Moguc virus

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav svima,

Danas sam instalirao neki programcic sa interneta i prilikom instalacije tog programa otvorilo se jos mnostvo drugih programa i poceli su instalaciju sami za sebe. Nakon njihovog instaliranja svi pretrazivaci u start meniju su drugacije obojeni nego sto su bili a kada se pokrene bilo koji od njih preusmjerava me na neku stranicu iz Rusije. Osim toga na desktopu su se pojavile neke igrice koje sam uspjeo da izbrisem sa desktopa ali one ne postoje u program files ili u spisku instaliranih programa. Nakon pokretanja mejla u inboxu je bila poruka koja me preusmjerila na stranicu nekog univerziteta u kanadi a kada sam izasao sa te stranice poruke vise nije bilo u inboxu a nisam je ja brisao.
U prilogu su FRST fajlovi sa racunara.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2016 01
Ran by Lela (administrator) on LELA-PC (17-06-2016 14:50:30)
Running from C:\Users\Lela\Desktop
Loaded Profiles: Lela (Available Profiles: Lela)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(HPP) C:\Program Files\HPProtector\HPProtectorSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-1399073334-2068643651-995666700-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1399073334-2068643651-995666700-1000\...\MountPoints2: {20329738-d930-11e5-b18a-e02a822776b5} - F:\AutoRun.exe
HKU\S-1-5-21-1399073334-2068643651-995666700-1000\...\MountPoints2: {20329749-d930-11e5-b18a-e02a822776b5} - F:\AutoRun.exe
Startup: C:\Users\Lela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-02-03]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 129.250.35.250 8.8.8.8
Tcpip\..\Interfaces\{539EF9B8-BC15-4887-A9BF-7F19A2E0574B}: [DhcpNameServer] 129.250.35.250 8.8.8.8
Tcpip\..\Interfaces\{BD1450EF-DEBE-40D2-9851-5B9024CEA944}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-1399073334-2068643651-995666700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files\Torrent Search\IEEF\0MjDulaEls67.dll [2016-06-17] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lela\AppData\Roaming\Mozilla\Firefox\Profiles\vb00lhnk.default
FF Homepage: [Link mogu videti samo ulogovani korisnici]
about:preferences
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2015-04-06] (Verimatrix, Inc.)
FF Plugin HKU\S-1-5-21-1399073334-2068643651-995666700-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2015-04-06] (Verimatrix, Inc.)
FF Extension: TSearch - C:\Users\Lela\AppData\Roaming\Mozilla\Firefox\Profiles\vb00lhnk.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-06-17] [not signed]

Chrome:
=======
CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici]
CHR Profile: C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-07]
CHR Extension: (Google документи) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-07]
CHR Extension: (Google диск) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-07]
CHR Extension: (YouTube) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-07]
CHR Extension: (Adblock Plus) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-06]
CHR Extension: (Google табеле) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-07]
CHR Extension: (Google документи офлајн) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Lela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-07]

Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (TSearch) - C:\Users\Lela\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmddhpjnnanhbjphobcnmaojmonnjib [2016-06-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [117552 2015-05-20] ()
R2 HPProtector Service; C:\Program Files\HPProtector\HPProtectorSrv.exe [531584 2016-06-14] (HPP)
R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [154928 2015-05-20] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 MySQLISUTFDEMO; C:\INFOSISTEMDEMO\MySQL\bin\mysqld --defaults-file=C:\INFOSISTEMDEMO\MySQL\my.ini MySQLISUTFDEMO

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [72376 2015-08-20] (Advanced Card Systems Ltd.)
S3 evserial8; C:\Windows\System32\DRIVERS\evserial8.sys [18592 2015-07-15] (ELTIMA Software)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [65152 2006-09-29] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 VSBC8; C:\Windows\System32\DRIVERS\evsbc8.sys [88224 2015-07-15] (ELTIMA Software)
R4 cm_km; system32\DRIVERS\cm_km.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2015-05-07] (Huawei Technologies Co., Ltd.)
R4 kl1; system32\DRIVERS\kl1.sys [X]
R4 klbackupdisk; system32\DRIVERS\klbackupdisk.sys [X]
R4 klbackupflt; system32\DRIVERS\klbackupflt.sys [X]
R4 kldisk; system32\DRIVERS\kldisk.sys [X]
R4 klflt; system32\DRIVERS\klflt.sys [X]
R4 klhk; system32\DRIVERS\klhk.sys [X]
R4 KLIF; system32\DRIVERS\klif.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
R4 klpd; system32\DRIVERS\klpd.sys [X]
R4 kltdi; system32\DRIVERS\kltdi.sys [X]
R4 kneps; system32\DRIVERS\kneps.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 14:50 - 2016-06-17 14:50 - 00009456 _____ C:\Users\Lela\Desktop\FRST.txt
2016-06-17 14:50 - 2016-06-17 14:50 - 00000000 ____D C:\FRST
2016-06-17 14:49 - 2016-06-17 14:48 - 01737216 _____ (Farbar) C:\Users\Lela\Desktop\FRST.exe
2016-06-17 14:48 - 2016-06-17 14:48 - 01737216 _____ (Farbar) C:\Users\Lela\Downloads\FRST.exe
2016-06-17 14:06 - 2016-06-17 14:06 - 00000000 ____D C:\Users\Lela\AppData\LocalLow\TSearch
2016-06-17 14:05 - 2016-06-17 14:51 - 00000346 _____ C:\Windows\Tasks\PED_Torrent_Search.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000304 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000304 _____ C:\Windows\Tasks\Update Service for Torrent Search.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2016-06-17 14:05 - 2016-06-17 14:05 - 00000000 ____D C:\Program Files\Torrent Search
2016-06-17 14:04 - 2016-06-17 14:04 - 00001891 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-06-17 14:04 - 2016-06-17 14:04 - 00001885 _____ C:\Users\Lela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-06-17 14:04 - 2016-06-17 14:04 - 00001879 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-06-17 14:04 - 2016-06-17 14:04 - 00001819 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk
2016-06-17 14:04 - 2016-06-17 14:04 - 00001476 __RSH C:\ProgramData\ntuser.pol
2016-06-17 14:04 - 2016-06-17 14:04 - 00000000 ____D C:\Program Files\HPProtector
2016-06-17 14:03 - 2016-06-17 14:04 - 00000000 ____D C:\Users\Lela\AppData\Roaming\Checkers
2016-06-17 14:00 - 2016-06-17 14:01 - 04159089 _____ C:\Users\Lela\Downloads\Kaspersky 2016 Trial Reset.rar
2016-06-17 13:32 - 2016-06-17 13:32 - 00013253 _____ C:\Users\Lela\Desktop\5554000013466425_16062016.pdf
2016-06-17 13:31 - 2016-06-17 13:31 - 00013253 _____ C:\Users\Lela\Downloads\5554000013466425_16062016.pdf
2016-06-15 16:58 - 2016-06-15 16:58 - 00028484 _____ C:\Users\Lela\Downloads\ASPxGridView1.xls
2016-06-07 12:43 - 2016-06-07 12:43 - 00114743 _____ C:\Users\Lela\Desktop\europass (1).pdf
2016-06-06 16:20 - 2016-06-06 07:20 - 00782905 ____N C:\Users\Lela\Desktop\Certificate_2.pdf
2016-06-06 16:20 - 2016-06-06 07:20 - 00751406 ____N C:\Users\Lela\Desktop\Certificate_1.pdf
2016-06-06 16:17 - 2016-06-06 16:17 - 00084113 _____ C:\Users\Lela\Desktop\MS_Learning_Transcript.PDF
2016-05-29 11:56 - 2016-05-29 11:57 - 00000000 ____D C:\Users\Lela\Desktop\leline bubetine

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 14:39 - 2016-02-04 14:44 - 00000000 ____D C:\Users\Lela\AppData\Roaming\Skype
2016-06-17 14:15 - 2016-03-07 14:04 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 14:06 - 2016-02-10 23:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-17 14:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-06-17 14:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-06-17 13:16 - 2016-04-23 12:39 - 00000000 ____D C:\Program Files\Opera
2016-06-17 13:09 - 2016-01-22 17:35 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-17 13:05 - 2016-03-07 14:04 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 13:05 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-12 12:34 - 2009-07-14 06:53 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-05 13:43 - 2016-02-04 14:43 - 00000000 ___RD C:\Program Files\Skype
2016-06-05 13:43 - 2016-02-04 14:43 - 00000000 ____D C:\ProgramData\Skype

Some files in TEMP:
====================
C:\Users\Lela\AppData\Local\Temp\0qr20mcw.exe
C:\Users\Lela\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Lela\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Lela\AppData\Local\Temp\JFS.exe
C:\Users\Lela\AppData\Local\Temp\JSM.exe
C:\Users\Lela\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 14:27

==================== End of FRST.txt ============================

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Unaprijed hvala na pomoci i odvojenom vremenu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

Deinstaliraj TSearch

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
Task: {60736625-E086-4B52-A80C-E773F3567F98} - System32\Tasks\Update Service for Torrent Search2 => C:\Program Files\Torrent Search\HC2UDVA.exe [2016-06-17] () <==== ATTENTION
Task: {C4262E3F-C8ED-4DA4-B643-CFD6B9C4357C} - System32\Tasks\PED_Torrent_Search => Rundll32.exe ooHlff7.dll,#67 <==== ATTENTION
Task: {C9F4297E-A117-426C-ABDF-A38AB85230D3} - System32\Tasks\Update Service for Torrent Search => C:\Program Files\Torrent Search\HC2UDVA.exe [2016-06-17] () <==== ATTENTION
Task: C:\Windows\Tasks\PED_Torrent_Search.job => C:\ProgramData\Torrent_Search_PED\rundll32.exeooHlff7.dll <==== ATTENTION
Task: C:\Windows\Tasks\Update Service for Torrent Search.job => C:\Program Files\Torrent Search\HC2UDVA.exe <==== ATTENTION
Task: C:\Windows\Tasks\Update Service for Torrent Search2.job => C:\Program Files\Torrent Search\HC2UDVA.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Public\DRM:وهو يتحرك [48]
Folder: C:\Program Files\HPProtector
Folder: C:\Users\Lela\AppData\Roaming\Checkers
OPR Extension: (TSearch) - C:\Users\Lela\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmddhpjnnanhbjphobcnmaojmonnjib [2016-06-17]
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files\Torrent Search\IEEF\0MjDulaEls67.dll [2016-06-17] ()
FF Extension: TSearch - C:\Users\Lela\AppData\Roaming\Mozilla\Firefox\Profiles\vb00lhnk.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-06-17] [not signed]
HKU\S-1-5-21-1399073334-2068643651-995666700-1000\...\MountPoints2: {20329738-d930-11e5-b18a-e02a822776b5} - F:\AutoRun.exe
HKU\S-1-5-21-1399073334-2068643651-995666700-1000\...\MountPoints2: {20329749-d930-11e5-b18a-e02a822776b5} - F:\AutoRun.exe
2016-06-17 14:06 - 2016-06-17 14:06 - 00000000 ____D C:\Users\Lela\AppData\LocalLow\TSearch
2016-06-17 14:05 - 2016-06-17 14:51 - 00000346 _____ C:\Windows\Tasks\PED_Torrent_Search.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000304 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000304 _____ C:\Windows\Tasks\Update Service for Torrent Search.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2016-06-17 14:05 - 2016-06-17 14:05 - 00000000 ____D C:\Program Files\Torrent Search
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

---------------

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Malo kasnim sa odgovorom. Evo logova:

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-06-2016
Ran by Lela (2016-06-18 22:25:48) Run:1
Running from C:\Users\Lela\Desktop
Loaded Profiles: Lela (Available Profiles: Lela)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {60736625-E086-4B52-A80C-E773F3567F98} - System32\Tasks\Update Service for Torrent Search2 => C:\Program Files\Torrent Search\HC2UDVA.exe [2016-06-17] () <==== ATTENTION
Task: {C4262E3F-C8ED-4DA4-B643-CFD6B9C4357C} - System32\Tasks\PED_Torrent_Search => Rundll32.exe ooHlff7.dll,#67 <==== ATTENTION
Task: {C9F4297E-A117-426C-ABDF-A38AB85230D3} - System32\Tasks\Update Service for Torrent Search => C:\Program Files\Torrent Search\HC2UDVA.exe [2016-06-17] () <==== ATTENTION
Task: C:\Windows\Tasks\PED_Torrent_Search.job => C:\ProgramData\Torrent_Search_PED\rundll32.exeooHlff7.dll <==== ATTENTION
Task: C:\Windows\Tasks\Update Service for Torrent Search.job => C:\Program Files\Torrent Search\HC2UDVA.exe <==== ATTENTION
Task: C:\Windows\Tasks\Update Service for Torrent Search2.job => C:\Program Files\Torrent Search\HC2UDVA.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Public\DRM:??? ????? [48]
Folder: C:\Program Files\HPProtector
Folder: C:\Users\Lela\AppData\Roaming\Checkers
OPR Extension: (TSearch) - C:\Users\Lela\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmddhpjnnanhbjphobcnmaojmonnjib [2016-06-17]
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files\Torrent Search\IEEF\0MjDulaEls67.dll [2016-06-17] ()
FF Extension: TSearch - C:\Users\Lela\AppData\Roaming\Mozilla\Firefox\Profiles\vb00lhnk.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-06-17] [not signed]
HKU\S-1-5-21-1399073334-2068643651-995666700-1000\...\MountPoints2: {20329738-d930-11e5-b18a-e02a822776b5} - F:\AutoRun.exe
HKU\S-1-5-21-1399073334-2068643651-995666700-1000\...\MountPoints2: {20329749-d930-11e5-b18a-e02a822776b5} - F:\AutoRun.exe
2016-06-17 14:06 - 2016-06-17 14:06 - 00000000 ____D C:\Users\Lela\AppData\LocalLow\TSearch
2016-06-17 14:05 - 2016-06-17 14:51 - 00000346 _____ C:\Windows\Tasks\PED_Torrent_Search.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000304 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000304 _____ C:\Windows\Tasks\Update Service for Torrent Search.job
2016-06-17 14:05 - 2016-06-17 14:05 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2016-06-17 14:05 - 2016-06-17 14:05 - 00000000 ____D C:\Program Files\Torrent Search
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60736625-E086-4B52-A80C-E773F3567F98} => key not found.
C:\Windows\System32\Tasks\Update Service for Torrent Search2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service for Torrent Search2 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4262E3F-C8ED-4DA4-B643-CFD6B9C4357C} => key not found.
C:\Windows\System32\Tasks\PED_Torrent_Search => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PED_Torrent_Search => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9F4297E-A117-426C-ABDF-A38AB85230D3} => key not found.
C:\Windows\System32\Tasks\Update Service for Torrent Search => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service for Torrent Search => key not found.
C:\Windows\Tasks\PED_Torrent_Search.job => not found.
C:\Windows\Tasks\Update Service for Torrent Search.job => not found.
C:\Windows\Tasks\Update Service for Torrent Search2.job => not found.
"C:\Users\Public\DRM" => "?? ?????" ADS not found.

========================= Folder: C:\Program Files\HPProtector ========================

2016-06-14 17:05 - 2016-06-14 17:05 - 0531584 _____ (HPP) C:\Program Files\HPProtector\HPProtectorSrv.exe
2016-06-14 17:12 - 2016-06-14 17:12 - 0228579 _____ (HPProtector) C:\Program Files\HPProtector\uninstaller.exe
2016-06-14 17:19 - 2016-06-14 17:19 - 0456832 _____ (Candy) C:\Program Files\HPProtector\WebLauncher.exe

====== End of Folder: ======


========================= Folder: C:\Users\Lela\AppData\Roaming\Checkers ========================


====== End of Folder: ======

C:\Users\Lela\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmddhpjnnanhbjphobcnmaojmonnjib => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} => key not found.
"HKCR\CLSID\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}" => key removed successfully.
C:\Users\Lela\AppData\Roaming\Mozilla\Firefox\Profiles\vb00lhnk.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} => not found.
"HKU\S-1-5-21-1399073334-2068643651-995666700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20329738-d930-11e5-b18a-e02a822776b5}" => key removed successfully.
HKCR\CLSID\{20329738-d930-11e5-b18a-e02a822776b5} => key not found.
"HKU\S-1-5-21-1399073334-2068643651-995666700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20329749-d930-11e5-b18a-e02a822776b5}" => key removed successfully.
HKCR\CLSID\{20329749-d930-11e5-b18a-e02a822776b5} => key not found.
"C:\Users\Lela\AppData\LocalLow\TSearch" => not found.
"C:\Windows\Tasks\PED_Torrent_Search.job" => not found.
"C:\Windows\Tasks\Update Service for Torrent Search2.job" => not found.
"C:\Windows\Tasks\Update Service for Torrent Search.job" => not found.
"C:\ProgramData\Torrent_Search_PED" => not found.
"C:\Program Files\Torrent Search" => not found.

=========== EmptyTemp: ==========
BITS transfer queue => 8388608 bytes
DOMStore, thumbcache, IE Recovery, AppCache, Feeds Cache, IconCache => 103670334 bytes
Java, Flash, Steam htmlcache => 0 bytes
Windows/system/drivers => 17595955 bytes
Edge => 0 bytes
Chrome => 14194020 bytes
Firefox => 23105840 bytes
Opera => 51850693 bytes

Temp, IE cache, history, cookies, recent:
Default => 0 bytes
Public => 0 bytes
ProgramData => 0 bytes
systemprofile => 17855 bytes
LocalService => 66708 bytes
NetworkService => 31774 bytes
Lela => 123974288 bytes

RecycleBin => 6892922 bytes
EmptyTemp: => 333.6 MB temporary data Removed.
================================


The system needed a reboot.

==== End of Fixlog 22:26:28 ====


[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ponovo pokreni AdwCleaner i klikni ovaj put Clean, kao sto je receno prvi put.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 18 Jun 2016 23:38

Kliknuo sam i prvi put i evo ponovo cu uraditi proceduru.

Dopuna: 18 Jun 2016 23:48

Novi log:

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Jun 2016 9:22

Nepromjenjeno. Isto kao na pocetku. Odmah nakon pokretanja brosera pocinju da se posjecuju raznorazni sajtovi i to sve u okviru jedne kartice. Nakon toga zaustavi se sve na ru.alliexpress.... nigdje nema u broseru nista promjenjeno u odnosu na podesavanja koja sam ja postavio a ipak nekako povlaci te stranice kao pocetne.

Dopuna: 19 Jun 2016 13:02

Problem je rijesen. Uradio sam cistu instalaciju windows-a.
Hvala na pomoci. Tema moze biti zatvorena.

Pozdrav..