Pretrazivaci puni reklama ,usporen rad racunra.

Pretrazivaci puni reklama ,usporen rad racunra.

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Koji god da pokrenem pretrazivac pojavljuju mi se reklame,usporeno radi racunar.Skenirao sam sa Antivirusom,adclenerom ali i dalje stoje reklame.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015
Ran by SERVIS (administrator) on SERVIS-PC (08-08-2015 14:50:04)
Running from C:\Users\SERVIS\Desktop
Loaded Profiles: SERVIS (Available Profiles: SERVIS & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
() C:\Program Files (x86)\NRadioBox\NRadioBox\NRadioBox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(www.sopcast.com) C:\Program Files (x86)\SopCast\SopCast.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
Failed to access process -> opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1364307884-1388948938-3031870726-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2014-08-27] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2014-08-27] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2014-08-27] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2014-08-27] (Yandex)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1364307884-1388948938-3031870726-1000\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = websearch.hotsearches.info/?pid=23538&r.....p;unqvl=90
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1364307884-1388948938-3031870726-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-1364307884-1388948938-3031870726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = websearch.hotsearches.info/?pid=23538&r.....p;unqvl=90
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.hotsearches.info/?l=1&q={searchTerms}&pid=23538&r=2015/06/23&hid=17491087259206179278&lg=EN&cc=ME&unqvl=90
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MinimumPriccE -> {0e26cf9b-e358-45d5-ae3e-c8088759b02d} -> C:\Program Files (x86)\MinimumPriccE\XVR1EsA6T6Gt5H.x64.dll [2015-04-23] ()
BHO: bestadblocker -> {1fb0f968-4830-4b41-a2f1-33eb2085b70a} -> C:\Program Files (x86)\bestadblocker\qby1dtQsxMXheH.x64.dll No File
BHO: AlllCHeeapPRice -> {291daa0d-a905-4f5e-88dd-95bb0f65301a} -> C:\Program Files (x86)\AlllCHeeapPRice\YilmYhAay7E9SD.x64.dll [2015-05-13] ()
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-26] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-16] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: CheeapMe -> {93F9FFFB-9D33-40D5-AD95-19E70F8A75C2} -> No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-24] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: SalePlus -> {b324f043-7dc3-43cf-8a04-e3d8ac942b12} -> C:\Program Files (x86)\SalePlus\npHsAxDd8ylWqN.x64.dll [2015-04-16] ()
BHO: GreateSavoe4uU -> {d0e9c7f5-61b9-4da9-a068-5e0ae1f87d3f} -> C:\Program Files (x86)\GreateSavoe4uU\3ZgzQ5uc4rUp9C.x64.dll [2015-04-23] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-16] (Oracle Corporation)
BHO: RoboaSSaver -> {ddec69ab-087a-473e-91bf-d4f56ae341a7} -> C:\Program Files (x86)\RoboaSSaver\uUv0wvPKukQpta.x64.dll [2015-05-13] ()
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-24] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {1fb0f968-4830-4b41-a2f1-33eb2085b70a} -> No File
BHO-x32: No Name -> {291daa0d-a905-4f5e-88dd-95bb0f65301a} -> No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {93F9FFFB-9D33-40D5-AD95-19E70F8A75C2} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: No Name -> {b324f043-7dc3-43cf-8a04-e3d8ac942b12} -> No File
BHO-x32: No Name -> {ddec69ab-087a-473e-91bf-d4f56ae341a7} -> No File
Toolbar: HKU\S-1-5-21-1364307884-1388948938-3031870726-1000 -> No Name - {53504356-3700-A76A-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.219
Tcpip\..\Interfaces\{3715980D-2E97-43E3-BF33-4521E72CEC51}: [DhcpNameServer] 192.168.100.219

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-16] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1364307884-1388948938-3031870726-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SERVIS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-19] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-20]

Chrome:
=======
CHR Profile: C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-24]
CHR Extension: (Google Drive) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (Kaspersky Protection) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-04-18]
CHR Extension: (YouTube) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-05]
CHR Extension: (Google Sheets) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-24]
CHR Extension: (Skype Click to Call) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-26]
CHR Extension: (Gmail) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
CHR Profile: C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-14]
CHR Extension: (Google Docs) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14]
CHR Extension: (Google Drive) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-14]
CHR Extension: (Kaspersky Protection) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-07-14]
CHR Extension: (YouTube) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-14]
CHR Extension: (Google Search) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-14]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-07-14]
CHR Extension: (Google Sheets) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-14]
CHR Extension: (AdBlock) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-14]
CHR Extension: (Gmail) - C:\Users\SERVIS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

Opera:
=======
OPR Extension: (adblockforopera) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2015-07-08]
OPR Extension: (HQ-V1.4) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclfgoiloocdgalcloalohidgnfcbpin [2014-06-21]
OPR Extension: (SavePass) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhamjeenndcnlegpcihoonbhpjcehglk [2014-06-21]
OPR Extension: (Adblock Plus) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-07-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-11-26] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
S3 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 6e95159f; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\IncrementFoobar\IncrementFoobar.dll",serv

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-10] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-26] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-11-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-24] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-24] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65648 2011-12-08] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2011-09-19] (Scott)
U3 Winsock; no ImagePath
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 14:50 - 2015-08-08 14:50 - 00025205 _____ C:\Users\SERVIS\Desktop\FRST.txt
2015-08-08 14:48 - 2015-08-08 14:50 - 00000000 ____D C:\FRST
2015-08-08 14:47 - 2015-08-08 14:47 - 02169856 _____ (Farbar) C:\Users\SERVIS\Desktop\FRST64.exe
2015-08-07 13:00 - 2015-08-08 09:00 - 00000964 _____ C:\Windows\setupact.log
2015-08-07 13:00 - 2015-08-07 13:00 - 00000000 _____ C:\Windows\setuperr.log
2015-08-07 09:26 - 2015-08-08 14:34 - 00000000 ____D C:\Users\SERVIS\Desktop\MU
2015-07-30 10:16 - 2015-07-30 10:16 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 14:08 - 2015-07-29 14:08 - 00992256 _____ C:\Users\SERVIS\Downloads\fak,732-2015.xls
2015-07-24 10:44 - 2015-07-24 10:45 - 00000000 ____D C:\Users\SERVIS\Desktop\Muzikaaa
2015-07-14 11:58 - 2015-08-08 14:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 11:58 - 2015-08-08 12:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 11:58 - 2015-07-14 11:58 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 11:58 - 2015-07-14 11:58 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-10 16:04 - 2015-07-10 16:04 - 01187520 _____ (Adobe Systems Incorporated) C:\Users\SERVIS\Desktop\flashplayer18pp_fa_install.exe
2015-07-10 10:25 - 2015-07-10 10:25 - 04806412 _____ C:\Users\SERVIS\NLP v4.0.2(2).rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 14:25 - 2015-07-08 13:49 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-08 14:01 - 2014-04-16 11:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-08 13:21 - 2013-04-10 10:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-08 12:40 - 2012-12-11 13:31 - 00000000 ____D C:\ProgramData\MCShield
2015-08-08 11:41 - 2009-07-14 07:13 - 00782986 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-08 10:02 - 2015-06-23 16:02 - 00000346 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2015-08-08 09:43 - 2012-12-11 21:17 - 01122204 _____ C:\Windows\WindowsUpdate.log
2015-08-08 09:07 - 2009-07-14 06:45 - 00014016 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-08 09:07 - 2009-07-14 06:45 - 00014016 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-08 09:01 - 2015-05-15 13:42 - 00000024 _____ C:\Users\SERVIS\AppData\Roaming\appdataFr25.bin
2015-08-08 08:59 - 2014-04-17 09:16 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-08 08:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-07 10:25 - 2013-03-01 12:10 - 00000000 ____D C:\Users\SERVIS\AppData\Roaming\Media Player Classic
2015-08-07 10:25 - 2012-12-12 10:19 - 00000000 ____D C:\Users\SERVIS\AppData\Roaming\uTorrent
2015-08-07 10:25 - 2012-12-11 12:37 - 00000000 ____D C:\Users\SERVIS\AppData\Roaming\Winamp
2015-08-07 10:24 - 2014-05-05 12:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-07 09:54 - 2015-06-04 13:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 09:53 - 2015-04-28 10:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-07 09:08 - 2014-09-09 10:25 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1383915637
2015-08-07 09:08 - 2012-12-11 12:40 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-06 09:05 - 2013-08-23 16:52 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-04 09:01 - 2014-11-26 12:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-27 09:01 - 2013-05-22 16:10 - 00000000 ____D C:\Users\SERVIS\AppData\Roaming\Dropbox
2015-07-25 15:52 - 2015-07-02 12:41 - 00000000 ____D C:\Users\SERVIS\AppData\Local\Dropbox
2015-07-25 15:42 - 2012-12-11 12:23 - 00000000 ____D C:\Users\SERVIS
2015-07-24 12:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-17 16:01 - 2014-03-15 10:07 - 00000646 __RSH C:\ProgramData\ntuser.pol
2015-07-17 09:17 - 2013-02-21 10:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-17 09:15 - 2014-12-24 09:59 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 14:52 - 2013-05-22 16:12 - 00000000 __RHD C:\Users\SERVIS\Dropbox
2015-07-15 13:01 - 2015-07-08 13:49 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-07-15 13:01 - 2014-04-16 11:52 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 13:01 - 2014-04-16 11:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 13:01 - 2014-04-16 11:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 11:44 - 2014-12-16 10:03 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-10 16:04 - 2014-06-28 10:10 - 00000000 ____D C:\Users\SERVIS\AppData\Local\Adobe
2015-07-09 09:02 - 2009-07-14 07:08 - 00007594 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-01-05 11:46 - 2015-03-06 16:21 - 0000132 _____ () C:\Users\SERVIS\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-05-15 13:42 - 2015-08-08 09:01 - 0000024 _____ () C:\Users\SERVIS\AppData\Roaming\appdataFr25.bin
2015-04-21 12:39 - 2015-05-13 16:17 - 0000020 _____ () C:\Users\SERVIS\AppData\Roaming\appdataFr3.bin
2014-11-10 12:42 - 2014-11-10 12:45 - 0000115 _____ () C:\Users\SERVIS\AppData\Roaming\LogFile.txt
2013-03-16 11:14 - 2013-03-16 11:14 - 0026900 _____ () C:\Users\SERVIS\AppData\Local\dt.dat
2014-04-18 15:35 - 2014-04-18 15:35 - 0000001 _____ () C:\Users\SERVIS\AppData\Local\llftool.4.40.agreement

Files to move or delete:
====================
C:\Users\SERVIS\SamsungLink_Installer64.exe


Some files in TEMP:
====================
C:\Users\SERVIS\AppData\Local\Temp\Quarantine.exe
C:\Users\SERVIS\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-03 09:35

==================== End of log ============================


mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 2

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

SoftwareAssist



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1364307884-1388948938-3031870726-1000\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hotsearches.info/?pid=23538&r.....p;unqvl=90
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1364307884-1388948938-3031870726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hotsearches.info/?pid=23538&r.....p;unqvl=90
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=23538&r=2015/06/23&hid=17491087259206179278&lg=EN&cc=ME&unqvl=90
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MinimumPriccE -> {0e26cf9b-e358-45d5-ae3e-c8088759b02d} -> C:\Program Files (x86)\MinimumPriccE\XVR1EsA6T6Gt5H.x64.dll [2015-04-23] ()
BHO: bestadblocker -> {1fb0f968-4830-4b41-a2f1-33eb2085b70a} -> C:\Program Files (x86)\bestadblocker\qby1dtQsxMXheH.x64.dll No File
BHO: AlllCHeeapPRice -> {291daa0d-a905-4f5e-88dd-95bb0f65301a} -> C:\Program Files (x86)\AlllCHeeapPRice\YilmYhAay7E9SD.x64.dll [2015-05-13] ()
BHO: CheeapMe -> {93F9FFFB-9D33-40D5-AD95-19E70F8A75C2} -> No File
BHO: SalePlus -> {b324f043-7dc3-43cf-8a04-e3d8ac942b12} -> C:\Program Files (x86)\SalePlus\npHsAxDd8ylWqN.x64.dll [2015-04-16] ()
BHO: GreateSavoe4uU -> {d0e9c7f5-61b9-4da9-a068-5e0ae1f87d3f} -> C:\Program Files (x86)\GreateSavoe4uU\3ZgzQ5uc4rUp9C.x64.dll [2015-04-23] ()
BHO: RoboaSSaver -> {ddec69ab-087a-473e-91bf-d4f56ae341a7} -> C:\Program Files (x86)\RoboaSSaver\uUv0wvPKukQpta.x64.dll [2015-05-13] ()
BHO-x32: No Name -> {1fb0f968-4830-4b41-a2f1-33eb2085b70a} -> No File
BHO-x32: No Name -> {291daa0d-a905-4f5e-88dd-95bb0f65301a} -> No File
BHO-x32: No Name -> {93F9FFFB-9D33-40D5-AD95-19E70F8A75C2} -> No File
BHO-x32: No Name -> {b324f043-7dc3-43cf-8a04-e3d8ac942b12} -> No File
BHO-x32: No Name -> {ddec69ab-087a-473e-91bf-d4f56ae341a7} -> No File
Toolbar: HKU\S-1-5-21-1364307884-1388948938-3031870726-1000 -> No Name - {53504356-3700-A76A-76A7-7A786E7484D7} - No File
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
OPR Extension: (HQ-V1.4) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclfgoiloocdgalcloalohidgnfcbpin [2014-06-21]
OPR Extension: (SavePass) - C:\Users\SERVIS\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhamjeenndcnlegpcihoonbhpjcehglk [2014-06-21]
S2 6e95159f; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\IncrementFoobar\IncrementFoobar.dll",serv
Task: {2FB2E45F-1AC7-4EB3-902E-43B991F21873} - System32\Tasks\AdvancedDriverUpdaterRunAtStartup => C:\Users\SERVIS\AppData\Local\Temp\RarSFX0\Advanced Driver Updater\adu.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{bb1d59b4-1765-f53f-bb1d-d59b417666d0}\setup installer.exe <==== ATTENTION
C:\Program Files (x86)\MinimumPriccE
C:\Program Files (x86)\bestadblocker
C:\Program Files (x86)\AlllCHeeapPRice
C:\Program Files (x86)\SalePlus
C:\Program Files (x86)\GreateSavoe4uU
C:\Program Files (x86)\RoboaSSaver
c:\Program Files (x86)\IncrementFoobar
c:\programdata\{bb1d59b4-1765-f53f-bb1d-d59b417666d0}\setup installer.exe

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]

EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Izvinjavam se ,nisam mogao prije da odgovorim.

Korak:1
Kada pokusam da izbrisem SoftwareAssist izbaci ovu gresku


Korak:2



mycity.rs/must-login.png

Korak:3
Na C nemam folder AdwCleaner .

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Imaju dva AdwCleaner.txt


mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php



Arrow Korak 2

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Napisano: 10 Avg 2015 11:59

Evo Quarantine ,a mbar-log cekam da zavrsi skeniranje
mycity.rs/must-login.png

Dopuna: 10 Avg 2015 12:10

Odradio sam upload Quarantina.

Dopuna: 10 Avg 2015 12:33

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.



Pozdrav.

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Hvala puno,zasd radi sve OK.Pozdrav

Ko je trenutno na forumu
 

Ukupno su 779 korisnika na forumu :: 34 registrovanih, 6 sakrivenih i 739 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Atomski čoban, Brankoni, darkangel, Drug pukovnik, ekser222, Gargantua, Georgius, HrcAk47, Igrutinovic, ivan1973, Jovan Nenad, kovinacc, ljuba, Markoni29, MB120mm, mercedesamg, mihajlot2013, Ministar65, Misha V, Miskohd, Mlav, Mugy, nemkea71, proka89, rodoljub, ruan, Steeeefan, Toni, VJ, vlvl, Vojkan Petrovic, vukdra, Zmaj001