Poslao: 23 Okt 2016 12:40
|
offline
- Pridružio: 07 Dec 2014
- Poruke: 47
|
Godinama sam koristio AVG i gotovo da nisam imao nikakvih problema sa virusima, ali od pre mesec dana vise nisam mogao da intaliram nijednu verziju AVG-a posto u toku instacije prijavi mi neku gresku.
Zbog toga sam morao da instaliram avast i odmah sam primetio da ima dosta slabiju zastitu na internetu posto mi iskacu pop-op reklame gde nisu godinama izlazile (iako imam i adblock) .
Danas sam skenirao racunar sa malwarebyres i nasao je preko 2000 zarazenih fajlova.Doduse nisu virusi nego potencijalno nepozeljni programi (locirani negde u c- local settings).
Stavljeno je to sve u karantin, pa da proverim da li sve izbrisano ili ne.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by Djole (administrator) on COMPUTER_0313 (23-10-2016 13:35:18)
Running from D:\Programi\CC Cleaner pro 7
Loaded Profiles: Djole (Available Profiles: Djole)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(BitTorrent Inc.) D:\Programi\utorrent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared Files\brs.exe [91432 2007-11-16] (cyberlink)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [72736 2007-10-28] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2007-12-20] (Vimicro Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe [90112 2008-11-13] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\iSkysoft\iTube Studio\DelayPluginI.exe
HKLM\...\Run: [MFARestart] => "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2011-04-20] (ATI Technologies Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [MaxRecentDocs] 11
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-29] (AVAST Software)
Startup: C:\Documents and Settings\Djole\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-09-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{8F6D3387-25D9-4FF1-B525-3F952A763298}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: iSkysoft iTube Studio 4.2.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\iSkysoft\ITUBES~1\WSBROW~1.DLL => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-24] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-24] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File
FireFox:
========
FF DefaultProfile: 84v2c95l.default-1409015363875
FF ProfilePath: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\naweriweentcofise\Profiles\84v2c95l.default-1409015363875\Profiles\84v2c95l.default-1409015363875 [not found]
FF ProfilePath: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875 [2016-10-23]
FF Session Restore: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875 -> is enabled.
FF Extension: (MEGA) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\firefox@mega.co.nz.xpi [2016-09-22]
FF Extension: (YouTube ALL HTML5) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2016-02-04]
FF Extension: (Video AdBlock for Firefox) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92}(2) [2015-12-20] [not signed]
FF Extension: (Modify Headers) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27]
FF Extension: (Video DownloadHelper) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-17]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: (DownThemAll!) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-02]
FF SearchPlugin: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\searchplugins\youtube-video-search.xml [2014-08-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-22] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-22]
FF HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: (TS Magic Player) - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2013-11-13] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-29] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2010-10-15] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-24] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Documents and Settings\Djole\Application Data\ACEStream\player\npace_plugin.dll [2014-04-10] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-18] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> chrome://apps/
CHR StartupUrls: Default -> "hxxp://google.rs/"
CHR NewTab: Default -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-23]
CHR Extension: (Google Docs) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-10-01]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-23]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-29]
CHR Extension: (New Tab Redirect) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2016-01-11]
CHR Extension: (Magic Player) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2014-04-29] [UpdateUrl: hxxp://magicplayer.torrentstream.org/update/chrome_new/magicplayer.xml] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\chrome_new\magicplayer.crx [2013-10-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-08] (SUPERAntiSpyware.com)
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-09-29] (AVAST Software)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-09-11] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-29] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-29] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-29] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2016-09-29] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [295840 2016-09-29] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-09-29] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-29] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-29] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-09-29] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-09-29] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-09-29] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-11-17] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [252928 2010-01-12] (Vimicro Corporation)
R3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [41456 2007-11-03] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-23 12:27 - 2016-10-23 12:27 - 00000000 ____D C:\Documents and Settings\Djole\Start Menu\Programs\CyberLink PowerDVD
2016-10-22 23:25 - 2016-09-29 18:21 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-10-02 19:52 - 2016-10-02 19:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-29 19:42 - 2016-10-23 11:43 - 00000556 _____ C:\WINDOWS\Tasks\Pucogestaceried Client.job
2016-09-29 19:41 - 2016-09-29 19:41 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\Velers
2016-09-29 18:27 - 2016-10-23 12:27 - 00000476 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1475166425.job
2016-09-29 18:27 - 2016-09-29 18:27 - 00000756 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-29 18:27 - 2016-09-29 18:27 - 00000756 _____ C:\Documents and Settings\All Users\Desktop\Avast SafeZone Browser.lnk
2016-09-29 18:22 - 2016-09-29 18:21 - 00921280 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2016-09-29 18:21 - 2016-09-29 18:21 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-09-29 18:11 - 2016-10-22 23:26 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2016-09-29 18:11 - 2016-09-29 18:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2016-09-29 18:11 - 2016-09-29 18:11 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\AVAST Software
2016-09-29 18:11 - 2016-09-29 18:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2016-09-29 18:11 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2016-09-29 18:10 - 2016-10-23 12:26 - 00000316 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-09-29 18:10 - 2016-10-13 11:31 - 00224752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-09-29 18:10 - 2016-09-29 18:23 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-09-29 18:10 - 2016-09-29 18:23 - 00433768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-09-29 18:10 - 2016-09-29 18:22 - 00184592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2016-09-29 18:10 - 2016-09-29 18:22 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-09-29 18:10 - 2016-09-29 18:22 - 00066688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2016-09-29 18:10 - 2016-09-29 18:22 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2016-09-29 18:10 - 2016-09-29 18:22 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-09-29 18:10 - 2016-09-29 18:22 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-09-29 18:10 - 2016-09-29 18:21 - 00295840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2016-09-29 18:10 - 2016-09-29 18:21 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-09-29 18:10 - 2016-09-29 18:10 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2016-09-29 18:10 - 2016-09-29 18:10 - 00000000 ____D C:\Program Files\AVAST Software
2016-09-29 18:08 - 2016-09-29 18:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-09-29 17:43 - 2016-09-29 17:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-09-29 17:43 - 2016-09-29 17:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-09-29 17:43 - 2016-09-29 17:43 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\MFAData
2016-09-29 17:43 - 2016-09-29 17:43 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\AvgSetupLog
2016-09-29 17:43 - 2016-09-29 17:43 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\Avg2015
2016-09-29 17:43 - 2016-09-29 17:43 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\AVG
2016-09-29 16:40 - 2016-09-29 17:41 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\AvgSetupLog(2)
2016-09-29 16:27 - 2016-09-29 17:43 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\MFAData(3)
2016-09-29 16:27 - 2016-09-29 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData(3)
2016-09-29 16:18 - 2016-09-29 17:43 - 00000000 ____D C:\AVG_Remover
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-23 13:35 - 2015-01-24 17:50 - 00000000 ____D C:\FRST
2016-10-23 13:35 - 2014-12-07 21:11 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\temp
2016-10-23 13:33 - 2013-03-21 21:04 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\uTorrent
2016-10-23 13:30 - 2015-09-01 12:19 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-23 13:11 - 2014-07-25 02:28 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-10-23 12:39 - 2013-09-20 18:34 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003UA.job
2016-10-23 12:27 - 2016-07-25 12:37 - 00000508 _____ C:\WINDOWS\Tasks\AVG-SSU_0816avi_DELETE.job
2016-10-23 12:27 - 2016-07-25 12:37 - 00000424 _____ C:\WINDOWS\Tasks\AVG-SSU_0816avi.job
2016-10-23 12:27 - 2016-04-25 14:07 - 00000508 _____ C:\WINDOWS\Tasks\AVG-SSU_0516avi_DELETE.job
2016-10-23 12:27 - 2016-04-25 14:07 - 00000424 _____ C:\WINDOWS\Tasks\AVG-SSU_0516avi.job
2016-10-23 12:27 - 2015-09-01 12:19 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-23 12:27 - 2013-03-20 19:14 - 03754952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-23 12:26 - 2013-03-20 18:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-23 12:25 - 2013-03-20 18:27 - 00136504 _____ C:\Documents and Settings\Djole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-10-23 12:24 - 2013-03-20 18:26 - 00031840 _____ C:\WINDOWS\SchedLgU.Txt
2016-10-23 12:22 - 2013-03-20 18:55 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-10-23 12:22 - 2013-03-20 18:26 - 00000178 ___SH C:\Documents and Settings\Djole\ntuser.ini
2016-10-23 12:22 - 2013-03-20 18:26 - 00000000 ____D C:\Documents and Settings\Djole
2016-10-23 00:37 - 2013-03-20 19:12 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\vlc
2016-10-22 23:32 - 2013-03-21 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-10-22 23:31 - 2013-03-20 18:47 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\Skype
2016-10-22 23:26 - 2013-03-20 19:11 - 00000000 ___HD C:\WINDOWS\inf
2016-10-22 23:24 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-10-22 23:23 - 2013-03-20 18:26 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-10-22 23:23 - 2013-03-20 18:25 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-10-22 23:23 - 2013-03-20 18:20 - 00000000 ____D C:\WINDOWS\Registration
2016-10-22 18:39 - 2013-09-20 18:34 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003Core.job
2016-10-21 00:07 - 2014-09-28 22:14 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents\New Folder
2016-10-16 21:52 - 2013-09-19 15:43 - 00703892 ___SH C:\Documents and Settings\Djole\My Documents\Thumbs.db
2016-10-16 16:27 - 2013-03-20 18:26 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents
2016-10-12 23:26 - 2013-06-25 02:54 - 00004096 _____ C:\WINDOWS\system32\crash
2016-10-03 11:06 - 2015-03-06 00:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-30 12:03 - 2014-12-07 20:57 - 00000000 ____D C:\WINDOWS\erdnt
2016-09-30 11:33 - 2014-07-25 13:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-30 11:33 - 2014-07-25 02:30 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-09-30 11:33 - 2013-03-20 19:21 - 00000000 ___RD C:\Documents and Settings\Djole\Desktop\Ostali programi i igrice
2016-09-30 11:16 - 2016-09-14 11:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg_Update_0916avi
2016-09-30 11:16 - 2016-06-08 14:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg_Update_0616avi
2016-09-29 23:26 - 2014-09-01 01:28 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\Adobe
2016-09-29 23:26 - 2013-03-21 15:26 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-29 23:26 - 2013-03-21 15:26 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-29 23:26 - 2013-03-20 18:21 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-29 18:26 - 2014-12-07 21:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-09-29 17:53 - 2013-03-20 19:25 - 00000000 ____D C:\Program Files\AVG
2016-09-29 16:44 - 2013-03-20 19:14 - 01093993 _____ C:\WINDOWS\setupapi.log.0.old
2016-09-29 16:19 - 2015-09-23 22:01 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\Avg
==================== Files in the root of some directories =======
2016-01-03 19:15 - 2016-01-03 19:50 - 0001456 _____ () C:\Documents and Settings\Djole\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2013-03-20 19:20 - 2013-07-14 00:42 - 0011264 _____ () C:\Documents and Settings\Djole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-04 16:05 - 2016-08-04 16:09 - 0000096 _____ () C:\Documents and Settings\Djole\Local Settings\Application Data\rbxcsettings.rbx
2015-11-24 16:51 - 2015-11-24 16:58 - 0001759 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
mycity.rs/must-login.png
|
|
|
|
Poslao: 23 Okt 2016 15:42
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Zdravo,
Postavi nam taj MBAM log da vidimo sta je detektovano.
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.
- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.
Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.
|
|
|
|
|
Poslao: 23 Okt 2016 15:56
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
|
|
|
|
|
Poslao: 23 Okt 2016 18:22
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: iSkysoft iTube Studio 4.2.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\iSkysoft\ITUBES~1\WSBROW~1.DLL => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File
FF ProfilePath: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\naweriweentcofise\Profiles\84v2c95l.default-1409015363875\Profiles\84v2c95l.default-1409015363875 [not found]
FF Extension: (Video AdBlock for Firefox) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92}(2) [2015-12-20] [not signed]
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Extension: (Magic Player) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2014-04-29] [UpdateUrl: hxxp://magicplayer.torrentstream.org/update/chrome_new/magicplayer.xml] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\chrome_new\magicplayer.crx [2013-10-10]
C:\Documents and Settings\Djole\Application Data\ACEStream
File: C:\Program Files\Berwopypleheght\prutas.exe
File: C:\Documents and Settings\Djole\Local Settings\Application Data\Reernght\25A.tmp
EmptyTemp:
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
|
|
|
|
Poslao: 23 Okt 2016 19:05
|
offline
- Pridružio: 07 Dec 2014
- Poruke: 47
|
==============================================
fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: iSkysoft iTube Studio 4.2.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\iSkysoft\ITUBES~1\WSBROW~1.DLL => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File
FF ProfilePath: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\naweriweentcofise\Profiles\84v2c95l.default-1409015363875\Profiles\84v2c95l.default-1409015363875 [not found]
FF Extension: (Video AdBlock for Firefox) - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92}(2) [2015-12-20] [not signed]
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Extension: (Magic Player) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2014-04-29] [UpdateUrl: hxxp://magicplayer.torrentstream.org/update/chrome_new/magicplayer.xml] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\chrome_new\magicplayer.crx [2013-10-10]
C:\Documents and Settings\Djole\Application Data\ACEStream
File: C:\Program Files\Berwopypleheght\prutas.exe
File: C:\Documents and Settings\Djole\Local Settings\Application Data\Reernght\25A.tmp
EmptyTemp:
*****************
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A6B6AD0-2735-498F-834C-AFCEA37847C2}" => key removed successfully.
"HKCR\CLSID\{1A6B6AD0-2735-498F-834C-AFCEA37847C2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKCR\PROTOCOLS\Handler\WSISAllmytubechrome" => key removed successfully.
C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\naweriweentcofise\Profiles\84v2c95l.default-1409015363875\Profiles\84v2c95l.default-1409015363875 => path removed successfully.
C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\naweriweentcofise\Profiles\84v2c95l.default-1409015363875\Profiles\84v2c95l.default-1409015363875 => path removed successfully.
C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92}(2) => moved successfully
"HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully.
C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio <==== ATTENTION => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Google\Chrome\Extensions\kpckgflgdapkpabemgkielbefdildaio => key not found.
C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\chrome_new\magicplayer.crx => moved successfully
C:\Documents and Settings\Djole\Application Data\ACEStream => moved successfully
========================= File: C:\Program Files\Berwopypleheght\prutas.exe ========================
"C:\Program Files\Berwopypleheght\prutas.exe" => not found.
====== End of File: ======
========================= File: C:\Documents and Settings\Djole\Local Settings\Application Data\Reernght\25A.tmp ========================
"C:\Documents and Settings\Djole\Local Settings\Application Data\Reernght\25A.tmp" => not found.
====== End of File: ======
=========== EmptyTemp: ==========
BITS transfer queue => 11429 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 12377691 B
Windows/system/dllcache/drivers => 84045069 B
Edge => 0 B
Chrome => 544733132 B
Firefox => 464516233 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default User => 16677 B
All Users => 0 B
systemprofile => 116802 B
LocalService => 11567 B
NetworkService => 628 B
Djole => 53681692 B
RecycleBin => 408618 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
Izgleda da mi je ovo izbrisalo svu firefox arhivu i bookmark-ove , mogu li to da povratim nekako ? I ovaj sajt sam jedva nasao bez bookmarka, i kad sam nasao jedva sam se setio sifre posto je i ona izgubljena.
==== End of Fixlog 19:53:52 ====
|
|
|
|
|
Poslao: 23 Okt 2016 20:46
|
offline
- Pridružio: 07 Dec 2014
- Poruke: 47
|
Probao, nece, t.j. ima samo od danasnjeg dana da se uradi restore.
Nebitno, seticu se valjda vecine stvari koje sam imao u history i bookmark-u.
Sta da radim dalje ili je to to ?
|
|
|
|
|