Provera racunara matoraca

Provera racunara matoraca

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14653
  • Gde živiš: Niš

Drugari, doneo mi je cale na proveru PC. U principu, tu je bilo svacega koliko sam video. Neki AppHat (djubre neko koliko vidim, ima ga u svim pretrazivacima...), Ask toolbar, jos neki toolbarovi, Eset sa poslednjim update-om 2011. godine (Confused) itd. Otac se prvenstveno zalio na to da mu "iskace obavestenje da hoce da ga upecaju" (phishing verovatno Smile). Ja nisam video to obavestenje, mada sam odmah krenuo u uklanjanje onoga sto mogu. Obrisah Eset, neke toolbarove, instalirah Avast free, instalirah MC Shield. No, verujem da tu ima jos toga za srediti, pa se obratih za strucnu pomoc. Very Happy

Da, ima par aplikacija koje treba da se update-uju (Java, Adobe Reader...). Radim na tome.

Evo loga:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 02
Ran by Zvonko (administrator) on ZVONKO-PC on 16-10-2014 11:30:16
Running from C:\Users\Zvonko\Desktop
Loaded Profile: Zvonko (Available profiles: Zvonko)
Platform: Microsoft Windows 7 Home Basic (X86) OS Language: srpski (latinica, Srbija i Crna Gora (bivša))
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Opera Software) C:\Program Files\Opera\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-10-16] (AVAST Software)
HKU\S-1-5-21-2907818993-509525542-411927873-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2907818993-509525542-411927873-1000\...\MountPoints2: {cfe5d174-4af9-11e0-a154-0019dbd5067d} - F:\LaunchU3.exe -a
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10640A&gct=hp&.....35&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD10BCCD9BCA4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=102&systemid=473&v=a13277-135&apn_dtid=BND101&apn_ptnrs=AG1&apn_uid=0324572449644773&o=APN10640&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\searchplugins\b92net.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
FF Extension: Apps Hat Mini - C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-10-16]
FF Extension: FLV Player Addon - C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\Extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com [2014-10-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4", "hxxp://www.google.rs/ig"
CHR DefaultSearchURL: Default -> http://dts.search.ask.com/sr?src=crb&gct=ds&am.....AG1&q={searchTerms}
CHR Profile: C:\Users\Zvonko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Zvonko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-25]
CHR Extension: (Google РїСЂРµСрага) - C:\Users\Zvonko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-25]
CHR Extension: (avast! Online Security) - C:\Users\Zvonko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-16]
CHR Extension: (Google новчаник) - C:\Users\Zvonko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Users\Zvonko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-16] (AVAST Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-16] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-10-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-16] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [28449 2005-12-19] (FTDI Ltd.)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 11:30 - 2014-10-16 11:30 - 00011713 _____ () C:\Users\Zvonko\Desktop\FRST.txt
2014-10-16 11:30 - 2014-10-16 11:30 - 00000000 ____D () C:\FRST
2014-10-16 11:29 - 2014-10-16 11:29 - 01102848 _____ (Farbar) C:\Users\Zvonko\Desktop\FRST.exe
2014-10-16 10:55 - 2014-10-16 10:55 - 00000000 ____D () C:\Users\Zvonko\AppData\Roaming\AVAST Software
2014-10-16 10:54 - 2014-10-16 10:54 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-16 10:54 - 2014-10-16 10:54 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-16 10:54 - 2014-10-16 10:54 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1413449682957
2014-10-16 10:54 - 2014-10-16 10:54 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-16 10:54 - 2014-10-16 10:54 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-16 10:54 - 2014-10-16 10:54 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-16 10:54 - 2014-10-16 10:54 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-16 10:54 - 2014-10-16 10:54 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-16 10:54 - 2014-10-16 10:54 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-16 10:54 - 2014-10-16 10:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-16 10:54 - 2014-10-16 10:54 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-16 10:54 - 2014-10-16 10:54 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-16 10:54 - 2014-10-16 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-16 10:53 - 2014-10-16 10:53 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-16 10:52 - 2014-10-16 10:53 - 00000000 ____D () C:\ProgramData\MCShield
2014-10-16 10:52 - 2014-10-16 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-10-16 10:52 - 2014-10-16 10:52 - 00000000 ____D () C:\Program Files\MCShield
2014-10-16 10:51 - 2014-10-16 10:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-15 07:58 - 2014-10-15 07:58 - 00250893 _____ () C:\Users\Zvonko\Documents\bafer.zip
2014-10-03 10:16 - 2014-10-03 10:16 - 00102824 _____ () C:\Users\Zvonko\Desktop\1-ZVONKOrekonsrukcija-Model.rar
2014-09-19 12:39 - 2014-09-19 15:43 - 00000000 ____D () C:\Users\Zvonko\Documents\ПРАВИЛНИЦИ

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 10:55 - 2010-09-08 14:03 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 10:54 - 2010-03-24 16:01 - 00062904 _____ () C:\Windows\system32\perfh01A.dat
2014-10-16 10:54 - 2010-03-24 16:01 - 00023414 _____ () C:\Windows\system32\perfc01A.dat
2014-10-16 10:54 - 2010-03-24 15:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-10-16 10:54 - 2010-03-24 15:17 - 00856750 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 10:51 - 2010-03-24 15:03 - 01465193 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 10:49 - 2009-07-14 06:34 - 00017536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 10:49 - 2009-07-14 06:34 - 00017536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 10:47 - 2013-08-23 05:59 - 00000000 ____D () C:\Users\Zvonko\AppData\Local\WebPlayer
2014-10-16 10:44 - 2010-09-08 14:03 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 10:43 - 2010-03-24 15:54 - 00004468 _____ () C:\Windows\PFRO.log
2014-10-16 10:43 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 10:43 - 2009-07-14 06:39 - 00073133 _____ () C:\Windows\setupact.log
2014-09-25 05:03 - 2011-12-07 14:04 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-17 12:35 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-17 12:34 - 2010-03-26 10:58 - 00000000 ____D () C:\Users\Zvonko\Documents\Fax

Some content of TEMP:
====================
C:\Users\Zvonko\AppData\Local\Temp\2yvqoczp.exe
C:\Users\Zvonko\AppData\Local\Temp\67v1ejy6.exe
C:\Users\Zvonko\AppData\Local\Temp\9ijnoscy.exe
C:\Users\Zvonko\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Zvonko\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\Zvonko\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Zvonko\AppData\Local\Temp\Delta.exe
C:\Users\Zvonko\AppData\Local\Temp\DeltaTB.exe
C:\Users\Zvonko\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Zvonko\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Zvonko\AppData\Local\Temp\i9ylp5g0.exe
C:\Users\Zvonko\AppData\Local\Temp\installhelper.dll
C:\Users\Zvonko\AppData\Local\Temp\j9tr1im1.exe
C:\Users\Zvonko\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\Zvonko\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Zvonko\AppData\Local\Temp\o3jzk1a1.exe
C:\Users\Zvonko\AppData\Local\Temp\PicasaUpdater_2871.exe
C:\Users\Zvonko\AppData\Local\Temp\PicasaUpdater_77d5.exe
C:\Users\Zvonko\AppData\Local\Temp\propsys.dll
C:\Users\Zvonko\AppData\Local\Temp\qtcztl5.exe
C:\Users\Zvonko\AppData\Local\Temp\rad9A24B.tmp_update.exe
C:\Users\Zvonko\AppData\Local\Temp\radB85F9.tmp_update.exe
C:\Users\Zvonko\AppData\Local\Temp\rlxdo8i9.exe
C:\Users\Zvonko\AppData\Local\Temp\run.exe
C:\Users\Zvonko\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Zvonko\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Zvonko\AppData\Local\Temp\WSSetup.exe
C:\Users\Zvonko\AppData\Local\Temp\xm964w28.exe
C:\Users\Zvonko\AppData\Local\Temp\zjgtuohq.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 00:58

==================== End Of Log ============================


Addition.txt: https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da pocnemo Smile

Java i Adobe Reader su prilicno zastareli, tako da ih apdejtuj. Sada cemo da odradimo jedan Fix sa FRST alatom, a pokrenucemo i Adwcleaner posto vidim da ga nisi koristio. Obavestavaj me kakvo je stanje kada zavrsis.



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

closeprocesses:
emptytemp:
HKU\S-1-5-21-2907818993-509525542-411927873-1000\...\MountPoints2: {cfe5d174-4af9-11e0-a154-0019dbd5067d} - F:\LaunchU3.exe -a
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll
c:\program files\movies toolbar
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10640A&gct=hp&.....35&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD10BCCD9BCA4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: No Name -> {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -> No File
Toolbar: HKLM - No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=102&systemid=473&v=a13277-135&apn_dtid=BND101&apn_ptnrs=AG1&apn_uid=0324572449644773&o=APN10640&q=
FF SearchPlugin: C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\searchplugins\b92net.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
FF Extension: Apps Hat Mini - C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-10-16]
FF Extension: FLV Player Addon - C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\Extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com [2014-10-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4", "hxxp://www.google.rs/ig"
CHR DefaultSearchURL: Default -> http://dts.search.ask.com/sr?src=crb&gct=ds&am.....AG1&q={searchTerms}
C:\Program Files\ESET


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.





Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14653
  • Gde živiš: Niš

Fixlog.txt:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2014 02
Ran by Zvonko at 2014-10-16 12:51:43 Run:1
Running from C:\Users\Zvonko\Desktop
Loaded Profile: Zvonko (Available profiles: Zvonko)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKU\S-1-5-21-2907818993-509525542-411927873-1000\...\MountPoints2: {cfe5d174-4af9-11e0-a154-0019dbd5067d} - F:\LaunchU3.exe -a
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll
c:\program files\movies toolbar
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10640A&gct=hp&.....35&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD10BCCD9BCA4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: No Name -> {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -> No File
Toolbar: HKLM - No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=102&systemid=473&v=a13277-135&apn_dtid=BND101&apn_ptnrs=AG1&apn_uid=0324572449644773&o=APN10640&q=
FF SearchPlugin: C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\searchplugins\b92net.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
FF Extension: Apps Hat Mini - C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com [2014-10-16]
FF Extension: FLV Player Addon - C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\Extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com [2014-10-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-135&t=4", "hxxp://www.google.rs/ig"
CHR DefaultSearchURL: Default -> http://dts.search.ask.com/sr?src=crb&gct=ds&am.....AG1&q={searchTerms}
C:\Program Files\ESET
*****************

Processes closed successfully.
"HKU\S-1-5-21-2907818993-509525542-411927873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe5d174-4af9-11e0-a154-0019dbd5067d}" => Key deleted successfully.
"HKCR\CLSID\{cfe5d174-4af9-11e0-a154-0019dbd5067d}" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
"c:\program files\movies toolbar" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key deleted successfully.
"HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key deleted successfully.
"HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}" => Key deleted successfully.
"HKCR\CLSID\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} => value deleted successfully.
"HKCR\CLSID\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\searchplugins\Ask.xml => Moved successfully.
C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\searchplugins\b92net.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\Ask.xml => Moved successfully.
C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com => Moved successfully.
C:\Users\Zvonko\AppData\Roaming\Mozilla\Firefox\Profiles\w3gb1n5x.default\Extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com => Moved successfully.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchURL not detected.
"C:\Program Files\ESET" => File/Directory not found.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====


AdwCleaner[S0].txt: https://www.mycity.rs/must-login.png



Koliko sam mogao da primetim, boot-ovanje traje nešto kraće nego malopre nakon pokretanja AdwCleaner-a. Ne znam kakave veze je ovo imalo sa boot-ovanjem, ali je primetno. Very Happy Takođe, sada je zapravo moguće koristiti pretraživač, barem mi se čini. Malopre se startovao dosta dugo, sada je ok.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

To bi bilo to Smile

Mozes jos da odradis scan sa MalwareBytes-om, mozda nadje nesto, ali nema tu nista aktivno.

https://www.malwarebytes.org/mwb-download/

U Settings --> Detection and Protection cekiraj i Rootkit Scan ukoliko vec nije.



Pobrisacemo koriscene alate:


Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14653
  • Gde živiš: Niš

Okej. To je to. MB ništa nije našao. Dosta je bolja situacija. Very Happy

Hvala puno! Very Happy Ziveli

Ko je trenutno na forumu
 

Ukupno su 621 korisnika na forumu :: 28 registrovanih, 8 sakrivenih i 585 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bane san, bbelic, Cufo, dragon986, Drug pukovnik, ikan, Jovan Nenad, Kaplar2, KUZMAR, ladro, mercedesamg, miodrag, mnn2, Neutral-M, Oluj2.1, Polemarchoi, raskoljnikov, royst33, S-lash, simazr, Sr.Stat., StefanS, stegonosa, Toni, vlvl, willie, Yellow Pinky, zlaya011