Poslao: 06 Apr 2018 19:56
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Koristim 32 bitni win7 i telekomov adsl. Neznam kako ali malvare se uselio u chrome. Svakih 5 min iskace po neki novi prozor, Pokusao sam sa anti virusom,adwcleanerom i mbam ali nisam nista uspeo.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by miroslav (administrator) on MIROSLAV-PC (06-04-2018 20:28:34)
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe
(Viber Media S.Ã r.l.) C:\Users\miroslav\AppData\Local\Viber\Viber.exe
(Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\miroslav\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(0V39NLVWO) C:\Program Files\K05IH26KWO\K05IH26KW.exe
(Free Time Co., Ltd.) C:\Program Files\FormatFactory\FormatFactory.exe
(Website) C:\Dapp\Dapp.exe
(Website) C:\Dapp\Dapp.exe
( ) C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp\40ahlk1wjmu.tmp
(Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(Mobo, Inc.) C:\Program Files\Mobo\Service\MoboDeviceService.exe
(Mobo) C:\Program Files\Mobo\Service\MoboDeviceProxy.exe
(Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\FormatFactory\FFModules\Encoder\ffmpeg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-15] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Run: [Speedycar] => C:\Program Files\Speedycar\Speedycar.exe [18136576 2018-01-02] ()
HKLM\...\Run: [chrome] => C:\Program Files\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [uTorrent] => C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe [2148024 2018-02-23] (BitTorrent Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Viber] => C:\Users\miroslav\AppData\Local\Viber\Viber.exe [36126280 2018-03-12] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Skype for Desktop] => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe [50097096 2018-03-16] (Skype Technologies S.A.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [BingSvc] => C:\Users\miroslav\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [G4TCEREEO9K8UGW] => C:\Program Files\K05IH26KWO\K05IH26KW.exe [666112 2018-04-06] (0V39NLVWO)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3833951] => C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe [805093 2018-04-06] ( )
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{A1DE0E0E-1595-4216-B22A-8F4F035F1AB3}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-14] (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7dpgcy0g.default-1516557775337
FF ProfilePath: C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 [2018-04-06]
FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js [2017-06-30]
FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled.
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi [2018-03-01]
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi [2018-02-28]
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi [2018-02-22]
FF Extension: (S3.Translator) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\s3google@translator.xpi [2018-01-21]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2018-01-21]
FF Extension: (__MSG_appName__) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-03-22]
FF Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-22]
FF Extension: (Adblock Plus) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-14] (Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-961669800-890686474-1414387024-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\miroslav\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default [2018-04-06]
CHR Extension: (Презентације) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14]
CHR Extension: (Документи) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14]
CHR Extension: (Google диск) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-02-14]
CHR Extension: (YouTube) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14]
CHR Extension: (Right Click Google Translator) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkdgglkocfpfmlpfmldpmebkceelhif [2018-03-27]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2018-02-14]
CHR Extension: (Adblock Plus) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-14]
CHR Extension: (Gmail ван мреже) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2018-02-14]
CHR Extension: (Табеле) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14]
CHR Extension: (Google документи офлајн) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-14]
CHR Extension: (Facebook video downloader - FB to MP4) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljbjelbfpgglpallgcjgppphheoiadfc [2018-03-04]
CHR Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-03-04]
CHR Extension: (Nemoze da se izbrise) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid [2018-02-14]
CHR Extension: (Onlive Clock) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2018-02-14]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-14]
CHR Extension: (Chrome Media Router) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-14]
CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06]
==================== Services (Whitelisted) ====================
===================== Drivers (Whitelisted) ======================
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-11-12 04:37 - 30826-11-12 04:37 - 000186368 ____N (Microsoft Corporation) C:\Users\miroslav\oEoJiFYyyoU.exe
2099-11-12 04:37 - 30826-11-12 04:37 - 000073216 ____N (Microsoft Corporation) C:\Users\miroslav\AppData\Roaming\LIwI.exe
2099-11-12 04:37 - 30826-11-12 04:37 - 000073216 ____N (Microsoft Corporation) C:\Users\miroslav\AppData\Local\ZpbyJv.exe
2018-04-06 20:28 - 2018-04-06 20:35 - 000016586 _____ C:\Users\miroslav\Desktop\FRST.txt
2018-04-06 20:27 - 2018-04-06 20:28 - 000000000 ____D C:\FRST
2018-04-06 20:27 - 2018-04-06 20:27 - 001764352 _____ (Farbar) C:\Users\miroslav\Desktop\FRST.exe
2018-04-06 19:23 - 2018-04-06 19:23 - 001400690 _____ C:\Users\miroslav\Desktop\video-1523008031.mp4
2018-04-06 18:55 - 2018-04-06 18:55 - 000000000 ____D C:\Users\miroslav\AppData\LocalLow\MAL
2018-04-06 18:45 - 2018-04-06 18:52 - 000000000 ____D C:\AdwCleaner
2018-04-06 18:38 - 2018-01-25 08:50 - 008256080 _____ C:\Users\miroslav\Desktop\Gramblr.exe
2018-04-06 18:32 - 2018-04-06 18:32 - 000000000 ____D C:\Program Files\PandaViewer
2018-04-06 18:31 - 2018-04-06 18:31 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\3h20rycot4w
2018-04-06 18:31 - 2018-04-06 18:31 - 000000000 ____D C:\Program Files\K05IH26KWO
2018-04-06 17:31 - 2018-04-06 18:54 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1
2018-04-06 17:31 - 2018-04-06 18:32 - 000000000 ____D C:\Program Files\LaCie Private Public
2018-04-06 17:31 - 2018-04-06 18:32 - 000000000 ____D C:\Dapp
2018-04-06 17:31 - 2018-04-06 17:31 - 000000000 ____D C:\Disk
2018-04-06 17:30 - 2018-04-06 17:30 - 000000000 ____D C:\Program Files\Speedycar
2018-04-06 17:28 - 2018-04-06 17:34 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\1337
2018-04-06 17:27 - 2018-04-06 18:54 - 000000000 ____D C:\Program Files\frgtrh
2018-04-06 17:27 - 2018-04-06 17:27 - 000000003 _____ C:\Users\miroslav\AppData\Local\wbem.ini
2018-04-02 20:15 - 2018-04-02 20:15 - 000006259 _____ C:\Users\miroslav\Desktop\Facebook-video-Downloader.php
2018-04-02 18:59 - 2018-04-02 23:24 - 000000000 ____D C:\Users\miroslav\AppData\Local\My Family Tree
2018-04-02 18:59 - 2018-04-02 18:59 - 000000000 ____D C:\Users\miroslav\AppData\Local\Chronoplex_Software
2018-03-31 11:52 - 2018-03-31 11:58 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\Tinuous
2018-03-31 11:49 - 2018-03-31 11:51 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\VarieDrop
2018-03-24 11:37 - 2018-03-24 11:38 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2018-03-18 20:18 - 2018-03-18 20:18 - 000001406 _____ C:\Users\miroslav\Desktop\KodiPortable - Shortcut.lnk
2018-03-18 11:00 - 2018-02-13 20:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-18 11:00 - 2018-02-13 20:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-18 11:00 - 2018-02-13 16:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-18 11:00 - 2018-02-13 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-18 11:00 - 2018-02-13 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-18 11:00 - 2018-02-13 16:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-18 11:00 - 2018-02-13 16:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-18 11:00 - 2018-02-13 16:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-18 11:00 - 2018-02-13 16:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-18 11:00 - 2018-02-13 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-15 09:48 - 2018-03-15 09:49 - 000000000 ____D C:\Users\miroslav\AppData\Local\Viber
2018-03-13 21:24 - 2018-03-13 21:24 - 006210560 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2018-03-09 14:26 - 2018-03-09 14:26 - 000000841 _____ C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-06 20:35 - 2017-01-02 11:19 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\uTorrent
2018-04-06 20:12 - 2016-10-09 14:31 - 000000000 ___RD C:\Users\miroslav\Desktop\video
2018-04-06 19:08 - 2009-07-14 06:34 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-06 19:08 - 2009-07-14 06:34 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-06 18:56 - 2016-12-28 14:46 - 000000000 ____D C:\ProgramData\MCShield
2018-04-06 18:55 - 2018-02-23 11:16 - 000000000 ____D C:\Users\miroslav\AppData\LocalLow\uTorrent
2018-04-06 18:54 - 2016-12-28 12:24 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-06 18:54 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-06 18:40 - 2017-01-07 19:06 - 000000000 ____D C:\Users\miroslav\Documents\ViberDownloads
2018-04-06 17:29 - 2017-04-21 14:27 - 000000000 ____D C:\ProgramData\TEMP
2018-04-06 17:29 - 2016-12-28 12:10 - 000000000 ____D C:\Program Files\Google
2018-04-06 17:27 - 2016-12-28 11:51 - 000000000 ____D C:\Users\miroslav
2018-04-05 19:05 - 2018-02-05 19:54 - 000001181 _____ C:\Users\miroslav\AppData\Roaming\downloads.json
2018-04-04 18:04 - 2018-02-10 20:13 - 000000000 ____D C:\Users\miroslav\AppData\Local\Paint.NET
2018-04-03 18:06 - 2016-12-28 11:55 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-03 18:06 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-04-01 22:09 - 2016-12-28 13:43 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\AIMP
2018-03-31 16:46 - 2018-02-19 12:35 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\Kodi
2018-03-28 10:28 - 2009-07-14 06:53 - 000032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-24 13:13 - 2016-12-28 12:18 - 000000000 ____D C:\Users\miroslav\Desktop\Precice
2018-03-24 11:37 - 2017-01-02 18:57 - 000000000 ____D C:\Program Files\FormatFactory
2018-03-22 20:52 - 2016-12-28 16:51 - 000000000 ____D C:\Users\miroslav\AppData\LocalLow\Mozilla
2018-03-22 09:32 - 2017-12-08 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-03-22 01:58 - 2017-09-25 18:54 - 000002736 _____ C:\Users\miroslav\Desktop\Linkovi.txt
2018-03-21 07:25 - 2017-01-07 19:06 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\ViberPC
2018-03-20 02:34 - 2016-12-30 09:13 - 000000000 ____D C:\Windows\system32\MRT
2018-03-20 02:29 - 2017-10-11 23:25 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-20 02:29 - 2016-12-30 09:13 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-19 13:29 - 2017-01-22 10:40 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-13 21:24 - 2017-02-24 15:34 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-13 21:24 - 2017-02-24 15:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-13 21:24 - 2017-02-24 15:34 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-13 17:13 - 2017-05-06 14:59 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\vlc
2018-03-07 19:06 - 2018-02-10 17:30 - 000000000 ____D C:\Users\miroslav\Desktop\GIFcam
==================== Files in the root of some directories =======
30826-11-12 04:37 - 30826-11-12 04:37 - 000186368 ____N (Microsoft Corporation) C:\Users\miroslav\oEoJiFYyyoU.exe
2018-02-05 19:54 - 2018-04-05 19:05 - 000001181 _____ () C:\Users\miroslav\AppData\Roaming\downloads.json
30826-11-12 04:37 - 30826-11-12 04:37 - 000073216 ____N (Microsoft Corporation) C:\Users\miroslav\AppData\Roaming\LIwI.exe
2017-12-13 19:27 - 2018-02-13 21:16 - 000009216 _____ () C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-06 17:27 - 2018-04-06 17:27 - 000000003 _____ () C:\Users\miroslav\AppData\Local\wbem.ini
30826-11-12 04:37 - 30826-11-12 04:37 - 000073216 ____N (Microsoft Corporation) C:\Users\miroslav\AppData\Local\ZpbyJv.exe
Some files in TEMP:
====================
2018-04-06 18:31 - 2018-04-06 18:31 - 001537176 _____ (BANANA SUMMER LIMITED) C:\Users\miroslav\AppData\Local\Temp\1523032294V0Rtmp.exe
2018-03-11 21:02 - 2018-03-11 21:02 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\miroslav\AppData\Local\Temp\BSvcProcessor.exe
2018-03-11 21:01 - 2018-03-11 21:02 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\miroslav\AppData\Local\Temp\BSvcUpdater.exe
2018-03-03 12:59 - 2018-03-03 12:59 - 007523680 _____ (GOM & Company) C:\Users\miroslav\AppData\Local\Temp\GrLauncherTempSetup.exe
2018-04-06 17:29 - 2018-04-06 17:29 - 013205167 _____ (MAL ) C:\Users\miroslav\AppData\Local\Temp\p0cmpc54cvt.exe
2018-04-06 17:26 - 2018-04-06 17:26 - 004100008 _____ (Initex ) C:\Users\miroslav\AppData\Local\Temp\ProxifierSetup.exe
2018-04-06 17:27 - 2018-04-06 17:27 - 000860523 _____ ( ) C:\Users\miroslav\AppData\Local\Temp\setup.exe
2018-04-06 17:32 - 2018-04-06 17:33 - 048475781 _____ (My Company, Inc. ) C:\Users\miroslav\AppData\Local\Temp\setuplb.exe
2018-02-14 12:13 - 2018-02-14 12:13 - 030950664 _____ () C:\Users\miroslav\AppData\Local\Temp\vlc-2.2.6-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-29 10:23
==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 07 Apr 2018 08:07
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.
HKLM\...\Run: [chrome] => C:\Program Files\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [G4TCEREEO9K8UGW] => C:\Program Files\K05IH26KWO\K05IH26KW.exe [666112 2018-04-06] (0V39NLVWO)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3833951] => C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe [805093 2018-04-06] ( )
FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js [2017-06-30]
FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled.
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi [2018-03-01]
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi [2018-02-28]
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi [2018-02-22]
CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06]
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\ChromeHTML: -> <==== ATTENTION
Task: {DBA9D38F-5B29-4D29-B6B6-64D7ACB95197} - System32\Tasks\Dapp => C:\Dapp\Dapp.exe [2018-04-05] (Website)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:BD34FFC5 [286]
C:\Users\miroslav\AppData\Local\ZpbyJv.exe
C:\Users\miroslav\oEoJiFYyyoU.exe
C:\Users\miroslav\AppData\Roaming\LIwI.exe
C:\Program Files\K05IH26KWO
C:\Dapp
C:\Users\miroslav\AppData\Roaming\3h20rycot4w
C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp
C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1
C:\Program Files\LaCie Private Public
C:\Dapp
C:\Disk
C:\Program Files\Speedycar
C:\Program Files\frgtrh
C:\Users\miroslav\AppData\Roaming\downloads.json
C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\miroslav\AppData\Local\wbem.ini
U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).
|
|
|
|
Poslao: 07 Apr 2018 10:06
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Napisano: 07 Apr 2018 10:49
Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by miroslav (07-04-2018 10:35:02) Run:1
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\...\Run: [chrome] => C:\Program Files\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [G4TCEREEO9K8UGW] => C:\Program Files\K05IH26KWO\K05IH26KW.exe [666112 2018-04-06] (0V39NLVWO)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3833951] => C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe [805093 2018-04-06] ( )
FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js [2017-06-30]
FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled.
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi [2018-03-01]
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi [2018-02-28]
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi [2018-02-22]
CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06]
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\ChromeHTML: -> <==== ATTENTION
Task: {DBA9D38F-5B29-4D29-B6B6-64D7ACB95197} - System32\Tasks\Dapp => C:\Dapp\Dapp.exe [2018-04-05] (Website)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:BD34FFC5 [286]
C:\Users\miroslav\AppData\Local\ZpbyJv.exe
C:\Users\miroslav\oEoJiFYyyoU.exe
C:\Users\miroslav\AppData\Roaming\LIwI.exe
C:\Program Files\K05IH26KWO
C:\Dapp
C:\Users\miroslav\AppData\Roaming\3h20rycot4w
C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp
C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1
C:\Program Files\LaCie Private Public
C:\Dapp
C:\Disk
C:\Program Files\Speedycar
C:\Program Files\frgtrh
C:\Users\miroslav\AppData\Roaming\downloads.json
C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\miroslav\AppData\Local\wbem.ini
*****************
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\chrome" => removed successfully.
"HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\G4TCEREEO9K8UGW" => removed successfully.
"HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3833951" => removed successfully.
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js => moved successfully
"Firefox Session Restore" => removed successfully.
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi => moved successfully
Dopuna: 07 Apr 2018 11:06
Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by miroslav (07-04-2018 10:35:02) Run:1
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\...\Run: [chrome] => C:\Program Files\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [G4TCEREEO9K8UGW] => C:\Program Files\K05IH26KWO\K05IH26KW.exe [666112 2018-04-06] (0V39NLVWO)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3833951] => C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe [805093 2018-04-06] ( )
FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js [2017-06-30]
FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled.
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi [2018-03-01]
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi [2018-02-28]
FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi [2018-02-22]
CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06]
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\ChromeHTML: -> <==== ATTENTION
Task: {DBA9D38F-5B29-4D29-B6B6-64D7ACB95197} - System32\Tasks\Dapp => C:\Dapp\Dapp.exe [2018-04-05] (Website)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:BD34FFC5 [286]
C:\Users\miroslav\AppData\Local\ZpbyJv.exe
C:\Users\miroslav\oEoJiFYyyoU.exe
C:\Users\miroslav\AppData\Roaming\LIwI.exe
C:\Program Files\K05IH26KWO
C:\Dapp
C:\Users\miroslav\AppData\Roaming\3h20rycot4w
C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp
C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1
C:\Program Files\LaCie Private Public
C:\Dapp
C:\Disk
C:\Program Files\Speedycar
C:\Program Files\frgtrh
C:\Users\miroslav\AppData\Roaming\downloads.json
C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\miroslav\AppData\Local\wbem.ini
*****************
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\chrome" => removed successfully.
"HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\G4TCEREEO9K8UGW" => removed successfully.
"HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3833951" => removed successfully.
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js => moved successfully
"Firefox Session Restore" => removed successfully.
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi => moved successfully
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi => moved successfully
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi => moved successfully
CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06] => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-961669800-890686474-1414387024-1001_Classes\ChromeHTML" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBA9D38F-5B29-4D29-B6B6-64D7ACB95197}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBA9D38F-5B29-4D29-B6B6-64D7ACB95197} => not found
"C:\Windows\System32\Tasks\Dapp" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dapp => not found
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":BD34FFC5" ADS removed successfully.
C:\Users\miroslav\AppData\Local\ZpbyJv.exe => moved successfully
C:\Users\miroslav\oEoJiFYyyoU.exe => moved successfully
C:\Users\miroslav\AppData\Roaming\LIwI.exe => moved successfully
C:\Program Files\K05IH26KWO => moved successfully
C:\Dapp => moved successfully
"C:\Users\miroslav\AppData\Roaming\3h20rycot4w" folder move:
Could not move "C:\Users\miroslav\AppData\Roaming\3h20rycot4w" => Scheduled to move on reboot.
"C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp" => not found
C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1 => moved successfully
"C:\Program Files\LaCie Private Public" => not found
"C:\Dapp" => not found
"C:\Disk" => not found
"C:\Program Files\Speedycar" => not found
C:\Program Files\frgtrh => moved successfully
C:\Users\miroslav\AppData\Roaming\downloads.json => moved successfully
C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\miroslav\AppData\Local\wbem.ini => moved successfully
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-04-2018 11:04:16)
C:\Users\miroslav\AppData\Roaming\3h20rycot4w => is moved successfully
==== End of Fixlog 11:04:16 ====
|
|
|
|
Poslao: 07 Apr 2018 12:58
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data.
Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš. Sačuvane lozinke će biti obrisane.
Kada ga deinstaliraš, skini ga sa Google sajta, https://www.google.com/chrome/browser/ i instaliraj opet.
|
|
|
|
Poslao: 07 Apr 2018 18:07
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Uradjeno sada radi bez problema
|
|
|
|
|
Poslao: 08 Apr 2018 11:12
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Poslati su svi fajlovi
|
|
|
|
Poslao: 08 Apr 2018 15:41
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish
Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.
• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.
Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.
Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.
• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.
|
|
|
|
|
Poslao: 09 Apr 2018 11:50
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Kakvo je sad stanje sistema?
|
|
|
|