Problem s razor web ads

1

Problem s razor web ads

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

Napisano: 31 Maj 2015 22:12

Pozdrav! Imam problem sa razor web ads. Kad u google tražilicu ukucam bilo što on se pojavi, otvara pop-upove itd.
Pokušao sam riješiti problem preko malwarebytes, ali bez uspjeha.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Administrator (administrator) on CZC1388KT4 on 31-05-2015 22:10:09
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Agfa & Dr Miljko & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agfa Healthcare) C:\Program Files\Agfa\GTIClient\AutoUpdateService\AutoUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Agfa Healthcare Inc.) C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Agfa HealthCare) C:\Program Files\Agfa\GTIClient\GTIConsole\GtiConsole.exe
(IObit) C:\Users\Administrator\Desktop\Advanced SystemCare 5\ASCTray.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Agfa\java\jre1.6.0.27\bin\javaw.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Agfa\java\jre1.6.0.27\bin\javaw.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\microsoft office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10143264 2010-04-01] (Realtek Semiconductor)
HKLM\...\Run: [GTIConsole] => C:\Program Files\Agfa\GTIClient\GTIConsole\GTIConsole.exe [172032 2011-10-31] (Agfa HealthCare)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2837864 2010-06-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-680020611-101842545-878744919-500\...\Run: [Advanced SystemCare 5] => C:\Users\Administrator\Desktop\Advanced SystemCare 5\ASCTray.exe [574296 2012-03-06] (IObit)
HKU\S-1-5-21-680020611-101842545-878744919-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-13] (Google Inc.)
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: D - D:\autorun.exe /d
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {26902da8-0632-11e1-a412-3cd92b76e7c7} - D:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {981a41b8-98df-11e1-a034-3cd92b76e7c7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7} - F:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clinapps.lnk [2015-04-14]
ShortcutTarget: Clinapps.lnk -> C:\Program Files (x86)\Agfa\Clinapps\4.1.38.0\JVision\RUN.BAT ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-03-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-06-28] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = g.msn.com/HPCOM/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
HKU\S-1-5-21-680020611-101842545-878744919-500\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/?fr=vmn&type=vmn__webcompa__.....0531__yaie
HKU\S-1-5-21-680020611-101842545-878744919-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {31067203-8BE4-44B4-A0EA-D984CA90DA6C} URL = websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=en_BA&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^BA&apn_uid=69eb7bda-3359-4208-a630-1d2ceca1bfbc&apn_sauid=DACC4D8C-04E9-4078-BADE-7F9F5D05AC7E
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = blekko.com/ws/?source=a92683ac&tbp=rbox&too.....DCAD955&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {5721BCE3-2CA1-419C-AE85-773A3D58297E} URL = searchou.com/?q={searchTerms}&id=42b2bbec0000000000003cd92b76e7c7&affilt=5&r=964
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vmn__w.....1__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {CF39FD93-D986-4E39-B731-9866423DF238} URL = search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-04-18] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-11] (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\microsoft office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-04-18] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-04] (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-04-18] (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-04-18] (AVAST Software)
DPF: HKLM-x32 {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///D:/CDVIEWER/CdViewer.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{74983563-4D23-45AD-A881-BD1D31A4F55A}: [NameServer] 8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-680020611-101842545-878744919-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-680020611-101842545-878744919-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-11-04]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGFA IMPAX GTI AutoUpdateService; C:\Program Files\Agfa\GTIClient\AutoUpdateService\AutoUpdateService.exe [9216 2011-10-31] (Agfa Healthcare) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-04-18] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PACS Client Updater; C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [36864 2011-07-06] (Agfa Healthcare Inc.) [File not signed]
R2 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [1519168 2008-08-30] (UltraVNC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-04-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [64344 2011-04-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-04-18] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [600920 2011-04-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [287064 2011-04-18] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53592 2011-04-18] (AVAST Software)
S3 b7atikmdag; C:\Windows\System32\DRIVERS\b7atikmdag.sys [5832560 2011-05-06] (ATI Technologies Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-05-31] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S1 SASDIFSV; \??\E:\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\SUPERAntiSpyware\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 22:10 - 2015-05-31 22:10 - 00016247 _____ () C:\Users\Administrator\Downloads\FRST.txt
2015-05-31 22:09 - 2015-05-31 22:10 - 00000000 ____D () C:\FRST
2015-05-31 22:09 - 2015-05-31 22:09 - 02108928 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-05-31 22:00 - 2015-05-31 22:00 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2015-05-31 21:57 - 2015-05-31 21:57 - 00001088 _____ () C:\Users\Administrator\Desktop\RegHunter.lnk
2015-05-31 21:57 - 2015-05-31 21:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2015-05-31 21:57 - 2015-05-31 21:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Enigma Software Group
2015-05-31 21:57 - 2015-05-31 21:57 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-31 21:56 - 2015-05-31 21:56 - 11230592 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\RegHunter-Installer.exe
2015-05-31 21:51 - 2015-05-31 21:51 - 00001584 _____ () C:\Windows\PFRO.log
2015-05-31 21:51 - 2015-05-31 21:51 - 00000056 _____ () C:\Windows\setupact.log
2015-05-31 21:51 - 2015-05-31 21:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-31 21:43 - 2015-05-31 21:50 - 00019305 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 21:03 - 2015-05-31 21:03 - 00029778 _____ () C:\Users\Administrator\Documents\cc_20150531_210313.reg
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\ProgramData\ATI
2015-05-31 20:40 - 2015-05-31 21:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 20:39 - 2015-05-31 20:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-31 20:39 - 2015-05-31 20:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 20:39 - 2015-05-31 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 20:39 - 2015-05-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-31 20:39 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-31 20:39 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 20:39 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\Documents\Sports Interactive
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\Documents\CPY_SAVES
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Sports Interactive
2015-05-31 08:17 - 2015-05-31 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sports Interactive
2015-05-31 08:13 - 2015-05-31 20:57 - 00002896 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-31 08:13 - 2015-05-31 20:57 - 00002896 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-31 08:13 - 2015-05-31 08:13 - 00000278 _____ () C:\prefs.js
2015-05-31 08:13 - 2015-05-31 08:13 - 00000000 ____D () C:\searchplugins
2015-05-31 08:13 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-05-31 08:13 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-05-31 08:12 - 2015-05-31 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-31 08:11 - 2015-05-31 21:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2015-05-31 08:11 - 2015-05-31 08:13 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-05-31 08:11 - 2015-05-31 08:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\RHEng
2015-05-31 08:11 - 2015-05-31 08:11 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-05-31 08:06 - 2015-05-31 08:06 - 01709792 _____ (Disc Soft Ltd.) C:\Users\Administrator\Downloads\DTLiteInstaller.exe
2015-05-31 07:48 - 2015-05-31 07:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Steam
2015-05-31 07:46 - 2015-05-31 07:46 - 01142128 _____ () C:\Users\Administrator\Downloads\SteamSetup.exe
2015-05-28 11:42 - 2015-05-28 11:42 - 00000000 ____D () C:\Users\Administrator\Desktop\DR MILJKO-MEŠA svibanj 2015
2015-05-27 13:36 - 2015-05-27 13:36 - 00000000 ____D () C:\Users\Administrator\Desktop\FZS ispiti svibanj 2015
2015-05-27 13:23 - 2015-05-27 13:36 - 00000000 ____D () C:\Users\Administrator\Documents\FZS ispiti svibanj 2015
2015-05-26 12:26 - 2015-05-26 12:27 - 00000000 ____D () C:\Users\Administrator\Desktop\tttg
2015-05-26 12:22 - 2015-05-26 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\Photoshop
2015-05-26 12:22 - 2015-05-26 12:22 - 00000000 ____D () C:\Windows\XSxS
2015-05-26 12:22 - 2011-05-02 07:04 - 171502133 _____ (Adobe Systems, Incorporated) C:\Users\Administrator\Desktop\Photoshop.exe
2015-05-25 11:28 - 2015-05-25 12:27 - 00000000 ____D () C:\Users\Administrator\Downloads\Toto Cutugno - Greatest Hits ( Disco, Dance, Pop ) 2014 @ 320
2015-05-25 11:27 - 2015-05-25 11:27 - 00017886 _____ () C:\Users\Administrator\Downloads\[kat.cr]toto.cutugno.greatest.hits.disco.dance.pop.2014.320.torrent
2015-05-22 11:47 - 2015-05-22 11:47 - 00000000 ____D () C:\Users\Administrator\Desktop\10^RTG snimak 2 exp_-lijevo koljeno,_246965
2015-05-19 13:26 - 2015-05-19 13:26 - 00000000 ____D () C:\Users\Administrator\Desktop\Ciljani snimak-kraniogram,_395494
2015-05-19 12:29 - 2005-03-26 21:40 - 03855660 _____ () C:\Users\Administrator\Desktop\Zlatan.wmv
2015-05-19 07:19 - 2015-04-29 23:06 - 00084005 _____ () C:\Users\Administrator\Desktop\Moonrise.Kingdom.2012.720p.BluRay.x264.YIFY.srt
2015-05-18 13:50 - 2015-05-18 13:50 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680020611-101842545-878744919-500Core1d09160e851193c.job
2015-05-13 08:28 - 2015-05-13 08:28 - 00000000 ____D () C:\Users\Administrator\Desktop\RTG snimak 2 exp_-desno koljeno,_392965
2015-05-12 09:25 - 2015-05-12 09:25 - 13716992 _____ () C:\Users\Administrator\Downloads\digitalna radiologija (1).ppt
2015-05-04 11:03 - 2015-05-04 11:04 - 13713920 _____ () C:\Users\Administrator\Downloads\digitalna radiologija.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 21:58 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 21:58 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 21:55 - 2009-07-14 07:13 - 00727202 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 21:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-31 21:02 - 2013-01-17 09:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-05-31 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-31 20:54 - 2013-06-19 12:20 - 00000000 ____D () C:\Users\Administrator\Downloads\CT ante
2015-05-31 20:51 - 2013-07-29 21:35 - 00000000 ____D () C:\Program Files (x86)\Rapider
2015-05-31 20:51 - 2013-07-02 11:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\BabSolution
2015-05-31 20:39 - 2013-03-07 13:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 19:21 - 2011-11-24 19:26 - 00000000 ____D () C:\Users\Public\Impax
2015-05-31 18:40 - 2011-11-04 15:26 - 00012087 _____ () C:\Users\Administrator\jinitiator13122.trace
2015-05-31 18:39 - 2011-10-11 23:47 - 00000000 ____D () C:\Users\Administrator
2015-05-28 13:31 - 2011-11-30 13:15 - 00000000 ____D () C:\Users\Administrator\.VirtualBox
2015-05-28 12:23 - 2015-04-13 09:00 - 00000000 ____D () C:\Users\Administrator\Desktop\Prikazi slučaja
2015-05-26 07:32 - 2012-05-23 11:32 - 00002410 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2015-05-25 12:33 - 2011-12-27 17:55 - 00000000 ____D () C:\Users\Administrator\Documents\MR nalazi mix
2015-05-19 13:09 - 2011-11-10 18:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Nalazi za dežuru
2015-05-18 13:50 - 2015-02-05 04:39 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680020611-101842545-878744919-500Core1d040ecf081b1d8.job
2015-05-18 13:07 - 2013-03-08 09:58 - 00000000 ____D () C:\Users\Administrator\Documents\Case report mix
2015-05-14 13:45 - 2015-04-02 11:27 - 00000000 ____D () C:\Users\Administrator\Desktop\UZORAK
2015-05-11 10:12 - 2014-06-26 16:47 - 00000000 ____D () C:\Users\Administrator\Documents\UZV-Dragan Mijatović
2015-05-08 07:31 - 2014-01-16 11:12 - 00000000 ____D () C:\DOCENT

==================== Files in the root of some directories =======

2011-10-11 23:47 - 2011-08-29 23:00 - 0003625 _____ () C:\Users\Administrator\AppData\Roaming\UserTile.png
2015-02-09 12:28 - 2015-02-09 12:28 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-27 16:12 - 2011-11-27 16:12 - 0004096 ____H () C:\Users\Administrator\AppData\Local\keyfile3.drm

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\bitool.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-01 01:04

==================== End of log ============================
mycity.rs/must-login.png

Dopuna: 31 Maj 2015 22:40

Molim vas može li pomoć?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Zdravo,

probacemo da pomognemo.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
Task: {03E9FDC2-32B4-4D76-9404-DC663A7B0D91} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {2501F68E-AA5A-488D-9FCA-2F3E9F8AB638} - \BrowserDefendert No Task File <==== ATTENTION
Task: {4B18ABF9-FC84-42B9-86B7-F198E739FA0E} - System32\Tasks\4790 => Wscript.exe C:\Users\ADMINI~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {79AF4651-B27A-4A6A-B47D-5709BB765F5D} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {B2D4C013-57D1-4E67-885B-8E8096C7DA9C} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {F64F9F7E-61E6-43A6-8B27-F4CCC952D25E} - \EPUpdater No Task File <==== ATTENTION
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: D - D:\autorun.exe /d
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {26902da8-0632-11e1-a412-3cd92b76e7c7} - D:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {981a41b8-98df-11e1-a034-3cd92b76e7c7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7} - F:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = http://eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
S1 SASDIFSV; \??\E:\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\SUPERAntiSpyware\SASKUTIL.SYS [X]
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = http://eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = http://eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {31067203-8BE4-44B4-A0EA-D984CA90DA6C} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=en_BA&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^BA&apn_uid=69eb7bda-3359-4208-a630-1d2ceca1bfbc&apn_sauid=DACC4D8C-04E9-4078-BADE-7F9F5D05AC7E
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/ws/?source=a92683ac&tbp=rbox&too.....DCAD955&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {5721BCE3-2CA1-419C-AE85-773A3D58297E} URL = http://searchou.com/?q={searchTerms}&id=42b2bbec0000000000003cd92b76e7c7&affilt=5&r=964
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {CF39FD93-D986-4E39-B731-9866423DF238} URL = http://search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [Not Found]
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-05-31 23:15:41 Run:1
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Agfa & Dr Miljko & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {03E9FDC2-32B4-4D76-9404-DC663A7B0D91} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {2501F68E-AA5A-488D-9FCA-2F3E9F8AB638} - \BrowserDefendert No Task File <==== ATTENTION
Task: {4B18ABF9-FC84-42B9-86B7-F198E739FA0E} - System32\Tasks\4790 => Wscript.exe C:\Users\ADMINI~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {79AF4651-B27A-4A6A-B47D-5709BB765F5D} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {B2D4C013-57D1-4E67-885B-8E8096C7DA9C} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {F64F9F7E-61E6-43A6-8B27-F4CCC952D25E} - \EPUpdater No Task File <==== ATTENTION
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: D - D:\autorun.exe /d
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {26902da8-0632-11e1-a412-3cd92b76e7c7} - D:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {981a41b8-98df-11e1-a034-3cd92b76e7c7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-680020611-101842545-878744919-500\...\MountPoints2: {cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7} - F:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
S1 SASDIFSV; \??\E:\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\SUPERAntiSpyware\SASKUTIL.SYS [X]
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> DefaultScope {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {2F7C283B-348A-478B-AE02-8F5DD7E12918} URL = eseeky.com/ws/?source=c0ff831d&tbp=rbox&too.....b76e7c7&q={searchTerms}&r=323
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {31067203-8BE4-44B4-A0EA-D984CA90DA6C} URL = websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=en_BA&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^BA&apn_uid=69eb7bda-3359-4208-a630-1d2ceca1bfbc&apn_sauid=DACC4D8C-04E9-4078-BADE-7F9F5D05AC7E
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = blekko.com/ws/?source=a92683ac&tbp=rbox&too.....DCAD955&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {5721BCE3-2CA1-419C-AE85-773A3D58297E} URL = searchou.com/?q={searchTerms}&id=42b2bbec0000000000003cd92b76e7c7&affilt=5&r=964
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {CF39FD93-D986-4E39-B731-9866423DF238} URL = search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [Not Found]
EmptyTemp:
*****************

Error: (0) Failed to create a restore point.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03E9FDC2-32B4-4D76-9404-DC663A7B0D91}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03E9FDC2-32B4-4D76-9404-DC663A7B0D91}" => key Removed successfully
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2501F68E-AA5A-488D-9FCA-2F3E9F8AB638}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2501F68E-AA5A-488D-9FCA-2F3E9F8AB638}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B18ABF9-FC84-42B9-86B7-F198E739FA0E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B18ABF9-FC84-42B9-86B7-F198E739FA0E}" => key Removed successfully
C:\Windows\System32\Tasks\4790 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4790" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79AF4651-B27A-4A6A-B47D-5709BB765F5D}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79AF4651-B27A-4A6A-B47D-5709BB765F5D}" => key Removed successfully
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2D4C013-57D1-4E67-885B-8E8096C7DA9C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2D4C013-57D1-4E67-885B-8E8096C7DA9C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F64F9F7E-61E6-43A6-8B27-F4CCC952D25E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F64F9F7E-61E6-43A6-8B27-F4CCC952D25E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => key Removed successfully
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key Removed successfully
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26902da8-0632-11e1-a412-3cd92b76e7c7}" => key Removed successfully
HKCR\CLSID\{26902da8-0632-11e1-a412-3cd92b76e7c7} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{981a41b8-98df-11e1-a034-3cd92b76e7c7}" => key Removed successfully
HKCR\CLSID\{981a41b8-98df-11e1-a034-3cd92b76e7c7} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7}" => key Removed successfully
HKCR\CLSID\{cfd2baeb-0756-11e5-ac3b-3cd92b76e7c7} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
SASDIFSV => Service Removed successfully
SASKUTIL => Service Removed successfully
HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F7C283B-348A-478B-AE02-8F5DD7E12918}" => key Removed successfully
HKCR\CLSID\{2F7C283B-348A-478B-AE02-8F5DD7E12918} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31067203-8BE4-44B4-A0EA-D984CA90DA6C}" => key Removed successfully
HKCR\CLSID\{31067203-8BE4-44B4-A0EA-D984CA90DA6C} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => key Removed successfully
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5721BCE3-2CA1-419C-AE85-773A3D58297E}" => key Removed successfully
HKCR\CLSID\{5721BCE3-2CA1-419C-AE85-773A3D58297E} => key not found.
"HKU\S-1-5-21-680020611-101842545-878744919-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF39FD93-D986-4E39-B731-9866423DF238}" => key Removed successfully
HKCR\CLSID\{CF39FD93-D986-4E39-B731-9866423DF238} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj" => key Removed successfully
EmptyTemp: => Removed 187.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:15:56 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

Evo stavio sam da ga scan-ira i čekam već 15 min, samo piše ovo: Waiting for action. Please uncheck elements you want to keep. Jel to ok?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Pa ako je zavrsio sa skeniranjem, klikni na cleaning/clean.

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

offline
  • Pridružio: 02 Dec 2014
  • Poruke: 13

Napisano: 31 Maj 2015 23:42

Isto i dalje...

Dopuna: 31 Maj 2015 23:43

Bez ikakvih promjena... Sad

Dopuna: 31 Maj 2015 23:45



Dopuna: 31 Maj 2015 23:46

Sve puno reklama koje neprestano iskaču, kad hoću nešto proguglati izbacuje mi svoje stranice prije onoga što sam tražio, otvara nove tabove... Katastrofa.

Dopuna: 31 Maj 2015 23:48

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Ne predajemo se. Smile

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

 
emptyalltemp;
autoclean;
resethosts;
emptyclsid;
emptyfolderscheck;delete


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

Ko je trenutno na forumu
 

Ukupno su 850 korisnika na forumu :: 60 registrovanih, 9 sakrivenih i 781 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., airsuba, Arhiv, Boter, bufanje, ccoogg123, cenejac111, Cirkon, cvrle312, Dannyboy, DeerHunter, Dejan84, DH, DPera, DucicM, Duh sa sekirom, dule10savic, francis begbie, goxin, HrcAk47, JOntra, kiltae, Krusarac, kybonacci, ladro, Leonov, Lucije Kvint, mercedesamg, mile23, milimoj, Milometer, Mixelotti, mkukoleca, MrNo, Nemanja.M, nemkea71, nenad81, Novi, nuke92, Panter, pceklic, Petar35, Petarvu, promajauglavi, radionica1, raskoljnikov, Recce, RiV, Rocker, Rogan33, Simon simonović, skvara, slonic_tonic, Smiljke, Srle993, stegonosa, Stoilkovic, vobo, x9