prilikom početka pretraživanja Chrome daje upozorenje o malveru

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav,
Kad želim da pretražujem net Google Chrome krene u pretraživanje i pre nego što izbaci podatke onog što želim da pretražim - dobijem poruku da postoji mavel:
ovo je ta poruka:
Опасност: Малвер у близини!
Производ Google Chrome је блокирао приступ овој страници на хосту google.rs.
Садржај са хоста papermashup.com, познатог дистрибутера малвера, уметнут је у ову веб-страницу. Ако сада посетите ову страницу, врло је вероватно да ћете заразити рачунар малвером.
Малвер је малициозни софтвер који изазива ствари као што су крађа идентитета, финансијски губитак и трајно брисање датотека. Сазнајте више
Znači koju god pretragu da pokušam sa bilo kojim rečima dobijem ovu istu poruku!?
Problem je počeo da se ispoljava dana pre par sati. Mislio sam da je neka greška do Googla ali ovo više nije uredu. Da li bi Vi mogli da mi pomognete. Uradio sam šta piše - tekst o otvaranju nove teme.
Ja sam pokušao da pokrenem anti virus (avast) ali on završi skeniranje i ne prijavi ništa. Obrisao sam keš pretraživača i istoriju ali ni to ne pomaže. Ovaj problem postoji samo na Chrome, na Fire Fox je sve uredu kad pretražujem.
Konekcija mi je sbb; Download :: 6.5 Mbps Upload :: 1.4 Mbps 175

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618 BrowserJavaVersion: 10.51.2
Run by Vladan at 18:29:58 on 2014-01-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8175.5556 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\NetBeans 7.3.1\bin\netbeans64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.rs/
mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
BHO: {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Vladan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f
dRunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
dRunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{C19F44D5-1986-4316-855A-D67D8BC9F8DA} : DHCPNameServer = 89.216.1.30 89.216.1.50
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Vladan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-1-6 21104]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-26 121936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-26 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-26 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-1-26 40384]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-11 1153368]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-6-6 2848168]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-6 2655768]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-1-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-1-26 40384]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-6 413800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2013-1-28 31968]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-1-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-1-10 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-1-6 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-1-6 30528]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-8-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-3 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-3 59392]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\netbeans64.exe="C:\Program Files\NetBeans 7.3.1\bin\netbeans64.exe" "%1" [UserChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: Applications\netbeans.exe="C:\Program Files\NetBeans 7.3.1\bin\netbeans.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-23 09:54:05 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC045882-FA60-44B5-82C6-2C3A7EC6AEB5}\mpengine.dll
2014-01-16 22:16:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2014-01-18 05:19:51 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 05:19:51 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 11:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:30:20.70 ===============
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,
Da li tu poruku dobijas od avasta?



Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

QuickScan;
InstalledProgs;

Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadrzaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Jan 2014 19:13

Uh, hvala što si tu! :-) Nije od avasta, poruku dobijam od googla, mogu da je slikam i da ti pokazem(to je ona crvena poruka o malveru kad naletiš na njega dok pretraŽUJEŠ). Sad ću uraditi ostalo...

Dopuna: 26 Jan 2014 19:31

magna86 imam problema sa pokretanjem zoeka, pokušao sam i sa zip i sa rar i neće da ga pokrene, izbacimi windows poruku da program nije dobro instaliran. Čak sam pokušao i sa zoek.exe direktan download i neće da ga pokrene. Šta sad da radim, čekam te?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada zoek pokrenes dvoklikom, njemu je potrebno neko vreme da se otpakuje i samopokrene. Nema veze, koristicemo alternativu.



Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.

dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02
Ran by Vladan (administrator) on VLADAN-PC on 26-01-2014 20:03:16
Running from C:\Users\Vladan\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\xampp\mysql\bin\mysqld.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [2837864 2010-06-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKCU\...\Run: [Facebook Update] - C:\Users\Vladan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-26] (Facebook Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Vladan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: EHTip - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\ehtip@robertkatic [2013-02-14]
FF Extension: WebRank SEO Toolbar - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\webrank-toolbar@probcomp.com [2013-12-02]
FF Extension: Html Validator - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2014-01-20]
FF Extension: Live HTTP Headers - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-02-16]
FF Extension: Firebug - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\firebug@software.joehewitt.com.xpi [2013-01-30]
FF Extension: Font Finder - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\fontfinder@bendodson.com.xpi [2013-09-02]
FF Extension: SQL Inject Me - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\sqlime@security.compass.xpi [2013-10-08]
FF Extension: X-notifier - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2013-09-15]
FF Extension: MeasureIt - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-09-28]
FF Extension: SearchStatus - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxwmuc.default-1359551551992\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2013-08-24]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [5011982379c59@5011982379c92.info] - C:\Users\Vladan\AppData\Roaming\Mozilla\Firefox\Profiles\uo9afk6u.default\extensions\5011982379c59@5011982379c92.info

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Perion plugin) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google документи) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-10]
CHR Extension: (MeasureIt!) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma [2013-02-10]
CHR Extension: (Google диск) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-10]
CHR Extension: (Select & translate - context menu) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapcampblfdohlgnilfjbmhjijhflbjf [2013-08-29]
CHR Extension: (Web Developer) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-02-10]
CHR Extension: (WOT) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-02-10]
CHR Extension: (YouTube) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-10]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2013-02-10]
CHR Extension: (Library Detector) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgaocdmhkmfnkdkbnckgmpopcbpaaejo [2013-02-10]
CHR Extension: (All JS Viewer) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cogpihfjkdnalpenphgjgmpbhnkkghno [2013-02-10]
CHR Extension: (Google претрага) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-10]
CHR Extension: (Search by Image (by Google)) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-02-10]
CHR Extension: (Stylish) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2013-02-10]
CHR Extension: (10+Tabs MASTER →Fast Speed Scroll w/LATER Tab) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fleoafedhjjnlcnmbanbgdghajojcodd [2013-09-26]
CHR Extension: (NetBeans Connector) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2013-11-06]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-02-10]
CHR Extension: (Google Theme) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2013-10-11]
CHR Extension: (WhatFont) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2013-02-10]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-02-10]
CHR Extension: (EHTip) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbkkdecpgcebkfblliledlcinoeeing [2013-02-10]
CHR Extension: (WebRank SEO) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji [2013-02-10]
CHR Extension: (Hangouts) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-09-27]
CHR Extension: (Google новчаник) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2013-04-06]
CHR Extension: (Outlook.com) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-05-04]
CHR Extension: (Gmail) - C:\Users\Vladan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-10]
CHR HKLM-x32\...\Chrome\Extension: [cgpnojibjokpoghebklhkdeijehkohhb] - C:\Users\Vladan\AppData\Local\Temp\ccex.crx [2013-02-10]
CHR HKLM-x32\...\Chrome\Extension: [cllmmihkeolnfmiojcmlichcjpcicemk] - C:\ProgramData\TheBflix\cllmmihkeolnfmiojcmlichcjpcicemk.crx [2013-02-10]
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit11.crx [2012-06-28]

==================== Services (Whitelisted) =================

R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinHttpAutoProxySvc; winhttp.dll [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-06-28] (ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-06-28] (ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-28] (ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-06-28] (ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-06-28] (ALWIL Software)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-01-06] ()
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 20:03 - 2014-01-26 20:03 - 00018665 _____ C:\Users\Vladan\Downloads\FRST.txt
2014-01-26 20:02 - 2014-01-26 20:02 - 00000000 ____D C:\FRST
2014-01-26 20:01 - 2014-01-26 20:01 - 02078208 _____ (Farbar) C:\Users\Vladan\Downloads\FRST64.exe
2014-01-26 19:36 - 2014-01-26 19:36 - 00003136 _____ C:\Windows\System32\Tasks\{8C7DD1CE-62B1-4613-B09E-D74DF228269F}
2014-01-26 19:32 - 2014-01-26 19:32 - 00000000 ____D C:\Users\Vladan\Desktop\zoek
2014-01-26 19:31 - 2014-01-26 19:31 - 04086782 _____ C:\Users\Vladan\Desktop\zoek.zip
2014-01-26 19:27 - 2014-01-26 19:27 - 00003116 _____ C:\Windows\System32\Tasks\{263FFAC9-6C61-4BEE-8DEF-BBADD0DB8330}
2014-01-26 19:23 - 2014-01-26 19:23 - 00003156 _____ C:\Windows\System32\Tasks\{56D8CB7C-5591-428D-A0B4-E793542AD076}
2014-01-26 19:19 - 2014-01-26 19:19 - 00000000 ____D C:\zoek_backup
2014-01-26 18:30 - 2014-01-26 18:30 - 00014726 _____ C:\Users\Vladan\Desktop\dds.txt
2014-01-26 18:30 - 2014-01-26 18:30 - 00001066 _____ C:\Users\Vladan\Desktop\attach.txt
2014-01-26 18:29 - 2014-01-26 18:29 - 00688992 ____R (Swearware) C:\Users\Vladan\Downloads\dds.scr
2014-01-21 19:56 - 2014-01-21 19:56 - 00000000 ____D C:\Users\Vladan\Downloads\menu_sample2_ver5_940
2014-01-16 23:16 - 2014-01-16 23:16 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 23:16 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 23:16 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-16 23:16 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-16 23:16 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-11 13:50 - 2014-01-11 13:50 - 00178508 _____ C:\Users\Vladan\Downloads\syntaxhighlighter_3.0.83.zip
2014-01-11 13:50 - 2014-01-11 13:50 - 00000000 ____D C:\Users\Vladan\Downloads\syntaxhighlighter_3.0.83
2014-01-04 14:31 - 2014-01-04 14:31 - 00086016 _____ (HOME) C:\Users\Vladan\Documents\JOCR.exe
2014-01-03 23:42 - 2014-01-03 23:42 - 00000000 ____D C:\Users\Vladan\Downloads\1137-ribbon
2014-01-03 23:41 - 2014-01-03 23:41 - 00859160 _____ C:\Users\Vladan\Downloads\1137-ribbon.7z
2013-12-30 20:48 - 2013-12-30 20:48 - 00004669 _____ C:\Users\Vladan\.recently-used.xbel
2013-12-30 09:53 - 2014-01-26 19:44 - 00001804 _____ C:\Windows\setupact.log
2013-12-30 09:53 - 2013-12-30 09:53 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2014-01-26 20:03 - 2014-01-26 20:03 - 00018665 _____ C:\Users\Vladan\Downloads\FRST.txt
2014-01-26 20:03 - 2013-08-09 23:11 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0B9A15A2-10E1-4416-AE82-59CAAD58E606}
2014-01-26 20:02 - 2014-01-26 20:02 - 00000000 ____D C:\FRST
2014-01-26 20:01 - 2014-01-26 20:01 - 02078208 _____ (Farbar) C:\Users\Vladan\Downloads\FRST64.exe
2014-01-26 19:49 - 2009-07-14 05:45 - 00014512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 19:49 - 2009-07-14 05:45 - 00014512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 19:47 - 2013-07-03 09:23 - 01291754 _____ C:\Windows\WindowsUpdate.log
2014-01-26 19:44 - 2013-12-30 09:53 - 00001804 _____ C:\Windows\setupact.log
2014-01-26 19:44 - 2013-01-26 10:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 19:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 19:36 - 2014-01-26 19:36 - 00003136 _____ C:\Windows\System32\Tasks\{8C7DD1CE-62B1-4613-B09E-D74DF228269F}
2014-01-26 19:33 - 2013-01-26 10:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 19:32 - 2014-01-26 19:32 - 00000000 ____D C:\Users\Vladan\Desktop\zoek
2014-01-26 19:31 - 2014-01-26 19:31 - 04086782 _____ C:\Users\Vladan\Desktop\zoek.zip
2014-01-26 19:27 - 2014-01-26 19:27 - 00003116 _____ C:\Windows\System32\Tasks\{263FFAC9-6C61-4BEE-8DEF-BBADD0DB8330}
2014-01-26 19:26 - 2013-06-25 09:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 19:23 - 2014-01-26 19:23 - 00003156 _____ C:\Windows\System32\Tasks\{56D8CB7C-5591-428D-A0B4-E793542AD076}
2014-01-26 19:19 - 2014-01-26 19:19 - 00000000 ____D C:\zoek_backup
2014-01-26 19:04 - 2013-09-26 20:59 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-622041102-657345544-561382794-1000UA.job
2014-01-26 19:00 - 2013-01-15 22:12 - 00045522 _____ C:\Users\Vladan\Desktop\vezbe_javascript.txt
2014-01-26 18:30 - 2014-01-26 18:30 - 00014726 _____ C:\Users\Vladan\Desktop\dds.txt
2014-01-26 18:30 - 2014-01-26 18:30 - 00001066 _____ C:\Users\Vladan\Desktop\attach.txt
2014-01-26 18:29 - 2014-01-26 18:29 - 00688992 ____R (Swearware) C:\Users\Vladan\Downloads\dds.scr
2014-01-26 12:36 - 2013-09-26 20:59 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-622041102-657345544-561382794-1000Core.job
2014-01-25 17:34 - 2012-02-11 14:35 - 00000000 ____D C:\Users\Vladan\AppData\Roaming\FileZilla
2014-01-25 16:34 - 2013-08-23 18:18 - 00000000 ____D C:\Program Files\NetBeans 7.3.1
2014-01-25 09:46 - 2013-07-28 09:51 - 00000000 ____D C:\Users\Vladan\AppData\Local\TSVNCache
2014-01-21 19:56 - 2014-01-21 19:56 - 00000000 ____D C:\Users\Vladan\Downloads\menu_sample2_ver5_940
2014-01-20 08:34 - 2013-06-12 17:49 - 00282600 _____ C:\Users\Vladan\Desktop\RaZ.txt
2014-01-19 17:54 - 2013-08-23 19:40 - 00000000 ____D C:\Users\Vladan\Documents\NetBeansProjects
2014-01-18 06:20 - 2012-02-19 09:57 - 00000000 ____D C:\Users\Vladan\AppData\Local\Adobe
2014-01-18 06:19 - 2013-06-25 09:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-18 06:19 - 2013-06-25 09:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-18 06:19 - 2012-01-10 12:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 23:35 - 2013-02-10 00:24 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 23:16 - 2014-01-16 23:16 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 23:16 - 2013-12-11 01:48 - 00000000 ____D C:\ProgramData\Oracle
2014-01-16 23:16 - 2013-12-11 01:46 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 15:14 - 2009-07-14 06:13 - 00730532 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 15:38 - 2013-06-08 19:46 - 00003846 _____ C:\Users\Vladan\Desktop\šefre.txt
2014-01-13 15:06 - 2013-01-14 02:51 - 00000132 _____ C:\Users\Vladan\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-11 13:50 - 2014-01-11 13:50 - 00178508 _____ C:\Users\Vladan\Downloads\syntaxhighlighter_3.0.83.zip
2014-01-11 13:50 - 2014-01-11 13:50 - 00000000 ____D C:\Users\Vladan\Downloads\syntaxhighlighter_3.0.83
2014-01-06 11:50 - 2012-01-06 16:56 - 00110112 _____ C:\Users\Vladan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 11:49 - 2009-07-14 05:45 - 05037712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-04 14:31 - 2014-01-04 14:31 - 00086016 _____ (HOME) C:\Users\Vladan\Documents\JOCR.exe
2014-01-03 23:42 - 2014-01-03 23:42 - 00000000 ____D C:\Users\Vladan\Downloads\1137-ribbon
2014-01-03 23:41 - 2014-01-03 23:41 - 00859160 _____ C:\Users\Vladan\Downloads\1137-ribbon.7z
2014-01-03 21:47 - 2012-02-12 21:46 - 00000000 ____D C:\Users\Vladan\AppData\Roaming\Skype
2014-01-02 17:35 - 2012-02-12 21:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-02 17:35 - 2012-02-12 21:46 - 00000000 ____D C:\ProgramData\Skype
2013-12-30 20:49 - 2012-02-29 09:45 - 00000000 ____D C:\Users\Vladan\.gimp-2.6
2013-12-30 20:48 - 2013-12-30 20:48 - 00004669 _____ C:\Users\Vladan\.recently-used.xbel
2013-12-30 20:48 - 2012-02-29 10:11 - 00000000 ____D C:\Users\Vladan\AppData\Roaming\gtk-2.0
2013-12-30 20:48 - 2012-01-06 16:27 - 00000000 ____D C:\Users\Vladan
2013-12-30 09:53 - 2013-12-30 09:53 - 00000000 _____ C:\Windows\setuperr.log
2013-12-29 22:28 - 2012-10-14 11:40 - 00000000 ____D C:\Windows\Minidump

Files to move or delete:
====================
C:\Users\Vladan\AppData\Roaming\Camdata.ini
C:\Users\Vladan\AppData\Roaming\CamLayout.ini
C:\Users\Vladan\AppData\Roaming\CamShapes.ini
C:\Users\Vladan\AppData\Roaming\CamStudio.Producer.Data.ini


Some content of TEMP:
====================
C:\Users\Vladan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 19:30

==================== End Of Log ============================
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovako,

Prvo imam zelju da kazem da je ovo jedna od povecih kolekcija extenzija za browsere koje sam video.
Drugo, FRST mi govori o prisustvu dve maliciozne extenzije koje su klasifikovane kao browser hijacker. Uklonicemo to, a sam fix ce trajati veoma brzo.




1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Start
C:\Users\Vladan\AppData\Local\Temp\ccex.crx
C:\ProgramData\TheBflix
CHR HKLM-x32\...\Chrome\Extension: [cgpnojibjokpoghebklhkdeijehkohhb] - C:\Users\Vladan\AppData\Local\Temp\ccex.crx [2013-02-10]
CHR HKLM-x32\...\Chrome\Extension: [cllmmihkeolnfmiojcmlichcjpcicemk] - C:\ProgramData\TheBflix\cllmmihkeolnfmiojcmlichcjpcicemk.crx [2013-02-10
End

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



------------------------------------------------------------------


Da se vratimo na prvobitnu poruku:

Citat:Опасност: Малвер у близини!
Производ Google Chrome је блокирао приступ овој страници на хосту www.google.rs.
Садржај са хоста papermashup.com, познатог дистрибутера малвера, уметнут је у ову веб-страницу. Ако сада посетите ову страницу, врло је вероватно да ћете заразити рачунар малвером.
Малвер је малициозни софтвер који изазива ствари као што су крађа идентитета, финансијски губитак и трајно брисање датотека. Сазнајте више


Jednostavno, Google je okarakterisao domenski server koji hostuje sajt "papermashup .com" kao maliciozni te ga je postavio na blacklist.




Kada izvrsis FRSTScript (FixList) i postavis mi FixLog.txt, reci mi da li i dalje imas problem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Jan 2014 21:04

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-01-2014 02
Ran by Vladan at 2014-01-26 21:01:03 Run:1
Running from C:\Users\Vladan\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Users\Vladan\AppData\Local\Temp\ccex.crx
C:\ProgramData\TheBflix
CHR HKLM-x32\...\Chrome\Extension: [cgpnojibjokpoghebklhkdeijehkohhb] - C:\Users\Vladan\AppData\Local\Temp\ccex.crx [2013-02-10]
CHR HKLM-x32\...\Chrome\Extension: [cllmmihkeolnfmiojcmlichcjpcicemk] - C:\ProgramData\TheBflix\cllmmihkeolnfmiojcmlichcjpcicemk.crx [2013-02-10
End
*****************

"C:\Users\Vladan\AppData\Local\Temp\ccex.crx" => File/Directory not found.
"C:\ProgramData\TheBflix" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cgpnojibjokpoghebklhkdeijehkohhb => Key deleted successfully.
"C:\Users\Vladan\AppData\Local\Temp\ccex.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cllmmihkeolnfmiojcmlichcjpcicemk => Key deleted successfully.
"CHR HKLM-x32\...\Chrome\Extension: [cllmmihkeolnfmiojcmlichcjpcicemk] - C:\ProgramData\TheBflix\cllmmihkeolnfmiojcmlichcjpcicemk.crx [2013-02-10" => File/Directory not found.

==== End of Fixlog ====
Probao sam sad, pokrenuo Chrome i opet isti problem. Bilo šta da pokušam da pretrazujem on(Google Chrome) izbacuje istu tu poruku!

Dopuna: 26 Jan 2014 21:17

Verujem da je problem taj što kad krenem da pretrazujem na Chromu malver "neki" preusmeri me na crnu listu i Google me onda blokira!?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da se razumemo,

Gore sam ti rekao zasto vidis taj crveni prozor. Ti kada zelis da pristupis papermashup .com sajtu, Google Chrome ti je izbacio upozorenje da je site blokiran usled malware opasnosti.


Imas dva izbora:
- Izbegavaj taj sajt dok Google i Administratori tog sajta ne rese stvar oko blackliste;
- Klik na Ignore this warning... u donjem desnom uglu i nastavis dalje ( <= nije bas preporucljivo! );






Inace, FRST je odradio svoj posao. Postavljeni logovi ne pokazuju tragove aktivnog malware na sistemu.

Ja bih sada uklonio svoje alate, ako se slazes.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Jan 2014 21:35

Ja ne želim da pristupim tom sajtu papermashup .com . Ja samo ukucam npr. u adress bar google.rs i izadje mi ta poruka. Nije mi jasno kakve to vze ima sa administratorima bilo kog sajta, kad ja želim da pretrazujem po netu a Chrome mi izbacuje tu poruku stalno i samo on. Onda se nešto od početka samog nismo razmeli. Evo sad ću da prikačim sliku. Znači ja ne idem na neki sajt direktno nego se to desi kad krenem da pretražujem o Google Chrome klasično pretrazivanje po netu, ni gde ne pristupam direktno. Ali ok.


Dopuna: 26 Jan 2014 21:36

Ukloni alate, šta da ti kažem, ovo nešto drugo nije uredu ako mlavera nema!?

Dopuna: 26 Jan 2014 21:46

hvala :-) videću šta to može da bude. U svakom slučaju hvala Vam što ste tu i tebi i celoj ekipi Ambulante..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aha,

Prvo ocisticemo browsare cache a usput i temp...



Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.
Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.




Potom hajde pokreni Google Chrome preko Incognito moda.
https://support.google.com/chrome/answer/95464?hl=en

Ovo ce startovati Google Chrome bez svih tih extenzija ... pa mi reci da li se problem i dalje ispoljava?

Takodje mi raci da li istu problematiku imas kada startujes Firefox?