Iskačući prozori

Iskačući prozori

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7613
  • Gde živiš: ovalni kabinet

Od pre par dana pojavio se problem sa iskačućim prozorima - to sam naročito primetio na našem forumu, kada idem od teme do teme, iskače mi beli prozor sa reklamnim glupostima i lažnim vestima poput "zaradite milion kod kuće" i slične budalaštine.

Evo FRST.txt izveštaja

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2017
Ran by User (administrator) on USER-PC (02-07-2017 20:26:22)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe [1997296 2015-05-15] (Baidu, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [583680 2012-03-12] (MyCity)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-04-13] (Glarysoft Ltd)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [31098960 2017-06-12] (Viber Media S.à r.l.)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.2.69 10.10.2.79
Tcpip\..\Interfaces\{820120E6-6C81-4102-90BA-95FD020751F5}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C67570C3-AAA9-4241-BE44-2BB7C2CDB677}: [DhcpNameServer] 10.10.2.69 10.10.2.79
Tcpip\..\Interfaces\{DFF3AF8C-6ACA-41CD-80F2-99343C4FB2ED}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-17] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-17] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default [2017-06-28]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\zqpgwt7a.default -> Google encrypted
FF Homepage: Mozilla\Firefox\Profiles\zqpgwt7a.default -> hxxps://www.google.com/
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\artur.dubovoy@gmail.com [2017-05-11]
FF Extension: (Battlefield Play4Free) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\battlefieldplay4free@ea.com [2013-04-12] [not signed]
FF Extension: (MEGA) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\firefox@mega.co.nz.xpi [2017-06-28]
FF Extension: (Gmail Watcher) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\gmailwatcher@sonthakit.xpi [2013-06-01] [not signed]
FF Extension: (YouTube mp3) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\info@youtube-mp3.org.xpi [2016-04-27]
FF Extension: (Test Pilot) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\testpilot@labs.mozilla.com.xpi [2016-08-30]
FF Extension: (PageTweak) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi [2016-04-27]
FF Extension: (AniWeather) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2016-04-27]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-05-19]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-11]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\searchplugins\google-encrypted.xml [2015-07-22]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-11] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-11] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-17] (Oracle Corporation)
FF Plugin: @live.heroesandgenerals.com/npretox -> C:\Program Files\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2015-11-10] (Reto-Moto ApS)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-20] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-20] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.rs/
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-02]
CHR Extension: (Google Translate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-12-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (Blue/Green Cubes) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iipbjjaibkibpabddphfcgbngfhhfkml [2016-02-16]
CHR Extension: (Video Downloader All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk [2017-06-23]
CHR Extension: (TV for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe [2017-01-22]
CHR Extension: (Video DownloadHelper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-10-28] (SUPERAntiSpyware.com) [File not signed]
R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe [2572928 2015-05-15] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdSandboxSrv.exe [391200 2015-03-05] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe [531232 2015-05-15] (Baidu, Inc.)
S3 HnGService; D:\GAME\Heroes & Generals\live\hngservice.exe [777512 2017-05-21] (Reto-Moto ApS)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-07-15] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [214520 2017-06-08] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [254232 2016-08-30] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-08-07] ()
S3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdApiUtil.sys [101448 2015-05-15] (Baidu, Inc.)
R3 bdark; C:\Windows\system32\drivers\bdark.sys [82376 2015-04-20] ()
S3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdCameraProtect.sys [21384 2015-05-15] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [197624 2015-03-05] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51144 2015-05-15] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31176 2015-05-15] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74888 2015-05-15] (Baidu, Inc.)
R3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [138184 2015-05-15] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75400 2015-05-15] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [461192 2015-05-15] (Baidu, Inc.)
R3 BNmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\Bnmon.sys [84936 2015-05-15] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [195528 2015-05-15] (Baidu, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-26] (Disc Soft Ltd)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [17504 2012-01-12] ( )
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2015-04-21] (Glarysoft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-02-16] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-08-07] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 20:26 - 2017-07-02 20:27 - 00019918 _____ C:\Users\User\Desktop\FRST.txt
2017-07-02 20:26 - 2017-07-02 20:26 - 00000000 ____D C:\FRST
2017-07-02 20:24 - 2017-07-02 20:24 - 01781248 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2017-06-28 00:48 - 2017-06-28 02:46 - 00003268 _____ C:\Users\User\Desktop\govor.txt
2017-06-27 23:23 - 2017-06-27 23:23 - 00000000 ____D C:\Tools
2017-06-26 13:49 - 2017-06-26 13:49 - 00000000 ____D C:\Users\User\Desktop\2017-06-26 13-48-57
2017-06-26 11:49 - 2017-06-26 11:49 - 01110564 _____ (Igor Pavlov) C:\Users\User\Downloads\7_Zip_(32bit)_v16.04.exe
2017-06-26 11:47 - 2017-06-26 11:48 - 14706712 _____ (Adobe Systems Inc.) C:\Users\User\Downloads\Adobe_Shockwave_Player_v12.2.9.199.exe
2017-06-26 11:46 - 2017-06-26 11:46 - 03086696 _____ C:\Users\User\Downloads\SpeedFan_v4.52.exe
2017-06-25 03:07 - 2017-06-25 03:07 - 00000733 _____ C:\Users\User\.recently-used.xbel
2017-06-23 18:50 - 2017-06-23 18:50 - 00630413 _____ C:\Users\User\Desktop\AnalysisLog.sr0
2017-06-20 13:38 - 2017-07-02 20:13 - 00000000 ____D C:\Users\User\AppData\Local\Viber
2017-06-15 16:48 - 2017-06-15 16:48 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 20:23 - 2011-07-14 16:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-02 20:17 - 2015-01-07 15:48 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-02 20:16 - 2011-07-14 16:14 - 00401604 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-02 20:16 - 2009-07-14 06:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-02 20:16 - 2009-07-14 06:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-02 20:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-07-02 20:13 - 2015-03-21 21:02 - 00000000 ____D C:\Users\User\AppData\Roaming\ViberPC
2017-07-02 20:12 - 2015-04-21 20:23 - 00000318 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2017-07-02 20:11 - 2015-04-21 20:23 - 00000000 ____D C:\Program Files\Glary Utilities 5
2017-07-02 20:11 - 2015-03-21 21:04 - 00000000 ____D C:\Users\User\Documents\ViberDownloads
2017-07-02 20:11 - 2012-12-12 19:29 - 00000000 ____D C:\ProgramData\MCShield
2017-07-02 20:11 - 2011-09-06 21:01 - 00000380 _____ C:\Windows\Tasks\AutoSmartDefrag.job
2017-07-02 20:11 - 2011-07-14 16:13 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-02 20:11 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-29 14:53 - 2013-04-24 20:48 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job
2017-06-29 11:20 - 2012-01-18 19:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-28 14:36 - 2011-07-18 09:31 - 00000000 ____D C:\Users\User\AppData\Roaming\XnView
2017-06-28 14:25 - 2011-07-15 14:44 - 00000000 ____D C:\Program Files\SpeedFan
2017-06-27 22:29 - 2013-07-18 13:21 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-27 22:29 - 2011-08-07 10:20 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 20:53 - 2013-04-24 20:48 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job
2017-06-27 17:55 - 2012-05-18 08:47 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-06-27 17:55 - 2011-09-26 22:39 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-06-27 17:55 - 2011-07-15 10:42 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-06-26 15:04 - 2016-03-20 12:54 - 00000000 ____D C:\Users\User\AppData\Local\Arma 3
2017-06-26 14:59 - 2011-07-14 16:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-06-26 13:41 - 2011-07-16 09:59 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-06-26 11:48 - 2012-05-01 18:46 - 00000000 ____D C:\Windows\system32\Adobe
2017-06-26 11:46 - 2011-07-15 14:44 - 00000969 _____ C:\Users\User\Desktop\speedfan.lnk
2017-06-26 11:46 - 2011-07-15 14:44 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2017-06-26 11:38 - 2009-07-14 06:53 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-25 18:40 - 2016-03-20 14:38 - 00000000 ____D C:\Users\User\Documents\Arma 3
2017-06-25 03:01 - 2017-03-29 22:58 - 00000000 ____D C:\Users\User\AppData\Roaming\inkscape
2017-06-23 19:03 - 2012-05-08 19:46 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-06-23 19:03 - 2009-07-14 06:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-23 19:02 - 2014-01-10 00:27 - 00006593 _____ C:\Users\Public\Documents\s.t.a.l.k.e.r.ltx
2017-06-15 20:16 - 2011-07-15 10:49 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2017-06-15 16:20 - 2014-02-24 23:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Media Player Classic
2017-06-15 16:19 - 2014-06-06 19:08 - 00000000 ____D C:\Users\User\AppData\Roaming\AIMP3
2017-06-08 19:00 - 2011-07-15 14:25 - 00137464 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2017-06-08 18:59 - 2011-07-15 14:25 - 00214520 _____ C:\Windows\system32\PnkBstrB.xtr
2017-06-08 18:59 - 2011-07-15 14:25 - 00214520 _____ C:\Windows\system32\PnkBstrB.exe
2017-06-08 18:59 - 2011-07-15 14:25 - 00214520 _____ C:\Windows\system32\PnkBstrB.ex0
2017-06-04 13:33 - 2016-12-18 16:41 - 00000000 ____D C:\Users\User\AppData\Local\lazarus

==================== Files in the root of some directories =======

2015-10-04 23:05 - 2015-10-04 23:05 - 0000046 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2015-10-04 23:05 - 2015-10-04 23:05 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2015-10-04 23:05 - 2015-10-04 23:05 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2015-10-04 23:05 - 2015-10-04 23:05 - 0004535 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2015-10-04 23:05 - 2015-10-04 23:05 - 0000000 _____ () C:\Users\User\AppData\Roaming\CamStudio.Producer.Data.ini
2015-10-04 23:05 - 2015-10-04 23:05 - 0001206 _____ () C:\Users\User\AppData\Roaming\CamStudio.Producer.ini
2016-03-29 17:34 - 2016-03-29 17:34 - 0054505 _____ () C:\Users\User\AppData\Roaming\ExpressZip.dmp
2014-07-23 12:30 - 2014-07-23 12:30 - 0000154 _____ () C:\Users\User\AppData\Roaming\FileShred.log
2011-07-17 15:27 - 2013-04-13 12:47 - 0138056 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys
2015-10-04 23:05 - 2015-10-04 23:05 - 0000096 _____ () C:\Users\User\AppData\Roaming\version2.xml
2011-07-15 14:01 - 2017-05-12 19:13 - 0099840 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-05 22:43 - 2012-12-05 22:43 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
2011-09-07 20:28 - 2013-05-12 21:07 - 0007599 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2016-10-12 16:25 - 2016-10-12 16:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-06-26 11:47 - 2017-06-28 14:25 - 0192512 _____ () C:\Users\User\AppData\Local\Temp\sfamcc00001.dll
2017-06-28 14:25 - 2017-06-28 14:25 - 0158720 _____ () C:\Users\User\AppData\Local\Temp\sfareca00001.dll
2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Users\User\AppData\Local\Temp\sfextra.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-22 01:49

==================== End of FRST.txt ============================

Addition.txt izveštaj :

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 525

Pozdrav,
vidim da su aktivni i Windows Defender i Baidu AV, zamolio bih te da jednog isključiš.
Također vidim velik broj softvera za "optimizaciju" sustava, osobna preporuka jest da ih ne koristiš te da ih ukloniš sa sustava.


Ukloni sljedeće:
Glary Utilities
DriverToolkit



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.32.8\psuser.dll => No File
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} =>  -> No File
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} =>  -> No File
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ContextMenuHandlers01: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
ContextMenuHandlers04: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
ContextMenuHandlers02: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Pitanja:
Mogu li dobiti screenshot reklama u browseru?
Pojavljuju li se reklame u svim browserima ili samo u nekima?
Imaš li na tim browserima (u kojima se pojavljuju) instaliran adblocker kao što je AdGuard?
Vidim da je Windows Update servis isključen, jesi li ga ti isključio, ako jesi, zašto?

Javi kakvo je stanje.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7613
  • Gde živiš: ovalni kabinet

Evo par screenshotova snimljenih pre minut posle restarta kompa...






Izveštaj Fixlog

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-07-2017
Ran by User (02-07-2017 22:54:29) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.32.8\psuser.dll => No File
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => -> No File
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => -> No File
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => -> No File
ContextMenuHandlers01: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} => -> No File
ContextMenuHandlers04: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} => -> No File
ContextMenuHandlers02: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} => -> No File
EmptyTemp:
*****************

Restore point was successfully created.
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully.
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay1 => key removed successfully.
HKLM\Software\Classes\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay2 => key removed successfully.
HKLM\Software\Classes\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay3 => key removed successfully.
HKLM\Software\Classes\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock => key removed successfully.
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CopyPathExt => key removed successfully.
HKLM\Software\Classes\CLSID\{7E41911F-13AA-11D3-A831-00104B9E30B5} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\CopyPathExt => key removed successfully.
HKLM\Software\Classes\CLSID\{7E41911F-13AA-11D3-A831-00104B9E30B5} => key not found.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\CopyPathExt => key removed successfully.
HKLM\Software\Classes\CLSID\{7E41911F-13AA-11D3-A831-00104B9E30B5} => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64657540 B
Java, Flash, Steam htmlcache => 119963454 B
Windows/system/drivers => 1510152 B
Edge => 0 B
Chrome => 861239109 B
Firefox => 410212399 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100986 B
LocalService => 66228 B
NetworkService => 24280 B
User => 9336405 B

RecycleBin => 90682 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.


- Pitanje - zašto da uklonim Glary utilities kad mi je jedan od korisnih programa na kompu ?
- Windows update sam isključio jer smatram da je beskoristan - čini mi se (ne mogu u potpunosti da tvrdim) da nisam dobijao update za win 7.

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 525

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CHR Extension: (Video Downloader All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk [2017-06-23]
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Javi kakvo je sad stanje.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7613
  • Gde živiš: ovalni kabinet

Oo je uklonjeno u roku od 3 sekunde Wink

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-07-2017
Ran by User (03-07-2017 15:26:57) Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CHR Extension: (Video Downloader All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk [2017-06-23]
*****************

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk => moved successfully

==== End of Fixlog 15:26:58 ====

Ne znam sada još kakvo je stanje, malopre sam uključio komp i bila je neka glupost za YouTube da sam osvojio nagradu Smile - videćemo još posle ovog, javljam u toku dana (sata, minuta, zavisi Wink )

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7613
  • Gde živiš: ovalni kabinet

Evo, malo je duže trajala provera (nisam bio juče ceo dan kod kuće), danas sam namerno istestirao pola sata komp i vidim da je sve ok, nema više onih gluposti.

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 525

Finalna provjera:
Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7613
  • Gde živiš: ovalni kabinet

Nije bilo ništa pronađeno - evo i log fajl

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 525

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 522 korisnika na forumu :: 16 registrovanih, 3 sakrivenih i 503 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bojan313, cvrle312, dakota, Drug pukovnik, esx66, Fisherman2, Georgius, goxin, MB120mm, Misha V, nedjabanderas, nikoladi, pavle_pzs2, rkekoke, Simazr, Vik2