Novi prozori

1

Novi prozori

offline
  • Pridružio: 24 Okt 2015
  • Poruke: 15

Twisted Evil Otvaraju mi se novi prozori i reklame i avast mi izbacuje url:mal
to se dogadja vec desetak dana



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-10-2015
Ran by Bulidza (administrator) on BULIDZA-PC (24-10-2015 16:26:56)
Running from C:\Users\Bulidza\Desktop
Loaded Profiles: Bulidza (Available Profiles: Bulidza)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\vsnpstd3.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\RayDld\ihpmServer.exe
(BitTorrent Inc.) C:\Users\Bulidza\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(BitTorrent Inc.) C:\Users\Bulidza\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(BitTorrent Inc.) C:\Users\Bulidza\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(BitTorrent Inc.) C:\Users\Bulidza\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugincontainer.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\10\Plugin.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\12\Plugin.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\12\Plugin.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
() C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\3\Plugin.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\5\Plugin.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\7\Plugin.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\8\Plugin.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\7\Plugin.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\2\Plugin.exe
() C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugins\3\Plugin.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-06] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-07] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [49152 2006-05-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4166654727-837129639-749496253-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-4166654727-837129639-749496253-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-4166654727-837129639-749496253-1000\...\Run: [uTorrent] => C:\Users\Bulidza\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.)
HKU\S-1-5-21-4166654727-837129639-749496253-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-4166654727-837129639-749496253-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-4166654727-837129639-749496253-1000\...\MountPoints2: {81001e42-dc8f-11e4-a49e-d03290e31dfd} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4166654727-837129639-749496253-1000\...\MountPoints2: {ce73e95d-53ef-11e5-b7ef-10c37ba0375c} - F:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-06] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{7D902423-9DE3-4C40-9917-7AB29E1CDAD6}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
HKU\S-1-5-21-4166654727-837129639-749496253-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKU\S-1-5-21-4166654727-837129639-749496253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4166654727-837129639-749496253-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166654727-837129639-749496253-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166654727-837129639-749496253-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150922__yaie&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-06] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: High Stairs -> {45e60e41-85ee-4c01-9dac-1ecb9bf64179} -> C:\Program Files (x86)\High Stairs\Extensions\45e60e41-85ee-4c01-9dac-1ecb9bf64179.dll [2015-10-18] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-06] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-06] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-06] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: sweet-page
FF Homepage: hxxps://www.google.rs/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-06] (Oracle Corporation)
FF user.js: detected! => C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318\user.js [2015-10-18]
FF SearchPlugin: C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318\searchplugins\sweet-page.xml [2015-10-18]
FF Extension: deskCut - C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318\Extensions\deskCutv2@gmail.com [2015-10-18] [not signed]
FF Extension: High Stairs - C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318\Extensions\{f71803bf-05c3-4884-818c-fe39b4d1616f}.xpi [2015-10-18] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318\extensions\deskCutv2@gmail.com

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-06] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-06] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [270568 2015-10-12] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 Service Mgr HighStairs; C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugincontainer.exe [1045736 2015-10-24] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 Update Mgr HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [610024 2015-10-24] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-06] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-09-22] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-06] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-24 16:26 - 2015-10-24 16:27 - 00019764 _____ C:\Users\Bulidza\Desktop\FRST.txt
2015-10-24 16:19 - 2015-10-24 16:27 - 00000000 ____D C:\FRST
2015-10-24 16:18 - 2015-10-24 16:18 - 02196480 _____ (Farbar) C:\Users\Bulidza\Desktop\FRST64.exe
2015-10-23 05:10 - 2015-10-24 07:43 - 00000224 _____ C:\Windows\setupact.log
2015-10-23 05:10 - 2015-10-23 05:10 - 00000000 _____ C:\Windows\setuperr.log
2015-10-18 18:16 - 2015-10-18 18:16 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-10-18 18:15 - 2015-10-24 14:55 - 00000000 ____D C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b
2015-10-18 18:15 - 2015-10-18 18:16 - 00000000 ____D C:\Users\Bulidza\AppData\Roaming\sweet-page
2015-10-18 18:15 - 2015-10-18 18:15 - 00070109 _____ C:\Users\Bulidza\Downloads\minecraft---pocket-edition-0.12.2.exe
2015-10-18 18:15 - 2015-10-18 18:15 - 00000000 ____D C:\Program Files (x86)\High Stairs
2015-10-18 18:14 - 2015-10-18 18:15 - 00934056 _____ (Installer ) C:\Users\Bulidza\Downloads\minecraft---pocket-edition-0.exe
2015-10-18 09:39 - 2015-10-24 07:43 - 00000000 ____D C:\Users\Bulidza\AppData\LocalLow\uTorrent
2015-10-17 05:36 - 2015-10-17 05:36 - 03996360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-10-16 12:57 - 2015-10-16 17:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-25 09:08 - 2015-09-25 09:08 - 06678784 _____ (Piriform Ltd) C:\Users\Bulidza\Downloads\ccsetup510pro.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-24 16:27 - 2015-09-20 18:13 - 00000000 ____D C:\Users\Bulidza\AppData\Roaming\uTorrent
2015-10-24 16:15 - 2015-04-07 12:04 - 00000000 ____D C:\Users\Bulidza\AppData\Roaming\Skype
2015-10-24 15:56 - 2015-04-11 01:32 - 00920257 _____ C:\Windows\WindowsUpdate.log
2015-10-24 15:52 - 2015-04-12 18:32 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-24 15:36 - 2015-04-06 22:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-24 07:49 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-24 07:49 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-24 07:48 - 2009-07-14 07:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-24 07:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-20 15:46 - 2015-04-25 08:43 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-10-19 07:29 - 2015-04-07 12:32 - 00000000 ____D C:\Program Files\CCleaner
2015-10-19 05:16 - 2015-04-07 12:04 - 00000000 ____D C:\ProgramData\Skype
2015-10-19 05:15 - 2009-07-14 07:08 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-18 04:48 - 2015-04-06 22:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-17 05:36 - 2015-04-06 22:00 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 05:36 - 2015-04-06 22:00 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 05:36 - 2015-04-06 22:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 17:42 - 2015-04-06 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-14 15:53 - 2015-04-14 15:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-27 10:58 - 2015-09-20 18:19 - 00000000 ____D C:\Users\Bulidza\AppData\Local\PlutoTV
2015-09-27 10:58 - 2015-09-20 18:18 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2015-09-25 09:08 - 2015-04-07 12:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2015-04-06 21:06 - 2015-04-06 21:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Bulidza\AppData\Local\Temp\{0B86364C-E27B-42BD-B0FB-BCC62932F3A6}.dll
C:\Users\Bulidza\AppData\Local\Temp\{0E103866-F1E1-4C54-B386-C4A8BB0BE43F}.dll
C:\Users\Bulidza\AppData\Local\Temp\{13B1190C-9C62-4DE7-968C-A56FC06B1283}.dll
C:\Users\Bulidza\AppData\Local\Temp\{162F8FF9-D52F-4009-BF70-EB8E899C1BD0}.dll
C:\Users\Bulidza\AppData\Local\Temp\{3417E96D-BD15-437F-AD22-AB63EDB42BB5}.dll
C:\Users\Bulidza\AppData\Local\Temp\{43645158-D532-4689-8AC3-4D264B8EB007}.dll
C:\Users\Bulidza\AppData\Local\Temp\{461C46AE-697B-453A-954F-F83CACE4DD66}.dll
C:\Users\Bulidza\AppData\Local\Temp\{4EF68235-EEBE-42B1-9F40-022D3D93CF49}.dll
C:\Users\Bulidza\AppData\Local\Temp\{5648B5E9-36AC-4452-88EC-403F0387DD56}.dll
C:\Users\Bulidza\AppData\Local\Temp\{58DDC3FE-9D32-40EA-A0B5-261A56CECAB2}.dll
C:\Users\Bulidza\AppData\Local\Temp\{5EB32E07-E374-4C97-AF4D-E0793931991D}.dll
C:\Users\Bulidza\AppData\Local\Temp\{667E140B-2E39-44D6-B057-FB7C0125A9D9}.dll
C:\Users\Bulidza\AppData\Local\Temp\{6AB9AC6F-3A9B-46CC-BA22-DE3A8AF4856A}.dll
C:\Users\Bulidza\AppData\Local\Temp\{8BB9F994-6566-4B26-99DE-890572AF1CD9}.dll
C:\Users\Bulidza\AppData\Local\Temp\{8BC1A8ED-2F16-4C7D-AB88-3CB07BBCC969}.dll
C:\Users\Bulidza\AppData\Local\Temp\{9BB7BD64-4723-4DB5-8C3C-FE8C40083B6A}.dll
C:\Users\Bulidza\AppData\Local\Temp\{A353A410-D9C1-448C-A0BF-59CC8E4795D1}.dll
C:\Users\Bulidza\AppData\Local\Temp\{A5E0B746-EE73-4050-A0AB-6F78350BE52A}.dll
C:\Users\Bulidza\AppData\Local\Temp\{B4ACA654-C3D3-4903-A63F-A1EFE88D9EC4}.dll
C:\Users\Bulidza\AppData\Local\Temp\{B753B547-67F0-4A38-AF6B-AFF1F9538B81}.dll
C:\Users\Bulidza\AppData\Local\Temp\{BF56C456-8C9A-4FB8-AF72-D85FBF673933}.dll
C:\Users\Bulidza\AppData\Local\Temp\{BF83391E-51F7-45EF-940A-60AA38070080}.dll
C:\Users\Bulidza\AppData\Local\Temp\{CFF580AC-B65E-4547-A3AA-52704B6E0DDC}.dll
C:\Users\Bulidza\AppData\Local\Temp\{ED1F6B79-4CB0-40DA-B196-99DCE2CA9ABD}.dll
C:\Users\Bulidza\AppData\Local\Temp\{F17026D6-8FC6-4CE4-BAC0-DF6DCCE5D4B7}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 07:04

==================== End of FRST.txt ============================
mycity.rs/must-login.png

mycity.rs/must-login.png
Molim vas ako ima neko da mi pomogne oko ovoga.
Unapred zahvalan

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Deinstaliraj sweet-page. Za sta ti tacno sluzi ovaj program Popcorn Time, ili ga ti nisi instalirao? Ako nisi, slobodno i njega deinstaliraj.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b
C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b
2015-10-24 14:57 - 2015-10-24 12:55 - 00508648 _____ () C:\Users\Bulidza\AppData\Local\Temp\{461C46AE-697B-453A-954F-F83CACE4DD66}.dll
2015-10-24 16:02 - 2015-10-24 16:02 - 00055528 _____ () C:\Users\Bulidza\AppData\Local\Temp\{9476DE0C-89B2-48DF-B5AB-00365E78CEC3}.xpi
C:\Program Files (x86)\RayDld
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-22] (Lavasoft Limited)
C:\Windows\SysWOW64\LavasoftTcpService.dll
C:\Windows\system32\LavasoftTcpService64.dll
cmd: netsh winsock reset
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
HKU\S-1-5-21-4166654727-837129639-749496253-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
HKU\S-1-5-21-4166654727-837129639-749496253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4166654727-837129639-749496253-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166654727-837129639-749496253-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1445184938&z=0ebd9b6c01790d3ceb6e565gez7z9weg8bcz5t9c1b&from=cor&uid=wdcxwd3200avjs-63b6a0_wd-wmat1584825248252&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166654727-837129639-749496253-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150922__yaie&p={searchTerms}
BHO-x32: High Stairs -> {45e60e41-85ee-4c01-9dac-1ecb9bf64179} -> C:\Program Files (x86)\High Stairs\Extensions\45e60e41-85ee-4c01-9dac-1ecb9bf64179.dll [2015-10-18] ()
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: sweet-page
C:\Program Files (x86)\High Stairs
FF SearchPlugin: C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318\searchplugins\sweet-page.xml [2015-10-18]
FF Extension: deskCut - C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318\Extensions\deskCutv2@gmail.com [2015-10-18] [not signed]
FF Extension: High Stairs - C:\Users\Bulidza\AppData\Roaming\Mozilla\Firefox\Profiles\bydr8j2d.default-1442938957318\Extensions\{f71803bf-05c3-4884-818c-fe39b4d1616f}.xpi [2015-10-18] [not signed]
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [270568 2015-10-12] ()
R2 Service Mgr HighStairs; C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugincontainer.exe [1045736 2015-10-24] ()
R2 Update Mgr HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [610024 2015-10-24] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-10-18 18:16 - 2015-10-18 18:16 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-10-18 18:15 - 2015-10-24 14:55 - 00000000 ____D C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b
2015-10-18 18:15 - 2015-10-18 18:16 - 00000000 ____D C:\Users\Bulidza\AppData\Roaming\sweet-page
2015-10-18 18:15 - 2015-10-18 18:15 - 00070109 _____ C:\Users\Bulidza\Downloads\minecraft---pocket-edition-0.12.2.exe
2015-10-18 18:15 - 2015-10-18 18:15 - 00000000 ____D C:\Program Files (x86)\High Stairs
2015-10-18 18:14 - 2015-10-18 18:15 - 00934056 _____ (Installer ) C:\Users\Bulidza\Downloads\minecraft---pocket-edition-0.exe
2015-04-06 21:06 - 2015-04-06 21:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Skeniranje sa AdwCleaner

Preuzmi AdwCleaner i sacuvaj ga na Desktop.

Pokreni alat i sacekaj da se izvrši ažuriranje.
Prihvati Terms of use tako što ceš kliknuti na I Agree.
Klikni Scan i sacekaj da se skeniranje završi.
Kada je gotovo, klikni Clean.
Pojavice se poruka da ce svi programi biti zaustavljeni nakon što klikneš OK, tako da ako imaš nešto da sacuvaš, sada je vreme da to uradiš.
Pojaviše se još dve poruke gde je potrebno kliknuti OK. Racunar ce se restartovati.
Nakon restarta, otvorice se izveštaj, ciji sadržaj možeš kopirati u sledecu poruku.

Napomena: Izveštaji ce biti sacuvani na tvoju sistemsku particiju, obicno je to folder C:\AdwCleaner

offline
  • Pridružio: 24 Okt 2015
  • Poruke: 15

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlično, sada još preostaje Adwcleaner.

offline
  • Pridružio: 24 Okt 2015
  • Poruke: 15

Popcorn je odlican program za gledanje filmova sa prevodom
Jos uvek sestranice otvaraju same
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da li avast i dalje daje upozorenja?

Gde se to desava, u svim pretrazivacima, ili samo u pojedinim?


Pokreni FRST, obelezi Addition.txt, skeniraj i dostavi oba izvestaja.

offline
  • Pridružio: 24 Okt 2015
  • Poruke: 15

Uprincipu sto se tice interneta nije se nista bitno dogodilo, i dalje se same otvaraju nove stranice i reklame i avast upozorenja, ali se brzina i rad kompa bitno pobaoljsala
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Gde se otvaraju stranice, nisi mi odgovorio?

offline
  • Pridružio: 24 Okt 2015
  • Poruke: 15

Prvo se otvori ispod glavne srtane nova I na njenom dnu de otvaraju reklame. a zatim I na glavnoj strain na kijoj je mycity , ona nestane I orvori se sasvim nesto drugo, kada je zatvorim ispod nje bude jos 3-4 stranice nekih gluposti

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

U kojem se pretraživaču to dešava?

Ko je trenutno na forumu
 

Ukupno su 696 korisnika na forumu :: 21 registrovanih, 2 sakrivenih i 673 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, alkatraz080, celik, darkangel, dijica, Dorcolac, dragon986, Drug pukovnik, goxin, HrcAk47, janezek67, Konda, miljannis, Mlav, Najax, nebkv, pein, Singidunumac, Smd, stegonosa, zillbg