 16:05 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-10-06 15:58 - 2014-10-06 16:03 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-06 15:58 - 2014-10-06 15:58 - 00000000 __RHD () C:\MSOCache
2014-10-05 17:55 - 2014-10-05 17:55 - 00000000 ____D () C:\Program Files\MSECache
2014-10-05 16:01 - 2014-10-05 16:02 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-09-25 13:54 - 2014-09-25 14:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-22 20:10 - 2014-09-22 20:10 - 00001729 _____ () C:\Documents and Settings\Win XP\Desktop\DMZ North Korea.lnk
2014-09-22 20:10 - 2014-09-22 20:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DMZ North Korea
2014-09-22 20:08 - 2014-09-22 20:17 - 00000000 ____D () C:\Program Files\DMZ North Korea
2014-09-21 20:18 - 2014-03-25 15:15 - 00048736 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-09-21 19:22 - 2014-09-21 19:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092114-01.dmp
2014-09-21 19:22 - 2014-09-21 19:22 - 00000000 ____D () C:\WINDOWS\Minidump

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 21:22 - 2014-02-26 12:54 - 00000000 ____D () C:\Documents and Settings\Win XP\Local Settings\Temp
2014-10-14 21:21 - 2014-03-09 17:16 - 00000000 ____D () C:\Documents and Settings\Win XP\My Documents\Preuzimanja
2014-10-14 20:30 - 2014-02-26 15:25 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 20:26 - 2014-03-05 17:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-14 16:30 - 2014-05-05 20:30 - 03866624 _____ () C:\WINDOWS\system32\config\Nano.evt
2014-10-14 16:30 - 2014-02-26 12:48 - 01567480 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-14 16:29 - 2014-02-27 21:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2014-10-14 16:29 - 2014-02-26 15:25 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-14 16:29 - 2014-02-26 13:42 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-14 16:29 - 2014-02-26 13:42 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-14 16:29 - 2014-02-26 12:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-14 16:01 - 2014-02-26 12:54 - 00000178 ___SH () C:\Documents and Settings\Win XP\ntuser.ini
2014-10-14 16:01 - 2014-02-26 12:53 - 00032652 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-14 13:34 - 2014-04-06 15:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 09:59 - 2014-02-28 15:42 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-10-14 09:59 - 2014-02-27 20:14 - 00010240 _____ () C:\Documents and Settings\Win XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-07 10:13 - 2014-03-19 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-07 07:58 - 2014-02-26 12:55 - 00070840 _____ () C:\Documents and Settings\Win XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-07 07:57 - 2014-02-26 13:37 - 00276560 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-06 16:12 - 2014-03-05 19:24 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-06 16:07 - 2014-02-26 13:40 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-06 16:03 - 2014-02-26 13:31 - 00000000 ____D () C:\WINDOWS\pchealth
2014-10-06 16:03 - 2014-02-26 13:02 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-10-06 16:01 - 2004-08-04 14:00 - 00000856 _____ () C:\WINDOWS\win.ini
2014-10-06 16:00 - 2014-02-26 12:47 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-06 14:01 - 2014-02-26 15:33 - 00000000 ____D () C:\Documents and Settings\Win XP\Start Menu\Programs\WinRAR
2014-10-06 14:01 - 2014-02-26 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2014-10-05 21:03 - 2014-03-05 22:30 - 00052578 _____ () C:\WINDOWS\KB2900986.log
2014-10-05 18:41 - 2014-03-19 20:51 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-10-02 20:55 - 2014-03-06 11:37 - 00000000 ____D () C:\Documents and Settings\Win XP\Application Data\Skype
2014-10-02 20:29 - 2014-05-02 15:39 - 00002267 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-09-27 19:29 - 2014-03-03 21:18 - 00000000 ____D () C:\Program Files\SpeedFan
2014-09-22 21:04 - 2014-03-01 10:28 - 00000063 _____ () C:\Documents and Settings\Win XP\default.pls
2014-09-22 21:04 - 2014-02-26 12:54 - 00000000 ____D () C:\Documents and Settings\Win XP
2014-09-22 13:56 - 2014-02-26 13:38 - 00559902 _____ () C:\WINDOWS\setupapi.log
2014-09-22 13:56 - 2014-02-26 13:38 - 00173000 _____ () C:\WINDOWS\setupact.log
2014-09-21 19:49 - 2014-03-05 22:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-21 19:26 - 2014-07-09 13:25 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-09-21 19:26 - 2014-03-05 17:37 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-21 19:26 - 2014-03-05 17:37 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-21 19:11 - 2004-08-04 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

Some content of TEMP:
====================
C:\Documents and Settings\Win XP\Local Settings\Temp\Foxit Reader Updater.exe
C:\Documents and Settings\Win XP\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Win XP\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\Win XP\Local Settings\Temp\sfamcc00002.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
CHR Extension: (Browse Save Win) - C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-03-21]
C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3319.....578&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {468CABE7-C20B-42A5-8B6F-D3CAF9ACD28A} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN14038302471758030&UM=4
EmptyTemp:
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.







*****************************






Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt






Vazno

Startuj Google Chrome browser (ako ga ne koristis), klik na tarabu (settings dugme sa gornje desne strane) i klik na About Google Chrome.

Uslikaj mi (screenshot) taj prozor, treba nesto da proverim.

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Napisano: 15 Okt 2014 21:21

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2014 01
Ran by Win XP at 2014-10-15 20:30:31 Run:1
Running from C:\Documents and Settings\Win XP\Desktop
Loaded Profile: Win XP (Available profiles: Win XP & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CHR Extension: (Browse Save Win) - C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-03-21]
C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - URL search.conduit.com/Results.aspx?ctid=CT3319.....578&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {468CABE7-C20B-42A5-8B6F-D3CAF9ACD28A} URL = trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN14038302471758030&UM=4
EmptyTemp:
End
*****************

C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb => Moved successfully.
"C:\Documents and Settings\Win XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{468CABE7-C20B-42A5-8B6F-D3CAF9ACD28A}" => Key deleted successfully.
"HKCR\CLSID\{468CABE7-C20B-42A5-8B6F-D3CAF9ACD28A}" => Key not found.
EmptyTemp: => Removed 676.2 MB temporary data.


The system needed a reboot.





==== End of Fixlog ====
mycity.rs/must-login.png

Dopuna: 15 Okt 2014 21:30



Nadam se da je to to sto se trazi. Samo da napomenem da je nakon fixa i restarta procesor zakuco na 100% i to jedan od svchost.exe procesa al se sada smirilo i opet je normalno. Google crome skoro da i ne koristim stvarno rijetko vecinom sam na Firefox-u , i jos od sinoc mi ne izbacuje u Google pretrazi da je potreban kod.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pa to bi bilo to odradi jos ovo:


Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

A ljudi sto ova Panda brise sve- prvo Farbar pa sad i Delfix pa sam je morao privremeno iskljucivati.
Naravno da se zahvalim na ukazanoj nesebicnoj pomoci i pozelim puno uspjeha u daljem radu -Smile

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pa to je Panda, sta drugo da ti kazem Smile

Ko je trenutno na forumu
 

Ukupno su 551 korisnika na forumu :: 27 registrovanih, 5 sakrivenih i 519 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, Botovac, celik, dac, David, Džordžino, Faki-Valjevo, indja, kybonacci, lažni đoko, liman, MarKhan, Marko Marković, mercedesamg, miodrag, moldway, nikolapetkovic, Oluj2.1, pavle_pzs, piton, Smiljke, stegonosa, Taso, Toni, vlvl, Živković