Iskacu reklame, nasumicno se otvaraju stranice

Iskacu reklame, nasumicno se otvaraju stranice

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Napisano: 03 Sep 2015 22:53

Pozdrav!
Deca instaliraju razne igrice sa interneta i to je glavni problem.
Gotovo da ne moze nista da se radi na lap topu, otvaraju se stranice bez da bilo sta kliknem, iskace bezbroj reklama. Stanje je ocajno. Problem se javio pre najmanje mesec dana.
Kablovski internet. Nije pokusano resavanje problema.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Svetlana Brnovic (administrator) on SVETLANABRNOVIC (03-09-2015 22:39:58)
Running from C:\Users\Svetlana Brnovic\Desktop
Loaded Profiles: Svetlana Brnovic (Available Profiles: Svetlana Brnovic)
Platform: Microsoft Windows 7 Professional (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Bandoo Media Inc.) C:\Users\Svetlana Brnovic\AppData\Local\iLivid\iLivid.exe
(Softonic) C:\Users\Svetlana Brnovic\Desktop\Mikijeve igrice\Softonic\Softonic.exe
(BitTorrent Inc.) C:\Users\Svetlana Brnovic\AppData\Roaming\uTorrent\uTorrent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSrv.exe
(Bandoo Media Inc.) C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
() C:\Program Files\Rotten Black\Rotten Black.exe
(Atheros) C:\Program Files\Dell Wireless\Ath_WlanAgent.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Pearson Longman) C:\Program Files\Longman\Discover English\Discover English Starter\CD-ROM.exe
(BitTorrent Inc.) C:\Users\Svetlana Brnovic\AppData\Roaming\uTorrent\uTorrent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [551408 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [DownShotFree] => C:\Program Files\Mindspark\DownShotFree\DownShotFree.exe [172384 2015-04-19] (Mindspark Interactive Network, Inc.)
HKU\S-1-5-21-581948205-3264908597-154707186-1000\...\Run: [iLivid] => C:\Users\Svetlana Brnovic\AppData\Local\iLivid\iLivid.exe [7913472 2014-05-25] (Bandoo Media Inc.)
HKU\S-1-5-21-581948205-3264908597-154707186-1000\...\Run: [Softonic for Windows] => C:\Users\Svetlana Brnovic\Desktop\Mikijeve igrice\Softonic\Softonic.exe [4170224 2014-05-26] (Softonic)
HKU\S-1-5-21-581948205-3264908597-154707186-1000\...\Run: [uTorrent] => C:\Users\Svetlana Brnovic\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-11] (BitTorrent Inc.)
HKU\S-1-5-21-581948205-3264908597-154707186-1000\...\Run: [Super Optimizer] => C:\Program Files\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies app\datamngr\x64\apcrtldr.dll <===== ATTENTION
GroupPolicyScripts: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-581948205-3264908597-154707186-1000] => array01.isu.gov.me:8080
Tcpip\Parameters: [DhcpNameServer] 81.24.247.61 91.102.231.242
Tcpip\..\Interfaces\{8084B80F-CD58-4BBF-A467-BE8204077D9E}: [DhcpNameServer] 81.24.247.61 91.102.231.242
Tcpip\..\Interfaces\{FDC7966E-97BE-4FFA-9A0A-D909CB3C690C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKU\S-1-5-21-581948205-3264908597-154707186-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKU\S-1-5-21-581948205-3264908597-154707186-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-581948205-3264908597-154707186-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=24391&r=2015/06/19&hid=1700387727904607133&lg=EN&cc=RS&unqvl=90
SearchScopes: HKLM -> {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZR^xpt372^YYA^me&si=installldownload&ptb=395E38BC-4607-4FB8-B144-7E1CECF15335&ind=2013100302&n=77fd790e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=a15946-369&apn_uid=8023004343654925&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=n12521-400&apn_uid=1104013141144155&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=24391&r=2015/06/19&hid=1700387727904607133&lg=EN&cc=RS&unqvl=90
SearchScopes: HKLM -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^hr&si=pconverter&ptb=4F9EE4EE-F106-4303-B5FD-5C78F8E1D76B&ind=2013060317&n=77fcdcdd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=24391&r=2015/06/19&hid=1700387727904607133&lg=EN&cc=RS&unqvl=90
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> 66F04FAA74E9447CB6EF77630D14C677 URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D429C6173165B10B&affID=128550&tt=060614_ctrl&tsp=5270
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=a15946-369&apn_uid=8023004343654925&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=n12521-400&apn_uid=1104013141144155&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=24391&r=2015/06/19&hid=1700387727904607133&lg=EN&cc=RS&unqvl=90
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {F1F1A819-EF32-421B-BB0A-8EF0A5E9DFD6} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: SaveNewaAPPpz -> {32A40C77-BFEE-4852-8C3E-2B7B74F46794} -> C:\Program Files\SaveNewaAPPpz\iuJorLigtVKbaY.dll [2015-07-29] ()
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO: ReeggularDeaals -> {F11D08C3-44BB-445D-B771-B60A8A01E577} -> C:\Program Files\ReeggularDeaals\4uKl41PGvzIPZL.dll [2015-07-19] ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> No Name - {46575637-0076-A76A-76A7-7A786E7484D7} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.hotsearches.info/?pid=24391&r=2015/06/19&hid=1700387727904607133&lg=EN&cc=RS&unqvl=90&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://search.gboxapp.com/
FF Keyword.URL: hxxp://websearch.hotsearches.info/?pid=24391&r=2015/06/19&hid=1700387727904607133&lg=EN&cc=RS&unqvl=90&l=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin: TorchVLC -> C:\Users\Svetlana Brnovic\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-581948205-3264908597-154707186-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Svetlana Brnovic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default\user.js [2014-07-06]
FF SearchPlugin: C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default\searchplugins\ask-search.xml [2013-12-14]
FF SearchPlugin: C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default\searchplugins\Ask.xml [2015-04-19]
FF SearchPlugin: C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default\searchplugins\buenosearch.xml [2014-06-07]
FF SearchPlugin: C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default\searchplugins\WebSearch.xml [2015-07-19]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml [2015-04-19]
FF Extension: SaveNewaAPPpz - C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default\Extensions\sT9@DKD8JLV.org [2015-07-31]
FF Extension: ReGuLarrDealsa - C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default\Extensions\WZ@vPST4ygNY.org [2015-07-31]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-08-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-514&v=a13203-369&t=4","hxxp://blic.rs/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (FilmFanatic) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg [2014-07-06]
CHR Extension: (YouTube) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Google Search) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (Add to Feedly ) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghaljlgnomaiedigplceadckbkkdkfem [2015-07-29]
CHR Extension: (DownShotFree) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdelelcifnpnmiicckihplpfgcadflb [2015-05-04]
CHR Extension: (Domain Error Assistant) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-12-30]
CHR Extension: (libdoge) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbchccfedjkkhlnffjckaghjdpchhmo [2015-07-19]
CHR Extension: (Slick Savings) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-12-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-05]
CHR Extension: (Ask Search) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-04-23]
CHR Extension: (iLivid) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-04-23]
CHR Extension: (FilmFanatic) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojcggonafbneajjmkpkcigabaobmge [2015-05-04]
CHR Extension: (Google Wallet) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
CHR Extension: (ProductivityBoss) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\poickeeehimalfeceghopkmbjdbpbpie [2015-04-26]
CHR HKLM\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Svetlana Brnovic\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx [2014-04-18]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-11-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]

Opera:
=======
OPR StartupUrls: "hxxp://search.babylon.com/?affID=100782&tl=gkn12345&tt=3112_7&babsrc=SP_def_nch_opera&mntrId=36537cd300000000000050e549ed9c44"
OPR Extension: (YouTube Video Downloader) - C:\Users\Svetlana Brnovic\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpcddcfoblbgmnaklcpkbfajnfikinhn [2014-04-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aadcfdbc; c:\Program Files\StatEdit\StatEdit.dll [1795072 2015-06-19] () [File not signed]
R2 AECLFilters; C:\Windows\system32\AECLSrv.exe [81920 2012-05-10] (Andrea Electronics Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-09-08] (Intel Corporation)
R2 DatamngrCoordinator; C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe [3204296 2015-03-23] (Bandoo Media Inc.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [86016 2014-06-14] (Dassault Systèmes) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-07-14] (Flexera Software, Inc.)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 Rotten Black; C:\Program Files\Rotten Black\Rotten Black.exe [8016163 2015-06-11] () [File not signed] <==== ATTENTION
S2 TorchCrashHandler; C:\Users\Svetlana Brnovic\AppData\Local\Torch\Update\TorchCrashHandler.exe [1216520 2014-06-02] (TorchMedia Inc.) <==== ATTENTION
R2 ZAtheros Wlan Agent; C:\Program Files\Dell Wireless\Ath_WlanAgent.exe [81536 2012-10-25] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Update TowerTilt; "C:\Program Files\TowerTilt\updateTowerTilt.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2241024 2012-10-23] (Qualcomm Atheros Communications, Inc.)
R3 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140821.007\BHDrvx86.sys [1138480 2014-08-19] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NIS\1507000.00B\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx86.sys [28672 2012-05-10] (Cirrus Logic)
R3 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-08-28] (Symantec Corporation)
U3 EraserUtilDrv11511; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [122192 2015-08-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [113456 2015-05-29] (Symantec Corporation)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Movies App\Datamngr\setmgrc3.cfg [38472 2015-03-23] (Bandoo Media Inc.)
R3 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140904.002\IDSvix86.sys [476888 2014-08-30] (Symantec Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140904.021\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140904.021\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1507000.00B\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NIS\1507000.00B\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NIS\1507000.00B\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NIS\1507000.00B\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-08-05] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NIS\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NIS\1507000.00B\SYMNETS.SYS [447704 2014-07-23] (Symantec Corporation)
R1 {587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw; C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw.sys [52928 2014-05-30] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [52920 2014-07-05] (StdLib)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-03 22:39 - 2015-09-03 22:40 - 00023712 _____ C:\Users\Svetlana Brnovic\Desktop\FRST.txt
2015-09-03 22:35 - 2015-09-03 22:40 - 00000000 ____D C:\FRST
2015-09-03 22:34 - 2015-09-03 22:34 - 01690624 _____ (Farbar) C:\Users\Svetlana Brnovic\Desktop\FRST.exe
2015-09-03 22:31 - 2015-09-03 22:31 - 01690624 _____ (Farbar) C:\Users\Svetlana Brnovic\Downloads\FRST.exe
2015-08-28 17:47 - 2015-08-28 17:47 - 00000000 ____D C:\Windows\system32\Drivers\NSS
2015-08-28 17:47 - 2015-08-28 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2015-08-28 17:47 - 2015-08-28 17:47 - 00000000 ____D C:\Program Files\Norton Security Scan
2015-08-26 18:24 - 2015-08-26 18:24 - 00000000 ____D C:\Users\Svetlana Brnovic\Documents\Super Optimizer
2015-08-26 18:23 - 2015-08-26 18:23 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\Super Optimizer
2015-08-26 18:18 - 2015-09-03 18:18 - 00000362 _____ C:\Windows\Tasks\Superclean.job
2015-08-26 18:18 - 2015-09-01 09:33 - 00000000 ____D C:\ProgramData\{f8cb7224-29fa-eab1-f8cb-b722429fc890}
2015-08-26 18:18 - 2015-08-26 18:18 - 00001004 _____ C:\Users\Svetlana Brnovic\Desktop\Super Optimizer.lnk
2015-08-26 18:18 - 2015-08-26 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-08-26 18:18 - 2015-08-26 18:18 - 00000000 ____D C:\Program Files\Super Optimizer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-03 22:35 - 2009-07-14 06:34 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 22:35 - 2009-07-14 06:34 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 22:12 - 2013-05-24 03:00 - 01203298 _____ C:\Windows\WindowsUpdate.log
2015-09-03 21:10 - 2015-05-15 12:49 - 00000024 _____ C:\Users\Svetlana Brnovic\AppData\Roaming\appdataFr25.bin
2015-09-03 17:40 - 2013-05-23 21:00 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\vlc
2015-09-03 17:22 - 2013-05-23 18:09 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-02 21:59 - 2015-04-19 22:37 - 00000000 ____D C:\ProgramData\Datamngr
2015-09-02 12:21 - 2014-05-23 15:58 - 00000462 ____H C:\Windows\Tasks\Norton Security Scan for Svetlana Brnovic.job
2015-09-01 21:00 - 2013-06-22 15:24 - 00000000 ____D C:\filmovi
2015-08-31 18:44 - 2014-07-06 17:10 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\.minecraft
2015-08-29 21:29 - 2009-07-14 06:39 - 00070562 _____ C:\Windows\setupact.log
2015-08-28 22:25 - 2014-12-27 21:25 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\ViberPC
2015-08-28 22:25 - 2014-12-27 21:24 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Local\Viber
2015-08-28 17:47 - 2015-01-09 15:48 - 00001371 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2015-08-28 17:47 - 2014-05-23 15:58 - 00000000 ____D C:\ProgramData\Norton
2015-08-26 20:29 - 2014-04-20 13:12 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\uTorrent
2015-08-26 17:39 - 2014-10-26 21:13 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Local\CrashDumps
2015-08-26 17:38 - 2013-05-23 18:26 - 00121930 _____ C:\Windows\PFRO.log
2015-08-26 17:38 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-11 19:45 - 2013-06-07 17:11 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Local\Google

==================== Files in the root of some directories =======

2015-05-15 12:49 - 2015-09-03 21:10 - 0000024 _____ () C:\Users\Svetlana Brnovic\AppData\Roaming\appdataFr25.bin
2014-04-06 21:11 - 2014-04-10 00:26 - 0000868 _____ () C:\Users\Svetlana Brnovic\AppData\Roaming\LiveSupport.exe_log.txt
2014-04-06 21:11 - 2014-04-06 21:11 - 0000086 _____ () C:\Users\Svetlana Brnovic\AppData\Roaming\regsvr32.exe_log.txt
2014-05-05 21:20 - 2014-08-05 22:17 - 0000068 _____ () C:\Users\Svetlana Brnovic\AppData\Roaming\WB.CFG
2013-05-24 21:44 - 2015-03-16 14:36 - 0005632 _____ () C:\Users\Svetlana Brnovic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-09 22:49 - 2014-01-09 22:49 - 0004096 ____H () C:\Users\Svetlana Brnovic\AppData\Local\keyfile3.drm
2013-12-11 01:00 - 2013-12-11 01:00 - 0000000 _____ () C:\Users\Svetlana Brnovic\AppData\Local\{B83C740C-ACE6-4C9C-9DE8-921323C5D53A}

Some files in TEMP:
====================
C:\Users\Svetlana Brnovic\AppData\Local\Temp\46470-671488-microsoft-office-visio-professional.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\BackupSetup.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\CloudBackup5466.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\DownloadManager.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\htmlayout.dll
C:\Users\Svetlana Brnovic\AppData\Local\Temp\ICReinstall_minecraft1.7.5(zabranjeno)ed5bfullinstaller5d5bonline5d5bserverlist5d_BitLord.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\instloffer.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\oi_{CA5B92E4-9D29-4ED9-ABC0-36487CD102FD}.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\Softonic_EN_1-5-11_EN-Production_10_CleanRelease.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\supoptsetup.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\toolbar2306638.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\toolbar2315967.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\toolbar2663043.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\toolbar2955959.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall-updater782581.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall-updater808385.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall176066.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall184998.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall502918.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall516054.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall789898.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall818354.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall818370.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\Update.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\utt4B01.tmp.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\utt821.tmp.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\W9xjCIddVt.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\Xvid.dll
C:\Users\Svetlana Brnovic\AppData\Local\Temp\_isA331.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS_10408.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS_19689.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-02 12:47

==================== End of FRST.txt ============================
Ne mogu prikaciti Addition.txt fajl. Ne reaguje na Prikaci fajl.

Dopuna: 03 Sep 2015 23:22

Osvezio sam Mozilu i uspeo prikaciti fajl.
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe. Ako neki odbije deinstalaciju preskoči ga i pređi na sljedeći.

50CCoauPonas
bestadblocker
DownShotFree Supporting Application
iLivid
JoniCoupoN
Movies Toolbar for Chrome
Movies Toolbar for Internet Explorer
NetResource
PriceMiiNus
ReeggularDeaals
RobooSavverr
SaveLotse
SaveNewaAPPpz
Super Optimizer v3.2
TAkeTheiCoupon
Wikipedia search



Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"




Arrow Korak 3

Ponovo pokreni FRST, označi opciju Addition.txt, klikni na Scan i kada završi postavi mi nove FRST.txt izvještaje.

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Uklonio sam sve programe sem poslednjeg.

Korak 2.
mycity.rs/must-login.png

Korak 3.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Svetlana Brnovic (administrator) on SVETLANABRNOVIC (04-09-2015 18:32:08)
Running from C:\Users\Svetlana Brnovic\Desktop
Loaded Profiles: Svetlana Brnovic (Available Profiles: Svetlana Brnovic)
Platform: Microsoft Windows 7 Professional (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSrv.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\Rotten Black\Rotten Black.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(BitTorrent Inc.) C:\Users\Svetlana Brnovic\AppData\Roaming\uTorrent\uTorrent.exe
(Atheros) C:\Program Files\Dell Wireless\Ath_WlanAgent.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [551408 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-581948205-3264908597-154707186-1000\...\Run: [uTorrent] => C:\Users\Svetlana Brnovic\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-09-04] (BitTorrent Inc.)
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-581948205-3264908597-154707186-1000] => array01.isu.gov.me:8080
Tcpip\Parameters: [DhcpNameServer] 81.24.247.61 91.102.231.242
Tcpip\..\Interfaces\{8084B80F-CD58-4BBF-A467-BE8204077D9E}: [DhcpNameServer] 81.24.247.61 91.102.231.242
Tcpip\..\Interfaces\{FDC7966E-97BE-4FFA-9A0A-D909CB3C690C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-581948205-3264908597-154707186-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {F1F1A819-EF32-421B-BB0A-8EF0A5E9DFD6} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> No Name - {46575637-0076-A76A-76A7-7A786E7484D7} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Svetlana Brnovic\AppData\Roaming\Mozilla\Firefox\Profiles\71gyn5qj.default
FF Homepage: google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-581948205-3264908597-154707186-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Svetlana Brnovic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-09-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://blic.rs/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (YouTube) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Google Search) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (DownShotFree) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdelelcifnpnmiicckihplpfgcadflb [2015-05-04]
CHR Extension: (Norton Security Toolbar) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-05]
CHR Extension: (FilmFanatic) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojcggonafbneajjmkpkcigabaobmge [2015-05-04]
CHR Extension: (Google Wallet) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
CHR Extension: (ProductivityBoss) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\poickeeehimalfeceghopkmbjdbpbpie [2015-04-26]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx <not found>
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]

Opera:
=======
OPR StartupUrls: "hxxp://search.babylon.com/?affID=100782&tl=gkn12345&tt=3112_7&babsrc=SP_def_nch_opera&mntrId=36537cd300000000000050e549ed9c44"
OPR Extension: (YouTube Video Downloader) - C:\Users\Svetlana Brnovic\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpcddcfoblbgmnaklcpkbfajnfikinhn [2014-04-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AECLFilters; C:\Windows\system32\AECLSrv.exe [81920 2012-05-10] (Andrea Electronics Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-09-08] (Intel Corporation)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [86016 2014-06-14] (Dassault Systèmes) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-07-14] (Flexera Software, Inc.)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 Rotten Black; C:\Program Files\Rotten Black\Rotten Black.exe [8016163 2015-06-11] () [File not signed] <==== ATTENTION
R2 ZAtheros Wlan Agent; C:\Program Files\Dell Wireless\Ath_WlanAgent.exe [81536 2012-10-25] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Update TowerTilt; "C:\Program Files\TowerTilt\updateTowerTilt.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2241024 2012-10-23] (Qualcomm Atheros Communications, Inc.)
R3 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140821.007\BHDrvx86.sys [1138480 2014-08-19] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NIS\1507000.00B\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx86.sys [28672 2012-05-10] (Cirrus Logic)
R3 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-08-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-08-28] (Symantec Corporation)
R3 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140904.002\IDSvix86.sys [476888 2014-08-30] (Symantec Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140904.021\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140904.021\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1507000.00B\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NIS\1507000.00B\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NIS\1507000.00B\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NIS\1507000.00B\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-08-05] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NIS\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NIS\1507000.00B\SYMNETS.SYS [447704 2014-07-23] (Symantec Corporation)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S1 {587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw; system32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw.sys [X]
S1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w; system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 18:32 - 2015-09-04 18:33 - 00014213 _____ C:\Users\Svetlana Brnovic\Desktop\FRST.txt
2015-09-04 18:28 - 2015-09-04 18:28 - 00044000 _____ C:\Users\Svetlana Brnovic\Desktop\AdwCleaner[C1].txt
2015-09-04 18:10 - 2015-09-04 18:10 - 00000008 _____ C:\Users\Svetlana Brnovic\Desktop\LL.txt
2015-09-04 18:03 - 2015-09-04 18:17 - 00000000 ____D C:\AdwCleaner
2015-09-04 18:00 - 2015-09-04 18:00 - 01654272 _____ C:\Users\Svetlana Brnovic\Desktop\AdwCleaner.exe
2015-09-04 17:56 - 2015-09-04 17:56 - 00000000 ____D C:\Program Files\CutterProc
2015-09-04 17:55 - 2015-09-04 17:55 - 00000000 _____ C:\Users\Svetlana Brnovic\AppData\Local\Temp.dat
2015-09-04 17:54 - 2015-09-04 17:54 - 00000000 ____D C:\Program Files\softutiful
2015-09-03 23:11 - 2015-09-03 23:11 - 00242752 _____ C:\Firefox Setup Stub 40.0.3.exe
2015-09-03 22:35 - 2015-09-04 18:32 - 00000000 ____D C:\FRST
2015-09-03 22:34 - 2015-09-03 22:34 - 01690624 _____ (Farbar) C:\Users\Svetlana Brnovic\Desktop\FRST.exe
2015-09-03 22:31 - 2015-09-03 22:31 - 01690624 _____ (Farbar) C:\Users\Svetlana Brnovic\Downloads\FRST.exe
2015-08-28 17:47 - 2015-08-28 17:47 - 00000000 ____D C:\Windows\system32\Drivers\NSS
2015-08-28 17:47 - 2015-08-28 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2015-08-28 17:47 - 2015-08-28 17:47 - 00000000 ____D C:\Program Files\Norton Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 18:33 - 2014-04-20 13:12 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\uTorrent
2015-09-04 18:32 - 2013-05-24 03:00 - 01210847 _____ C:\Windows\WindowsUpdate.log
2015-09-04 18:27 - 2013-05-23 18:26 - 00168144 _____ C:\Windows\PFRO.log
2015-09-04 18:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-04 18:27 - 2009-07-14 06:39 - 00070674 _____ C:\Windows\setupact.log
2015-09-04 17:47 - 2009-07-14 06:34 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-04 17:47 - 2009-07-14 06:34 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-04 17:43 - 2013-05-23 18:09 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-04 17:39 - 2015-04-19 22:37 - 00000000 ____D C:\ProgramData\Datamngr
2015-09-04 17:38 - 2013-12-11 23:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-04 17:38 - 2013-12-11 17:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-03 23:12 - 2013-12-11 23:24 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-03 23:12 - 2013-12-11 23:24 - 00001065 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-03 21:10 - 2015-05-15 12:49 - 00000024 _____ C:\Users\Svetlana Brnovic\AppData\Roaming\appdataFr25.bin
2015-09-03 17:40 - 2013-05-23 21:00 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\vlc
2015-09-02 12:21 - 2014-05-23 15:58 - 00000462 ____H C:\Windows\Tasks\Norton Security Scan for Svetlana Brnovic.job
2015-09-01 21:00 - 2013-06-22 15:24 - 00000000 ____D C:\filmovi
2015-08-31 18:44 - 2014-07-06 17:10 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\.minecraft
2015-08-28 22:25 - 2014-12-27 21:25 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Roaming\ViberPC
2015-08-28 22:25 - 2014-12-27 21:24 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Local\Viber
2015-08-28 17:47 - 2015-01-09 15:48 - 00001371 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2015-08-28 17:47 - 2014-05-23 15:58 - 00000000 ____D C:\ProgramData\Norton
2015-08-26 17:39 - 2014-10-26 21:13 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Local\CrashDumps
2015-08-11 19:45 - 2013-06-07 17:11 - 00000000 ____D C:\Users\Svetlana Brnovic\AppData\Local\Google

==================== Files in the root of some directories =======

2015-05-15 12:49 - 2015-09-03 21:10 - 0000024 _____ () C:\Users\Svetlana Brnovic\AppData\Roaming\appdataFr25.bin
2014-05-05 21:20 - 2014-08-05 22:17 - 0000068 _____ () C:\Users\Svetlana Brnovic\AppData\Roaming\WB.CFG
2013-05-24 21:44 - 2015-03-16 14:36 - 0005632 _____ () C:\Users\Svetlana Brnovic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-09 22:49 - 2014-01-09 22:49 - 0004096 ____H () C:\Users\Svetlana Brnovic\AppData\Local\keyfile3.drm
2015-09-04 17:55 - 2015-09-04 17:55 - 0000000 _____ () C:\Users\Svetlana Brnovic\AppData\Local\Temp.dat
2013-12-11 01:00 - 2013-12-11 01:00 - 0000000 _____ () C:\Users\Svetlana Brnovic\AppData\Local\{B83C740C-ACE6-4C9C-9DE8-921323C5D53A}

Some files in TEMP:
====================
C:\Users\Svetlana Brnovic\AppData\Local\Temp\46470-671488-microsoft-office-visio-professional.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\BackupSetup.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\CloudBackup5466.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\DownloadManager.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\htmlayout.dll
C:\Users\Svetlana Brnovic\AppData\Local\Temp\ICReinstall_minecraft1.7.5(zabranjeno)ed5bfullinstaller5d5bonline5d5bserverlist5d_BitLord.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\instloffer.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\oi_{CA5B92E4-9D29-4ED9-ABC0-36487CD102FD}.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\Softonic_EN_1-5-11_EN-Production_10_CleanRelease.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\sqlite3.dll
C:\Users\Svetlana Brnovic\AppData\Local\Temp\supoptsetup.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\toolbar2306638.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\toolbar2315967.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\toolbar2663043.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\toolbar2955959.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall-updater782581.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall-updater808385.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall176066.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall184998.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall502918.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall516054.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall789898.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall818354.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\uninstall818370.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\utt4B01.tmp.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\utt821.tmp.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\W9xjCIddVt.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\Xvid.dll
C:\Users\Svetlana Brnovic\AppData\Local\Temp\_isA331.exe
C:\Users\Svetlana Brnovic\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS_19689.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-02 12:47

==================== End of FRST.txt ============================

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL =
Toolbar: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> No Name - {46575637-0076-A76A-76A7-7A786E7484D7} - No File
CHR Extension: (FilmFanatic) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojcggonafbneajjmkpkcigabaobmge [2015-05-04]
CHR Extension: (ProductivityBoss) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\poickeeehimalfeceghopkmbjdbpbpie [2015-04-26]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx <not found>
OPR StartupUrls: "hxxp://search.babylon.com/?affID=100782&tl=gkn12345&tt=3112_7&babsrc=SP_def_nch_opera&mntrId=36537cd300000000000050e549ed9c44"
OPR Extension: (YouTube Video Downloader) - C:\Users\Svetlana Brnovic\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpcddcfoblbgmnaklcpkbfajnfikinhn [2014-04-18]
R2 Rotten Black; C:\Program Files\Rotten Black\Rotten Black.exe [8016163 2015-06-11] () [File not signed] <==== ATTENTION
S2 Update TowerTilt; "C:\Program Files\TowerTilt\updateTowerTilt.exe" [X]
S1 {587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw; system32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw.sys [X]
S1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w; system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [X]
CustomCLSID: HKU\S-1-5-21-581948205-3264908597-154707186-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Svetlana Brnovic\AppData\Local\Temp\2268\temp\Five Nights at Freddys for PC.exe ()
Task: {853CD089-F678-4230-B8FF-286183E8BE1C} - System32\Tasks\SimpleFiles Update Service => C:\Program Files\SimpleFilesUpdater\SimpleFilesUpdater.exe
FirewallRules: [{685ED612-69E6-4506-8EBC-AA467E3C190A}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{AB80C98D-C027-4BE7-B6E5-D4EE0A9659AE}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{76635C9C-E0AC-4463-8FF7-CD3FE4CFC519}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{A6223C66-D395-4916-A091-D9AED5BDC81D}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{1E4511F2-DFAA-439E-A893-CB82E64BEDD1}] => (Allow) C:\Program Files\GoforFiles\goforfilesdl.exe
FirewallRules: [{BAEBA50C-C995-44F0-B64A-C4F3805FE542}] => (Allow) C:\Program Files\GoforFiles\goforfilesdl.exe
FirewallRules: [{A0D239EF-6648-4F84-BBC5-438567E466E5}] => (Allow) C:\Program Files\GoforFiles\GoforFiles.exe
FirewallRules: [{92FFF864-48A9-4CA1-AFC8-B12CDD681333}] => (Allow) C:\Program Files\GoforFiles\GoforFiles.exe
FirewallRules: [{1B8F932A-C6FB-4AC4-B95C-C6B5A52CA6EA}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{88A34659-CE62-415F-8F98-D77A9AF97356}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{7DE02872-63F4-4D1D-8129-550D2EFFC4C0}] => (Allow) C:\Users\Svetlana Brnovic\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{E23923AB-6891-460A-A0D4-43F908A73F75}] => (Allow) C:\Users\Svetlana Brnovic\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{6BBAD5DF-28ED-41CE-88C9-54883E315A1E}] => (Allow) C:\Users\Svetlana Brnovic\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{FA604458-D729-4C1C-9409-0E75EF87858D}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{7ECC15D6-8567-4EF7-A748-F354E4F14522}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{78C51808-41AF-4817-B3BB-C73526DC9545}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{2DEF35A0-9288-4018-8163-5EC72408F527}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{26EEFAA3-A1A2-480D-80FA-A01926136109}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{F9FF53F3-3F3D-4F6E-9A2B-8846A15FE7B6}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
C:\Program Files\Rotten Black
C:\Program Files\Common Files\Spigot
C:\Program Files\TowerTilt
C:\WINDOWS\system32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw.sys
C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys
C:\Program Files\CutterProc
C:\Program Files\softutiful
C:\ProgramData\Datamngr
C:\Program Files\SimpleFilesUpdater
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Fix result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Svetlana Brnovic (2015-09-04 19:31:14) Run:1
Running from C:\Users\Svetlana Brnovic\Desktop
Loaded Profiles: Svetlana Brnovic (Available Profiles: Svetlana Brnovic)
Boot Mode: Normal

==============================================

fixlist content:
*****************
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL =
SearchScopes: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL =
Toolbar: HKU\S-1-5-21-581948205-3264908597-154707186-1000 -> No Name - {46575637-0076-A76A-76A7-7A786E7484D7} - No File
CHR Extension: (FilmFanatic) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojcggonafbneajjmkpkcigabaobmge [2015-05-04]
CHR Extension: (ProductivityBoss) - C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\poickeeehimalfeceghopkmbjdbpbpie [2015-04-26]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx <not found>
OPR StartupUrls: "hxxp://search.babylon.com/?affID=100782&tl=gkn12345&tt=3112_7&babsrc=SP_def_nch_opera&mntrId=36537cd300000000000050e549ed9c44"
OPR Extension: (YouTube Video Downloader) - C:\Users\Svetlana Brnovic\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpcddcfoblbgmnaklcpkbfajnfikinhn [2014-04-18]
R2 Rotten Black; C:\Program Files\Rotten Black\Rotten Black.exe [8016163 2015-06-11] () [File not signed] <==== ATTENTION
S2 Update TowerTilt; "C:\Program Files\TowerTilt\updateTowerTilt.exe" [X]
S1 {587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw; system32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw.sys [X]
S1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w; system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [X]
CustomCLSID: HKU\S-1-5-21-581948205-3264908597-154707186-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Svetlana Brnovic\AppData\Local\Temp\2268\temp\Five Nights at Freddys for PC.exe ()
Task: {853CD089-F678-4230-B8FF-286183E8BE1C} - System32\Tasks\SimpleFiles Update Service => C:\Program Files\SimpleFilesUpdater\SimpleFilesUpdater.exe
FirewallRules: [{685ED612-69E6-4506-8EBC-AA467E3C190A}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{AB80C98D-C027-4BE7-B6E5-D4EE0A9659AE}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{76635C9C-E0AC-4463-8FF7-CD3FE4CFC519}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{A6223C66-D395-4916-A091-D9AED5BDC81D}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{1E4511F2-DFAA-439E-A893-CB82E64BEDD1}] => (Allow) C:\Program Files\GoforFiles\goforfilesdl.exe
FirewallRules: [{BAEBA50C-C995-44F0-B64A-C4F3805FE542}] => (Allow) C:\Program Files\GoforFiles\goforfilesdl.exe
FirewallRules: [{A0D239EF-6648-4F84-BBC5-438567E466E5}] => (Allow) C:\Program Files\GoforFiles\GoforFiles.exe
FirewallRules: [{92FFF864-48A9-4CA1-AFC8-B12CDD681333}] => (Allow) C:\Program Files\GoforFiles\GoforFiles.exe
FirewallRules: [{1B8F932A-C6FB-4AC4-B95C-C6B5A52CA6EA}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{88A34659-CE62-415F-8F98-D77A9AF97356}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{7DE02872-63F4-4D1D-8129-550D2EFFC4C0}] => (Allow) C:\Users\Svetlana Brnovic\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{E23923AB-6891-460A-A0D4-43F908A73F75}] => (Allow) C:\Users\Svetlana Brnovic\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{6BBAD5DF-28ED-41CE-88C9-54883E315A1E}] => (Allow) C:\Users\Svetlana Brnovic\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{FA604458-D729-4C1C-9409-0E75EF87858D}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{7ECC15D6-8567-4EF7-A748-F354E4F14522}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{78C51808-41AF-4817-B3BB-C73526DC9545}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{2DEF35A0-9288-4018-8163-5EC72408F527}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{26EEFAA3-A1A2-480D-80FA-A01926136109}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{F9FF53F3-3F3D-4F6E-9A2B-8846A15FE7B6}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
C:\Program Files\Rotten Black
C:\Program Files\Common Files\Spigot
C:\Program Files\TowerTilt
C:\WINDOWS\system32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw.sys
C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys
C:\Program Files\CutterProc
C:\Program Files\softutiful
C:\ProgramData\Datamngr
C:\Program Files\SimpleFilesUpdater
EmptyTemp:


*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => key removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Policies\Google" => key removed successfully.
HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58}" => key removed successfully.
HKCR\CLSID\{46197f3d-30e7-4905-a14b-02bee3aaeb58} => key not found.
"HKU\S-1-5-21-581948205-3264908597-154707186-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}" => key removed successfully.
HKCR\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => key not found.
HKU\S-1-5-21-581948205-3264908597-154707186-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{46575637-0076-A76A-76A7-7A786E7484D7} => value removed successfully.
HKCR\CLSID\{46575637-0076-A76A-76A7-7A786E7484D7} => key not found.
C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojcggonafbneajjmkpkcigabaobmge => moved successfully
C:\Users\Svetlana Brnovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\poickeeehimalfeceghopkmbjdbpbpie => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => key removed successfully.
Opera StartupUrls removed successfully.
C:\Users\Svetlana Brnovic\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpcddcfoblbgmnaklcpkbfajnfikinhn => moved successfully
Rotten Black => Service stopped successfully.
Rotten Black => service removed successfully.
Update TowerTilt => service removed successfully.
{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw => service removed successfully.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}w => service removed successfully.
"HKU\S-1-5-21-581948205-3264908597-154707186-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{853CD089-F678-4230-B8FF-286183E8BE1C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{853CD089-F678-4230-B8FF-286183E8BE1C}" => key removed successfully.
C:\Windows\System32\Tasks\SimpleFiles Update Service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SimpleFiles Update Service" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{685ED612-69E6-4506-8EBC-AA467E3C190A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB80C98D-C027-4BE7-B6E5-D4EE0A9659AE} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76635C9C-E0AC-4463-8FF7-CD3FE4CFC519} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6223C66-D395-4916-A091-D9AED5BDC81D} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E4511F2-DFAA-439E-A893-CB82E64BEDD1} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAEBA50C-C995-44F0-B64A-C4F3805FE542} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0D239EF-6648-4F84-BBC5-438567E466E5} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92FFF864-48A9-4CA1-AFC8-B12CDD681333} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B8F932A-C6FB-4AC4-B95C-C6B5A52CA6EA} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88A34659-CE62-415F-8F98-D77A9AF97356} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DE02872-63F4-4D1D-8129-550D2EFFC4C0} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E23923AB-6891-460A-A0D4-43F908A73F75} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BBAD5DF-28ED-41CE-88C9-54883E315A1E} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA604458-D729-4C1C-9409-0E75EF87858D} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7ECC15D6-8567-4EF7-A748-F354E4F14522} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78C51808-41AF-4817-B3BB-C73526DC9545} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DEF35A0-9288-4018-8163-5EC72408F527} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26EEFAA3-A1A2-480D-80FA-A01926136109} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9FF53F3-3F3D-4F6E-9A2B-8846A15FE7B6} => value removed successfully.
C:\Program Files\Rotten Black => moved successfully
"C:\Program Files\Common Files\Spigot" => File/Folder not found.
"C:\Program Files\TowerTilt" => File/Folder not found.
"C:\WINDOWS\system32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw.sys" => File/Folder not found.
"C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys" => File/Folder not found.
C:\Program Files\CutterProc => moved successfully
C:\Program Files\softutiful => moved successfully
C:\ProgramData\Datamngr => moved successfully
"C:\Program Files\SimpleFilesUpdater" => File/Folder not found.
EmptyTemp: => 8.7 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:34:21 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?


Arrow

Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.


- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.




• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.


• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.




Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Stanje je mnooogo bolje.
Nema reklama, ne otvaraju se strane bez mojih komandi...
E sad... Pokreću se neki programi koje bi možda trebalo isključiti, ali nije moj računar pa to neću dirati. Very Happy
Mislim da ste ga opravili Very Happy


mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow
Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.



Arrow

NA tom računaru bi trebalo ažurirati softver. Počev od Windowsa i instalacije Service Packa1 za 7 do isntaliranja najnovijeg Flash Playera.

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Hvala lepo na odvojenom vremenu i trudu.

Ko je trenutno na forumu
 

Ukupno su 800 korisnika na forumu :: 33 registrovanih, 6 sakrivenih i 761 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., amaterSRB, Bane san, dankisha, darkangel, djo97, Drug pukovnik, Dzoni90, ekser222, Georgius, goflja76, HrcAk47, Igrutinovic, ivan1973, Jovan Nenad, krlebgd77, MB120mm, mercedesamg, Milan A. Nikolic, Milos ZA, Misirac, Mlav, Mugy, Nekicoveculjak, nemkea71, pacika, repac, rodoljub, Srle993, Steeeefan, Toni, Vlad000