MyCity » Ambulanta -> Arhiva Ambulante » Iskače mi neki sajt

Iskače mi neki sajt

Napisano na dan: 11.6.2018

Iskače mi neki sajt

Odgovori

Dejan Peic Poslao: 11 Jun 2018 03:40 Idi na vrh
offline Dejan Peic Građanin Dejan Peic sve Pridružio: 12 Maj 2012 Poruke: 245 Gde živiš: Subotica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 11 Jun 2018 4:38 postovanje imam isti problem pa da ne otvaram novu temu ili ako treba da otvorim nije problem Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01 Ran by win7 (administrator) on WIN7-PC (11-06-2018 04:27:46) Running from C:\Users\win7\Desktop Loaded Profiles: win7 & UpdatusUser (Available Profiles: win7 & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\ProgramData\Logic Cramble\set.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe (Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe () C:\ProgramData\Dikasio\Gerrime.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe (BitTorrent Inc.) C:\Users\win7\AppData\Roaming\uTorrent\uTorrent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (BitTorrent Inc.) C:\Users\win7\AppData\Roaming\uTorrent\updates\3.5.3_44428\utorrentie.exe (BitTorrent Inc.) C:\Users\win7\AppData\Roaming\uTorrent\updates\3.5.3_44428\utorrentie.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files\Windows NT\GOCSX9XWZ6THIUBDEP3J87646MS191I\WMwB6Phku4.exe () C:\Program Files\Windows NT\GOCSX9XWZ6THIUBDEP3J87646MS191I\#1-#yZ0e7k.exe () C:\Users\win7\AppData\Local\Temp\FVEJ1NZ1YV\FVEJ.exe () C:\Program Files (x86)\lsJZU\497969.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe ( ) C:\Users\win7\AppData\Roaming\d1pbfumpr2x\fhfxnlq4zka.exe () C:\Users\win7\AppData\Local\Temp\is-R3MIM.tmp\fhfxnlq4zka.tmp (CXBN) C:\Program Files\BM2VJ9ZVZ4\BM2VJ9ZVZ.exe ( ) C:\Users\win7\AppData\Roaming\a3uaoh4mopl\5rckcgxrjkz.exe () C:\Users\win7\AppData\Local\Temp\is-BSHGR.tmp\5rckcgxrjkz.tmp ( ) C:\Users\win7\AppData\Roaming\d0krbp3szxx\0iai535qldo.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe () C:\Users\win7\AppData\Local\Temp\is-9GV8R.tmp\0iai535qldo.tmp () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe ( ) C:\Users\win7\AppData\Roaming\gbsr4hbzs4e\vha5tyaqlo1.exe () C:\Users\win7\AppData\Local\Temp\is-LGPDK.tmp\vha5tyaqlo1.tmp (CXBN) C:\Program Files\8ABNBWXL7R\LZI2JV3M7.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (CXBN) C:\Program Files\UFVTZJYYNY\UFVTZJYYN.exe () C:\Users\win7\AppData\Local\Temp\xmrig.exe (Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe () C:\Program Files\SystemaRev\RevServicesX\app.exe ( ) C:\Users\win7\AppData\Roaming\hsnnhmewhxw\tfjzhfnjqty.exe () C:\Users\win7\AppData\Local\Temp\is-QIVEN.tmp\tfjzhfnjqty.tmp ( ) C:\Users\win7\AppData\Roaming\vvubncijqd2\hiqnm1t2iis.exe () C:\Users\win7\AppData\Local\Temp\is-92O2J.tmp\hiqnm1t2iis.tmp ( ) C:\Users\win7\AppData\Roaming\4omugn1awyo\3uvnio1jgds.exe () C:\Users\win7\AppData\Local\Temp\is-V74OO.tmp\3uvnio1jgds.tmp (Microsoft Corporation) C:\Windows\System32\cmd.exe (CXBN) C:\Program Files\DIR07Q8Y42\DIR07Q8Y4.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (CXBN) C:\Program Files\ZM6R1CLMCI\ZM6R1CLMC.exe (CXBN) C:\Users\win7\AppData\Local\Temp\is-THBTD.tmp\up.exe ( ) C:\Users\win7\AppData\Roaming\fmzgmxjqrl4\5xrkph1j51r.exe () C:\Users\win7\AppData\Local\Temp\is-SVNVA.tmp\5xrkph1j51r.tmp (Microsoft Corporation) C:\Windows\System32\cmd.exe (CXBN) C:\Program Files\R6X0PAND02\R6X0PAND0.exe ( ) C:\Users\win7\AppData\Roaming\cjxmrpa20sf\tmzvfpzxdeu.exe () C:\Users\win7\AppData\Local\Temp\is-8HVI6.tmp\tmzvfpzxdeu.tmp ( ) C:\Users\win7\AppData\Roaming\120i322id44\yb4yp0jqhqs.exe () C:\Users\win7\AppData\Local\Temp\is-65LPS.tmp\yb4yp0jqhqs.tmp ( ) C:\Users\win7\AppData\Roaming\jojub30kxnb\bqh45rnuudb.exe () C:\Users\win7\AppData\Local\Temp\is-T2SFV.tmp\bqh45rnuudb.tmp (Microsoft Corporation) C:\Windows\System32\cmd.exe (CXBN) C:\Program Files\MQK555TIFV\MQK555TIF.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (CXBN) C:\Program Files\DM3SDBRN2N\DM3SDBRN2.exe ( ) C:\Users\win7\AppData\Roaming\wi2qpuxupxd\pghyjgysjlw.exe () C:\Users\win7\AppData\Local\Temp\is-J8PC9.tmp\pghyjgysjlw.tmp ( ) C:\Users\win7\AppData\Roaming\ctub1wobjvs\cjmgl40jyem.exe () C:\Users\win7\AppData\Local\Temp\is-JMMCK.tmp\cjmgl40jyem.tmp ( ) C:\Users\win7\AppData\Roaming\ccc0n12gqok\scgafir1ufo.exe () C:\Users\win7\AppData\Local\Temp\is-F7CRU.tmp\scgafir1ufo.tmp (Microsoft Corporation) C:\Windows\System32\cmd.exe (CXBN) C:\Program Files\6W1IJ1HNXP\6W1IJ1HNX.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (CXBN) C:\Program Files\ZWJ39965AD\ZWJ39965A.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files\Opera\53.0.2907.68\opera.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-05-03] (Realtek Semiconductor) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2014-09-22] (ESET) HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.) HKLM\...\Run: [rundll32] => C:\Windows\system32\rundll32.exe "C:\Program Files\Sawmenger XP\Sawmenger XP.dll",elnXHi HKLM\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\app.ex HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\app.ex HKLM\...\RunOnce: [OMEWPRODUCT_] => C:\Program Files\Windows NT\GOCSX9XWZ6THIUBDEP3J87646MS191I\Z0GJf-FNo5.exe [233984 2018-06-11] () HKLM\...\RunOnce: [unqq2itjeju] => C:\Program Files (x86)\lsJZU\497969.exe [670720 2018-06-10] () HKLM\...\RunOnce: [OMEWPRODUCT_77QM1] => C:\Users\win7\AppData\Local\Temp\is-THBTD.tmp\up.exe [52224 2018-06-11] (CXBN) <==== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [uTorrent] => C:\Users\win7\AppData\Roaming\uTorrent\uTorrent.exe [1987512 2018-05-20] (BitTorrent Inc.) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe [536576 2018-06-09] () HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [WMwB6Phku4.exe] => C:\Program Files\Windows NT\GOCSX9XWZ6THIUBDEP3J87646MS191I\WMwB6Phku4.exe [394240 2018-06-11] () HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [JI9Q9AMH5GK07W5] => C:\Program Files\BM2VJ9ZVZ4\BM2VJ9ZVZ.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [5007769] => C:\Users\win7\AppData\Roaming\d1pbfumpr2x\fhfxnlq4zka.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [5497325] => C:\Users\win7\AppData\Roaming\a3uaoh4mopl\5rckcgxrjkz.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [4306173] => C:\Users\win7\AppData\Roaming\d0krbp3szxx\0iai535qldo.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3EOL3XGMBWI8ZNP] => C:\Program Files\8ABNBWXL7R\LZI2JV3M7.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [7450318] => C:\Users\win7\AppData\Roaming\gbsr4hbzs4e\vha5tyaqlo1.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [OK04001PFFQH8XF] => C:\Program Files\UFVTZJYYNY\UFVTZJYYN.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [8515487] => C:\Users\win7\AppData\Roaming\hsnnhmewhxw\tfjzhfnjqty.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [7560465] => C:\Users\win7\AppData\Roaming\vvubncijqd2\hiqnm1t2iis.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [6342919] => C:\Users\win7\AppData\Roaming\4omugn1awyo\3uvnio1jgds.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [WHYFWFGNCLXLG3Y] => C:\Program Files\DIR07Q8Y42\DIR07Q8Y4.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3U4L2G3CRBXAO5Z] => C:\Program Files\ZM6R1CLMCI\ZM6R1CLMC.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3941173] => C:\Users\win7\AppData\Roaming\fmzgmxjqrl4\5xrkph1j51r.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [6OKKO5CXS1C7N0I] => C:\Program Files\R6X0PAND02\R6X0PAND0.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3255819] => C:\Users\win7\AppData\Roaming\cjxmrpa20sf\tmzvfpzxdeu.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3282095] => C:\Users\win7\AppData\Roaming\120i322id44\yb4yp0jqhqs.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [1762593] => C:\Users\win7\AppData\Roaming\jojub30kxnb\bqh45rnuudb.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [LVO3YWL0I21R3C8] => C:\Program Files\MQK555TIFV\MQK555TIF.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [P2O6WKWA1SW7AT0] => C:\Program Files\DM3SDBRN2N\DM3SDBRN2.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [4667683] => C:\Users\win7\AppData\Roaming\wi2qpuxupxd\pghyjgysjlw.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [1346401] => C:\Users\win7\AppData\Roaming\ctub1wobjvs\cjmgl40jyem.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [2347416] => C:\Users\win7\AppData\Roaming\ccc0n12gqok\scgafir1ufo.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [UCSTXK9GKTMV665] => C:\Program Files\6W1IJ1HNXP\6W1IJ1HNX.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [03P7INIL7E1TY90] => C:\Program Files\ZWJ39965AD\ZWJ39965A.exe [666624 2018-06-11] (CXBN) AppInit_DLLs: C:\ProgramData\Quoteex\Stocknix.dll => C:\ProgramData\Quoteex\Stocknix.dll [342528 2018-06-09] () AppInit_DLLs-x32: C:\ProgramData\Quoteex\Alpha-Top.dll => C:\ProgramData\Quoteex\Alpha-Top.dll [460800 2018-06-09] () ShellExecuteHooks: No Name - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [2990080 2018-03-24] () <==== ATTENTION Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdobeUpdater.vbs [2018-06-09] () Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adsviejd.lnk [2018-06-09] ShortcutTarget: adsviejd.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zoiut.exe.vbs [2018-03-11] () GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0D988AF8-6D6F-4C7A-AF9D-D2B10244D452}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1055279E-7573-41B5-9B4D-1B746FFF827C}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-506494789-1706831849-2708248724-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} HKU\S-1-5-21-506494789-1706831849-2708248724-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1TXSlcp7hKxNemzvkE3xXLUREXxJjmCOJKSMvMErimMx-hwXjIzH_y9GXbTeILTJBwJI7bnBfG4YybPLCsAcN-UA,, HKU\S-1-5-21-506494789-1706831849-2708248724-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1TXSlcp7hKxNemzvkE3xXLUREXxJjmCOJKSMvMErimMx-hwXjIzH_y9GXbTeILTJBwJI7bnBfG4YybPLCsAcN-UA,, HKU\S-1-5-21-506494789-1706831849-2708248724-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-506494789-1706831849-2708248724-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10405__170627__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-506494789-1706831849-2708248724-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-506494789-1706831849-2708248724-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-506494789-1706831849-2708248724-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-21] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-21] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-21] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-21] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: qig4ehrc.default FF ProfilePath: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default [2018-06-11] FF user.js: detected! => C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default\user.js [2017-06-30] FF Homepage: Mozilla\Firefox\Profiles\qig4ehrc.default -> file:///C:/ProgramData/Quoteexs/ff.HP FF NewTab: Mozilla\Firefox\Profiles\qig4ehrc.default -> file:///C:/ProgramData/Quoteexs/ff.NT FF Extension: (System Table) - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default\Extensions\143734@modext.tech.xpi [2018-03-01] FF Extension: (System Table) - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default\Extensions\214028@modext.tech.xpi [2018-02-28] FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default\searchplugins\yahoo-lavasoft.xml [2017-08-19] FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) FF Plugin-x32: @IPC/npmedia3.0.0.3,version=3.0.0.3 -> C:\Program Files\webrec\Torch\3.0.0.3\npmedia3.0.0.3.dll [2017-05-09] () FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.) Chrome: ======= CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1f2ZCiIuj-Y7rhEwooxdh0ruQVaw2dKolRx-mPug53O_oFnmcREYU-XIvggNn3kXPbRML9ItD-CwGETUhxrcrfKA,, CHR StartupUrls: Default -> "hxxps://www.google.rs/" CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1f1UfH-v1XMKMIdxebXCHNjGHPbg-FNIBYzcmnxNF2G80ob_DRqnq7HDBcRK-D8rMVPaV4OpOY8HHXTMifT_E_Qw,,&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default [2018-06-11] CHR Extension: (Slides) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19] CHR Extension: (Docs) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19] CHR Extension: (Google Drive) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-23] CHR Extension: (YouTube) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-23] CHR Extension: (Sheets) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19] CHR Extension: (Google Docs Offline) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-23] CHR Extension: (Bazz Search) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2018-06-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-23] CHR Extension: (Chrome Media Router) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-21] CHR Extension: (System Table) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-06-11] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.) R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-06-09] () [File not signed] <==== ATTENTION R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1350112 2014-09-16] (ESET) R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation) S3 SystemUpdate64; C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [593920 2018-06-08] (SystemaRev) [File not signed] <==== ATTENTION R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare) R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120096 2018-01-16] (Wondershare) S2 Canon Driver Information Assist Service; "C:\Program Files\Canon\DIAS\CnxDIAS.exe" [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-08-18] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET) S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10322848 2010-04-15] (Intel Corporation) [File not signed] S3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [144896 2010-04-15] (Intel(R) Corporation) [File not signed] U3 aswbdisk; no ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-11 04:27 - 2018-06-11 04:28 - 000026443 _____ C:\Users\win7\Desktop\FRST.txt 2018-06-11 04:27 - 2018-06-11 04:15 - 002413056 _____ (Farbar) C:\Users\win7\Desktop\FRST64.exe 2018-06-11 04:23 - 2018-06-11 04:23 - 000000404 _____ C:\Users\win7\Desktop\Fixlist.txt 2018-06-11 04:16 - 2018-06-11 04:27 - 000000000 ____D C:\FRST 2018-06-11 04:15 - 2018-06-11 04:15 - 002413056 _____ (Farbar) C:\Users\win7\Downloads\FRST64.exe 2018-06-11 04:04 - 2018-06-11 04:04 - 000003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1528682653 2018-06-11 04:04 - 2018-06-11 04:04 - 000001099 _____ C:\Users\Public\Desktop\Opera Browser.lnk 2018-06-11 04:04 - 2018-06-11 04:04 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2018-06-11 04:03 - 2018-06-11 04:04 - 000000000 ____D C:\Program Files\Opera 2018-06-11 04:03 - 2018-06-11 04:03 - 001354816 _____ (Opera Software) C:\Users\win7\Downloads\OperaSetup.exe 2018-06-11 04:02 - 2018-06-11 04:02 - 000000000 ____D C:\Users\win7\AppData\Roaming\wi2qpuxupxd 2018-06-11 04:02 - 2018-06-11 04:02 - 000000000 ____D C:\Users\win7\AppData\Roaming\ctub1wobjvs 2018-06-11 04:02 - 2018-06-11 04:02 - 000000000 ____D C:\Users\win7\AppData\Roaming\ccc0n12gqok 2018-06-11 04:02 - 2018-06-11 04:02 - 000000000 ____D C:\Program Files\ZWJ39965AD 2018-06-11 04:02 - 2018-06-11 04:02 - 000000000 ____D C:\Program Files\6W1IJ1HNXP 2018-06-11 03:57 - 2018-06-11 03:57 - 000000000 ____D C:\Users\win7\AppData\Roaming\jojub30kxnb 2018-06-11 03:57 - 2018-06-11 03:57 - 000000000 ____D C:\Users\win7\AppData\Roaming\120i322id44 2018-06-11 03:57 - 2018-06-11 03:57 - 000000000 ____D C:\Program Files\MQK555TIFV 2018-06-11 03:57 - 2018-06-11 03:57 - 000000000 ____D C:\Program Files\DM3SDBRN2N 2018-06-11 03:56 - 2018-06-11 03:56 - 000000000 ____D C:\Users\win7\AppData\Roaming\fmzgmxjqrl4 2018-06-11 03:56 - 2018-06-11 03:56 - 000000000 ____D C:\Users\win7\AppData\Roaming\cjxmrpa20sf 2018-06-11 03:56 - 2018-06-11 03:56 - 000000000 ____D C:\Program Files\R6X0PAND02 2018-06-11 03:54 - 2018-06-11 03:54 - 056134208 _____ (Oracle Corporation) C:\Users\win7\Downloads\JavaSetup.exe 2018-06-11 03:51 - 2018-06-11 03:51 - 000000000 ____D C:\Users\win7\AppData\Roaming\vvubncijqd2 2018-06-11 03:51 - 2018-06-11 03:51 - 000000000 ____D C:\Users\win7\AppData\Roaming\hsnnhmewhxw 2018-06-11 03:51 - 2018-06-11 03:51 - 000000000 ____D C:\Users\win7\AppData\Roaming\4omugn1awyo 2018-06-11 03:51 - 2018-06-11 03:51 - 000000000 ____D C:\Program Files\ZM6R1CLMCI 2018-06-11 03:51 - 2018-06-11 03:51 - 000000000 ____D C:\Program Files\DIR07Q8Y42 2018-06-11 03:41 - 2018-06-11 04:00 - 000016700 _____ C:\Windows\System32\Tasks\Sawmenger XP 2018-06-11 03:41 - 2018-06-11 04:00 - 000000410 __RSH C:\ProgramData\ntuser.pol 2018-06-11 03:41 - 2018-06-11 03:41 - 000003826 _____ C:\Windows\System32\Tasks\MainPMgr 2018-06-11 03:41 - 2018-06-11 03:41 - 000003788 _____ C:\Windows\System32\Tasks\Update_4.0.8 2018-06-11 03:41 - 2018-06-11 03:41 - 000000000 ____D C:\Program Files\SystemaRev 2018-06-11 03:40 - 2018-06-11 03:40 - 000003566 _____ C:\Windows\System32\Tasks\FastDataX Task 2018-06-11 03:40 - 2018-06-11 03:40 - 000000000 ____D C:\Program Files\UFVTZJYYNY 2018-06-11 03:39 - 2018-06-11 03:40 - 000000000 ____D C:\Program Files\8ABNBWXL7R 2018-06-11 03:39 - 2018-06-11 03:39 - 000000000 ____D C:\Users\win7\AppData\Roaming\SystemHealer 2018-06-11 03:39 - 2018-06-11 03:39 - 000000000 ____D C:\Users\win7\AppData\Roaming\gbsr4hbzs4e 2018-06-11 03:39 - 2018-06-11 03:39 - 000000000 ____D C:\Users\win7\AppData\Roaming\FastDataX 2018-06-11 03:39 - 2018-06-11 03:39 - 000000000 ____D C:\Users\win7\AppData\Roaming\d0krbp3szxx 2018-06-11 03:39 - 2018-06-11 03:39 - 000000000 ____D C:\Users\win7\AppData\Roaming\a3uaoh4mopl 2018-06-11 03:38 - 2018-06-11 03:55 - 000093696 _____ (jatnsxdnhhvbyxucxt) C:\Users\win7\AppData\Roaming\command.dll 2018-06-11 03:38 - 2018-06-11 03:48 - 000000000 ____D C:\Users\win7\AppData\Roaming\WidModule 2018-06-11 03:38 - 2018-06-11 03:45 - 000000000 ____D C:\Users\win7\AppData\Roaming\MaxiBuy 2018-06-11 03:38 - 2018-06-11 03:42 - 000000000 ____D C:\Program Files (x86)\foldershare 2018-06-11 03:38 - 2018-06-11 03:39 - 000000000 ____D C:\Program Files\BM2VJ9ZVZ4 2018-06-11 03:38 - 2018-06-11 03:38 - 000000000 ____D C:\Users\win7\AppData\Roaming\Python 2018-06-11 03:38 - 2018-06-11 03:38 - 000000000 ____D C:\Users\win7\AppData\Roaming\d1pbfumpr2x 2018-06-11 03:38 - 2018-06-11 03:38 - 000000000 ____D C:\Program Files\My Program 2018-06-11 03:38 - 2018-06-11 03:38 - 000000000 ____D C:\Program Files (x86)\lsJZU 2018-06-11 03:38 - 2018-06-11 03:05 - 000623616 _____ (zloidyahgrwhmvqhwz) C:\Users\win7\AppData\Roaming\product.dll 2018-06-11 03:38 - 2018-03-24 14:51 - 002990080 _____ C:\Windows\system32\mcicda64.dll 2018-06-11 03:37 - 2018-06-11 03:37 - 001157632 _____ C:\Users\win7\Downloads\Windows+Activator+(All+Editions).exe 2018-06-10 22:15 - 2018-06-10 22:15 - 000657476 _____ C:\Users\win7\Downloads\Removewat 2.2.7 pass 123456.rar 2018-06-10 22:15 - 2018-06-10 22:15 - 000003530 _____ C:\Windows\System32\Tasks\PPI Update 2018-06-10 22:15 - 2018-06-10 22:15 - 000000000 ____D C:\Program Files (x86)\Removewat 2.2.7 2018-06-09 19:30 - 2018-06-09 19:30 - 001768136 _____ C:\Users\win7\Downloads\windows-loader-by-daz.zip 2018-06-09 19:30 - 2018-06-09 19:30 - 000003584 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 4086469641 2018-06-09 18:26 - 2018-06-09 18:26 - 002133044 _____ C:\Users\win7\Downloads\Re-Loader-by-r1n.zip 2018-06-09 18:23 - 2018-06-09 18:23 - 002860771 _____ C:\Users\win7\Downloads\Windows_7_Loader (1).zip 2018-06-09 18:20 - 2018-06-09 18:20 - 000477407 _____ C:\Users\win7\Downloads\activatorsetup.zip 2018-06-09 18:12 - 2018-06-09 18:18 - 000000000 ____D C:\Program Files (x86)\Multitimer 2018-06-09 18:12 - 2018-06-09 18:12 - 000003626 _____ C:\Windows\System32\Tasks\snp 2018-06-09 18:12 - 2018-06-09 18:12 - 000003218 _____ C:\Windows\System32\Tasks\snf 2018-06-09 18:11 - 2018-06-09 18:31 - 000000000 __SHD C:\ProgramData\Dikasio 2018-06-09 18:11 - 2018-06-09 18:13 - 000000000 ____D C:\ProgramData\Quoteex 2018-06-09 18:11 - 2018-06-09 18:12 - 000015602 _____ C:\Windows\SysWOW64\findit.xml 2018-06-09 18:11 - 2018-06-09 18:12 - 000000000 ____D C:\ProgramData\Quoteexs 2018-06-09 18:11 - 2018-06-09 18:11 - 007627776 _____ C:\Users\win7\AppData\Local\agent.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 001988902 _____ C:\Users\win7\AppData\Local\Alphait.tst 2018-06-09 18:11 - 2018-06-09 18:11 - 001895382 _____ C:\Users\win7\AppData\Local\Aping.bin 2018-06-09 18:11 - 2018-06-09 18:11 - 000929792 _____ C:\Users\win7\AppData\Local\sham.db 2018-06-09 18:11 - 2018-06-09 18:11 - 000278510 _____ C:\Users\win7\AppData\Local\Stanwarm.tst 2018-06-09 18:11 - 2018-06-09 18:11 - 000140800 _____ C:\Users\win7\AppData\Local\installer.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000126464 _____ C:\Users\win7\AppData\Local\noah.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000070896 _____ C:\Users\win7\AppData\Local\Config.xml 2018-06-09 18:11 - 2018-06-09 18:11 - 000018432 _____ C:\Users\win7\AppData\Local\Main.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000016416 _____ C:\Users\win7\AppData\Local\InstallationConfiguration.xml 2018-06-09 18:11 - 2018-06-09 18:11 - 000005568 _____ C:\Users\win7\AppData\Local\md.xml 2018-06-09 18:11 - 2018-06-09 18:11 - 000000000 ____D C:\Windows\System32\Tasks\System 2018-06-09 18:11 - 2018-06-09 18:11 - 000000000 ____D C:\Users\Public\Documents\XMUpdate 2018-06-09 18:11 - 2018-06-09 18:11 - 000000000 ____D C:\ProgramData\Logic Cramble 2018-06-09 18:11 - 2018-06-09 18:11 - 000000000 ____D C:\Program Files (x86)\dmx 2018-06-09 18:10 - 2018-06-11 04:20 - 000000342 _____ C:\Windows\Tasks\Online Application V2G6.job 2018-06-09 18:10 - 2018-06-11 04:20 - 000000342 _____ C:\Windows\Tasks\Online Application V2G5.job 2018-06-09 18:10 - 2018-06-11 04:20 - 000000342 _____ C:\Windows\Tasks\Online Application V2G4.job 2018-06-09 18:10 - 2018-06-11 04:20 - 000000342 _____ C:\Windows\Tasks\Online Application V2G3.job 2018-06-09 18:10 - 2018-06-11 04:20 - 000000342 _____ C:\Windows\Tasks\Online Application V2G2.job 2018-06-09 18:10 - 2018-06-11 04:20 - 000000342 _____ C:\Windows\Tasks\Online Application V2G1.job 2018-06-09 18:10 - 2018-06-11 03:40 - 000000374 _____ C:\Windows\Tasks\Updater_Online_Application.job 2018-06-09 18:10 - 2018-06-11 03:37 - 000003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application 2018-06-09 18:10 - 2018-06-11 03:37 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G6 2018-06-09 18:10 - 2018-06-11 03:37 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G5 2018-06-09 18:10 - 2018-06-11 03:37 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G4 2018-06-09 18:10 - 2018-06-11 03:37 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G3 2018-06-09 18:10 - 2018-06-11 03:37 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G2 2018-06-09 18:10 - 2018-06-11 03:37 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G1 2018-06-09 18:10 - 2018-06-09 18:10 - 000000000 ____D C:\Users\win7\AppData\Roaming\Microleaves 2018-06-09 18:10 - 2018-06-09 18:10 - 000000000 ____D C:\Users\win7\AppData\Local\AdvinstAnalytics 2018-06-09 18:10 - 2018-06-09 18:10 - 000000000 ____D C:\ProgramData\Blogger 2018-06-09 18:10 - 2018-06-09 18:10 - 000000000 ____D C:\Program Files (x86)\Microleaves 2018-06-09 18:01 - 2018-06-09 18:01 - 000000000 ____D C:\Users\win7\AppData\Roaming\Windows_Activator 2018-06-09 18:00 - 2018-06-09 18:00 - 002860771 _____ C:\Users\win7\Downloads\Windows_7_Loader.zip 2018-05-26 11:15 - 2018-05-29 19:59 - 000000000 ____D C:\Windows\Minidump ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-11 04:27 - 2017-06-27 22:04 - 000000000 ____D C:\Users\win7\AppData\Roaming\uTorrent 2018-06-11 04:20 - 2009-07-14 06:45 - 000065264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-06-11 04:20 - 2009-07-14 06:45 - 000065264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-06-11 04:06 - 2017-08-05 22:40 - 000000316 _____ C:\Windows\Tasks\iToolsDaemon.job 2018-06-11 04:04 - 2016-07-23 21:23 - 000000000 ____D C:\Users\win7\AppData\Roaming\Opera Software 2018-06-11 04:04 - 2016-07-23 21:23 - 000000000 ____D C:\Users\win7\AppData\Local\Opera Software 2018-06-11 03:52 - 2016-07-23 19:33 - 000000000 ____D C:\Program Files (x86)\Opera 2018-06-11 03:52 - 2016-07-23 19:25 - 000001449 _____ C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2018-06-11 03:52 - 2016-07-23 19:25 - 000001415 _____ C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2018-06-11 03:48 - 2017-10-22 14:26 - 000000000 ____D C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steamcore 2018-06-11 03:48 - 2017-10-22 14:26 - 000000000 ____D C:\Users\win7\AppData\Local\Screamer 2018-06-11 03:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-06-11 03:41 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-06-11 03:38 - 2016-07-23 19:36 - 000000000 ____D C:\Program Files (x86)\Google 2018-06-11 03:38 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Windows NT 2018-06-10 22:23 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI 2018-06-10 22:21 - 2018-04-21 06:53 - 000000000 ____D C:\Users\win7\AppData\LocalLow\uTorrent 2018-06-10 22:18 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-10 19:30 - 2016-07-23 19:45 - 000000000 ____D C:\Users\win7\AppData\Roaming\vlc 2018-06-10 14:52 - 2017-06-21 17:13 - 000000000 ____D C:\Users\win7\Desktop\SVE KNJIGE 2018-06-10 02:44 - 2017-06-24 23:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-06-10 01:03 - 2017-08-29 12:30 - 000000000 ____D C:\Users\win7\AppData\Local\ElevatedDiagnostics 2018-06-09 19:36 - 2017-06-21 16:10 - 000000000 ____D C:\Users\UpdatusUser 2018-06-09 18:33 - 2017-08-05 22:40 - 000000000 ____D C:\Program Files (x86)\ThinkSky 2018-06-09 18:28 - 2017-08-05 22:40 - 000003286 _____ C:\Windows\System32\Tasks\iToolsDaemon 2018-06-09 18:17 - 2018-02-03 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2018-06-09 18:17 - 2018-01-04 16:01 - 000000000 ____D C:\ProgramData\Wondershare 2018-06-09 18:12 - 2016-07-23 19:37 - 000002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-06-09 18:12 - 2016-07-23 19:37 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-06-09 18:12 - 2016-07-23 19:35 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2018-06-09 18:12 - 2016-07-23 19:35 - 000001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2018-06-09 18:11 - 2009-07-14 05:20 - 000000000 __RHD C:\Users\Public\Libraries 2018-06-07 13:20 - 2017-06-24 23:48 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-06-07 13:20 - 2017-06-24 23:48 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-06-07 13:20 - 2017-06-24 23:48 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-06-07 13:20 - 2017-06-24 23:48 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-06-07 13:20 - 2017-06-24 23:48 - 000000000 ____D C:\Windows\system32\Macromed 2018-06-06 23:20 - 2017-06-21 16:05 - 000003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings 2018-05-29 22:57 - 2017-08-29 12:39 - 000000000 ____D C:\Users\win7\AppData\Local\Microsoft Games 2018-05-29 19:23 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2018-05-20 18:05 - 2017-06-27 22:04 - 000000818 _____ C:\Users\win7\Desktop\µTorrent.lnk 2018-05-20 18:05 - 2017-06-27 22:04 - 000000798 _____ C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2018-05-17 01:06 - 2016-07-23 19:36 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-05-17 01:06 - 2016-07-23 19:36 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2018-06-11 03:38 - 2018-06-11 03:55 - 000093696 _____ (jatnsxdnhhvbyxucxt) C:\Users\win7\AppData\Roaming\command.dll 2017-06-22 12:27 - 2017-06-22 12:27 - 000370070 _____ () C:\Users\win7\AppData\Roaming\logo_empire_desktop.ico 2018-06-11 03:38 - 2018-06-11 03:05 - 000623616 _____ (zloidyahgrwhmvqhwz) C:\Users\win7\AppData\Roaming\product.dll 2018-06-09 18:11 - 2018-06-09 18:11 - 007627776 _____ () C:\Users\win7\AppData\Local\agent.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 001988902 _____ () C:\Users\win7\AppData\Local\Alphait.tst 2018-06-09 18:11 - 2018-06-09 18:11 - 001895382 _____ () C:\Users\win7\AppData\Local\Aping.bin 2018-06-09 18:11 - 2018-06-09 18:11 - 000070896 _____ () C:\Users\win7\AppData\Local\Config.xml 2018-01-29 21:38 - 2018-01-29 21:38 - 000003584 _____ () C:\Users\win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-06-09 18:11 - 2018-06-09 18:11 - 000016416 _____ () C:\Users\win7\AppData\Local\InstallationConfiguration.xml 2018-06-09 18:11 - 2018-06-09 18:11 - 000140800 _____ () C:\Users\win7\AppData\Local\installer.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000018432 _____ () C:\Users\win7\AppData\Local\Main.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000005568 _____ () C:\Users\win7\AppData\Local\md.xml 2018-06-09 18:11 - 2018-06-09 18:11 - 000126464 _____ () C:\Users\win7\AppData\Local\noah.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000929792 _____ () C:\Users\win7\AppData\Local\sham.db 2018-06-09 18:11 - 2018-06-09 18:11 - 000278510 _____ () C:\Users\win7\AppData\Local\Stanwarm.tst 2018-06-09 18:11 - 2018-06-09 18:11 - 000032038 _____ () C:\Users\win7\AppData\Local\uninstall_temp.ico Files to move or delete: ==================== C:\Users\win7\AppData\Local\Temp\is-THBTD.tmp\up.exe Some files in TEMP: ==================== 2018-06-11 03:40 - 2018-06-11 03:40 - 002064847 _____ () C:\Users\win7\AppData\Local\Temp\xmrig.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2010-11-21 05:24] - [2016-07-23 19:24] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2010-11-21 05:24] - [2016-07-23 19:24] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION LastRegBack: 2018-06-07 21:11 ==================== End of FRST.txt ============================ Dopuna: 11 Jun 2018 4:40 https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 11 Jun 2018 19:30 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	1Ovo se svidja korisniku: magna86 Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. Start CloseProcesses: HKLM\...\Run: [rundll32] => C:\Windows\system32\rundll32.exe "C:\Program Files\Sawmenger XP\Sawmenger XP.dll",elnXHi HKLM\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\app.ex HKLM-x32\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\app.ex HKLM\...\RunOnce: [OMEWPRODUCT_] => C:\Program Files\Windows NT\GOCSX9XWZ6THIUBDEP3J87646MS191I\Z0GJf-FNo5.exe [233984 2018-06-11] () HKLM\...\RunOnce: [unqq2itjeju] => C:\Program Files (x86)\lsJZU\497969.exe [670720 2018-06-10] () HKLM\...\RunOnce: [OMEWPRODUCT_77QM1] => C:\Users\win7\AppData\Local\Temp\is-THBTD.tmp\up.exe [52224 2018-06-11] (CXBN) <==== ATTENTION HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe [536576 2018-06-09] () HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [WMwB6Phku4.exe] => C:\Program Files\Windows NT\GOCSX9XWZ6THIUBDEP3J87646MS191I\WMwB6Phku4.exe [394240 2018-06-11] () HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [JI9Q9AMH5GK07W5] => C:\Program Files\BM2VJ9ZVZ4\BM2VJ9ZVZ.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [5007769] => C:\Users\win7\AppData\Roaming\d1pbfumpr2x\fhfxnlq4zka.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [5497325] => C:\Users\win7\AppData\Roaming\a3uaoh4mopl\5rckcgxrjkz.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [4306173] => C:\Users\win7\AppData\Roaming\d0krbp3szxx\0iai535qldo.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3EOL3XGMBWI8ZNP] => C:\Program Files\8ABNBWXL7R\LZI2JV3M7.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [7450318] => C:\Users\win7\AppData\Roaming\gbsr4hbzs4e\vha5tyaqlo1.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [OK04001PFFQH8XF] => C:\Program Files\UFVTZJYYNY\UFVTZJYYN.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [8515487] => C:\Users\win7\AppData\Roaming\hsnnhmewhxw\tfjzhfnjqty.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [7560465] => C:\Users\win7\AppData\Roaming\vvubncijqd2\hiqnm1t2iis.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [6342919] => C:\Users\win7\AppData\Roaming\4omugn1awyo\3uvnio1jgds.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [WHYFWFGNCLXLG3Y] => C:\Program Files\DIR07Q8Y42\DIR07Q8Y4.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3U4L2G3CRBXAO5Z] => C:\Program Files\ZM6R1CLMCI\ZM6R1CLMC.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3941173] => C:\Users\win7\AppData\Roaming\fmzgmxjqrl4\5xrkph1j51r.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [6OKKO5CXS1C7N0I] => C:\Program Files\R6X0PAND02\R6X0PAND0.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3255819] => C:\Users\win7\AppData\Roaming\cjxmrpa20sf\tmzvfpzxdeu.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [3282095] => C:\Users\win7\AppData\Roaming\120i322id44\yb4yp0jqhqs.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [1762593] => C:\Users\win7\AppData\Roaming\jojub30kxnb\bqh45rnuudb.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [LVO3YWL0I21R3C8] => C:\Program Files\MQK555TIFV\MQK555TIF.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [P2O6WKWA1SW7AT0] => C:\Program Files\DM3SDBRN2N\DM3SDBRN2.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [4667683] => C:\Users\win7\AppData\Roaming\wi2qpuxupxd\pghyjgysjlw.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [1346401] => C:\Users\win7\AppData\Roaming\ctub1wobjvs\cjmgl40jyem.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [2347416] => C:\Users\win7\AppData\Roaming\ccc0n12gqok\scgafir1ufo.exe [554589 2018-06-11] ( ) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [UCSTXK9GKTMV665] => C:\Program Files\6W1IJ1HNXP\6W1IJ1HNX.exe [666624 2018-06-11] (CXBN) HKU\S-1-5-21-506494789-1706831849-2708248724-1000\...\Run: [03P7INIL7E1TY90] => C:\Program Files\ZWJ39965AD\ZWJ39965A.exe [666624 2018-06-11] (CXBN) AppInit_DLLs: C:\ProgramData\Quoteex\Stocknix.dll => C:\ProgramData\Quoteex\Stocknix.dll [342528 2018-06-09] () AppInit_DLLs-x32: C:\ProgramData\Quoteex\Alpha-Top.dll => C:\ProgramData\Quoteex\Alpha-Top.dll [460800 2018-06-09] () ShellExecuteHooks: No Name - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [2990080 2018-03-24] () <==== ATTENTION Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdobeUpdater.vbs [2018-06-09] () Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adsviejd.lnk [2018-06-09] ShortcutTarget: adsviejd.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zoiut.exe.vbs [2018-03-11] () GroupPolicy: Restriction ? <==== ATTENTION HKU\S-1-5-21-506494789-1706831849-2708248724-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} HKU\S-1-5-21-506494789-1706831849-2708248724-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1TXSlcp7hKxNemzvkE3xXLUREXxJjmCOJKSMvMErimMx-hwXjIzH_y9GXbTeILTJBwJI7bnBfG4YybPLCsAcN-UA,, HKU\S-1-5-21-506494789-1706831849-2708248724-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1TXSlcp7hKxNemzvkE3xXLUREXxJjmCOJKSMvMErimMx-hwXjIzH_y9GXbTeILTJBwJI7bnBfG4YybPLCsAcN-UA,, HKU\S-1-5-21-506494789-1706831849-2708248724-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-506494789-1706831849-2708248724-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10405__170627__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-506494789-1706831849-2708248724-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-506494789-1706831849-2708248724-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-506494789-1706831849-2708248724-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtoMUuydOpuy8em5IIgt414t115vhNf6jfDlX4NMd7UohVL7oXgcmyBx-v4CQ9FrAtA8sh305gfKJ1fwiyQ2pFke-9IaU4RrqwsU2hQox5YpkQxkr2GCCdWPSpLZU1B70uULZAZF6bOC_B6A0AQSBxIm0H5FwV6FKzHQQ,,&q={searchTerms} FF user.js: detected! => C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default\user.js [2017-06-30] FF Homepage: Mozilla\Firefox\Profiles\qig4ehrc.default -> file:///C:/ProgramData/Quoteexs/ff.HP FF NewTab: Mozilla\Firefox\Profiles\qig4ehrc.default -> file:///C:/ProgramData/Quoteexs/ff.NT FF Extension: (System Table) - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default\Extensions\143734@modext.tech.xpi [2018-03-01] FF Extension: (System Table) - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default\Extensions\214028@modext.tech.xpi [2018-02-28] FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\qig4ehrc.default\searchplugins\yahoo-lavasoft.xml [2017-08-19] R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-06-09] () [File not signed] <==== ATTENTION S3 SystemUpdate64; C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [593920 2018-06-08] (SystemaRev) [File not signed] <==== ATTENTION S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a <==== ATTENTION 2018-06-11 03:38 - 2018-06-11 03:55 - 000093696 _____ (jatnsxdnhhvbyxucxt) C:\Users\win7\AppData\Roaming\command.dll 2017-06-22 12:27 - 2017-06-22 12:27 - 000370070 _____ () C:\Users\win7\AppData\Roaming\logo_empire_desktop.ico 2018-06-11 03:38 - 2018-06-11 03:05 - 000623616 _____ (zloidyahgrwhmvqhwz) C:\Users\win7\AppData\Roaming\product.dll 2018-06-09 18:11 - 2018-06-09 18:11 - 007627776 _____ () C:\Users\win7\AppData\Local\agent.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 001988902 _____ () C:\Users\win7\AppData\Local\Alphait.tst 2018-06-09 18:11 - 2018-06-09 18:11 - 001895382 _____ () C:\Users\win7\AppData\Local\Aping.bin 2018-06-09 18:11 - 2018-06-09 18:11 - 000070896 _____ () C:\Users\win7\AppData\Local\Config.xml 2018-01-29 21:38 - 2018-01-29 21:38 - 000003584 _____ () C:\Users\win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-06-09 18:11 - 2018-06-09 18:11 - 000016416 _____ () C:\Users\win7\AppData\Local\InstallationConfiguration.xml 2018-06-09 18:11 - 2018-06-09 18:11 - 000140800 _____ () C:\Users\win7\AppData\Local\installer.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000018432 _____ () C:\Users\win7\AppData\Local\Main.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000005568 _____ () C:\Users\win7\AppData\Local\md.xml 2018-06-09 18:11 - 2018-06-09 18:11 - 000126464 _____ () C:\Users\win7\AppData\Local\noah.dat 2018-06-09 18:11 - 2018-06-09 18:11 - 000929792 _____ () C:\Users\win7\AppData\Local\sham.db 2018-06-09 18:11 - 2018-06-09 18:11 - 000278510 _____ () C:\Users\win7\AppData\Local\Stanwarm.tst 2018-06-09 18:11 - 2018-06-09 18:11 - 000032038 _____ () C:\Users\win7\AppData\Local\uninstall_temp.ico Task: {24C02CF1-DFC7-4B64-8A7E-7965ACB926C2} - System32\Tasks\FastDataX Task => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE Task: {282F35E9-F7A8-4374-84C6-4A42DD1B8C81} - System32\Tasks\PPI Update => C:\Windows\explorer.exe "hxxp://windowsdefender.club/warning/download.php?mn=5623" <==== ATTENTION Task: {2B3CC5D0-3966-4D62-BF6F-B11A3D99C68C} - System32\Tasks\System\SystemChecks => C:\Windows\System32\wscript.exe C:\Users\Public\Libraries\Checks.vbs Task: {2D675A19-A11D-4507-A9D7-10C55E34E977} - System32\Tasks\Opera scheduled Autoupdate 4086469641 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\win7\AppData\Roaming\Microsoft\Windows\adsviejd\ctavhrbf.exe" Task: {35493DD8-0565-45BF-A6E4-4DA40D60BAF3} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION Task: {4881B963-9407-4EBD-802E-A97A813FFDF8} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {5DE9939A-52AB-4B37-84FA-A2C1AFE61A9B} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {5F6D8ECE-2A12-4EF7-97E2-98F6B315F6CE} - System32\Tasks\Update_4.0.8 => C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [2018-06-08] (SystemaRev) Task: {640547C8-74EE-4931-BD5D-09723CDF4351} - System32\Tasks\Sawmenger XP => C:\Windows\system32\rundll32.exe "C:\Program Files\Sawmenger XP\Sawmenger XP.dll",elnXHi <==== ATTENTION Task: {6617C6A6-401C-444E-A36B-A64657C9B6E5} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {71C8EA82-F747-4B9D-BA46-45FC522BC6C7} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION Task: {855D9CA3-BED3-45ED-8FBF-0E8210BA8A60} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {995D456F-B957-4D8B-B1F2-0B9AA3CA951A} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {EA49642B-56ED-4CC7-9068-7627E492675E} - System32\Tasks\MainPMgr => powershell -ExecutionPolicy ByPass -File pm.ps1 Task: {F397F92B-82E0-4CBC-BE3B-56EFA65BDAAB} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION Task: {FD5E3AAA-1BC1-4EEC-94BD-75042D4E22F8} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\Windows\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\Windows\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\Windows\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION ShortcutWithArgument: C:\Users\win7\Desktop\Goodgame Empire.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://empire.goodgamestudios.com/?w=357274 ShortcutWithArgument: C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% C:\Users\win7\AppData\Local\Temp\is-THBTD.tmp\up.exe C:\ProgramData\Logic Cramble C:\ProgramData\Dikasio C:\Program Files\Windows NT C:\Users\win7\AppData\Local\Temp\FVEJ1NZ1YV C:\Program Files (x86)\lsJZU C:\Users\win7\AppData\Roaming\d1pbfumpr2x C:\Users\win7\AppData\Roaming\a3uaoh4mopl C:\Users\win7\AppData\Roaming\d0krbp3szxx C:\Users\win7\AppData\Roaming\gbsr4hbzs4e C:\Program Files\UFVTZJYYNY C:\Program Files\SystemaRev C:\Users\win7\AppData\Roaming\hsnnhmewhxw C:\Users\win7\AppData\Roaming\vvubncijqd2 C:\Users\win7\AppData\Roaming\4omugn1awyo C:\Program Files\DIR07Q8Y42 C:\Program Files\ZM6R1CLMCI C:\Users\win7\AppData\Local\Temp\is-THBTD.tmp\up.exe C:\Users\win7\AppData\Roaming\fmzgmxjqrl4 C:\Program Files\R6X0PAND02 C:\Users\win7\AppData\Roaming\cjxmrpa20sf\tmzvfpzxdeu.exe C:\Users\win7\AppData\Local\Temp\is-8HVI6.tmp\tmzvfpzxdeu.tmp C:\Users\win7\AppData\Roaming\120i322id44\yb4yp0jqhqs.exe C:\Users\win7\AppData\Local\Temp\is-65LPS.tmp\yb4yp0jqhqs.tmp C:\Users\win7\AppData\Roaming\jojub30kxnb\bqh45rnuudb.exe C:\Users\win7\AppData\Local\Temp\is-T2SFV.tmp\bqh45rnuudb.tmp C:\Program Files\MQK555TIFV C:\Program Files\DM3SDBRN2N C:\Users\win7\AppData\Roaming\wi2qpuxupxd\pghyjgysjlw.exe C:\Users\win7\AppData\Local\Temp\is-J8PC9.tmp\pghyjgysjlw.tmp C:\Users\win7\AppData\Roaming\ctub1wobjvs\cjmgl40jyem.exe C:\Users\win7\AppData\Local\Temp\is-JMMCK.tmp\cjmgl40jyem.tmp (C:\Users\win7\AppData\Roaming\ccc0n12gqok\scgafir1ufo.exe (C:\Users\win7\AppData\Local\Temp\is-F7CRU.tmp\scgafir1ufo.tmp C:\Program Files\6W1IJ1HNXP C:\Program Files\ZWJ39965AD C:\Program Files\Sawmenger XP C:\ProgramData\Quoteex C:\Windows\System32\mcicda64.dll C:/ProgramData/Quoteexs C:\Users\Public\Libraries\Checks.vbs C:\Users\win7\AppData\Roaming\Microsoft\Windows\adsviejd C:\Program Files (x86)\Microleaves End U okviru Notepad-a klikni na File --> Save As Pod Encoding izaberi UTF-8. Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Iskače mi neki sajt

Ko je trenutno na forumu

Ukupno su 961 korisnika na forumu :: 35 registrovanih, 9 sakrivenih i 917 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, bestguarder, bladesu, bojcistv, bozomotika, Centauro, darkangel, Djokislav, DPera, gomago, Jahorina, kikisp, Kubovac, Metanoja, mgolub, Mi lao shu, mikrimaus, nemkea71, ObelixSRB, repac, Rogan33, royst33, SlaKoj, slonic_tonic, sombrero, Srki94, stegonosa, tubular, vasa.93, Vatreni Zmaj, Volkhov-M, VP6919, W123, yufighter

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by