Poruka korisniku total koji ce je nadam se vidjeti posto sam presao limit na privatne poruke pa ne mogu da mu pisem. Naime program koji mi je rekao sam skinuo ali kad ga pokrenem ne da mi i izbacuje ovo http://prntscr.com/axh7ai. I jos sam htio da te pitam u vezi onog OTL a koji mi na desktopu stoji, kako da ga izbrisem ako uopste trebam da ga brisem?
Klikni more info i dolje će se pojaviti opcija run anyway. Naravno ako si program skinuo sa legitimne stranice.
Poruka korisniku total koji ce je nadam se vidjeti posto sam presao limit na privatne poruke pa ne mogu da mu pisem. Naime program koji mi je rekao sam skinuo ali kad ga pokrenem ne da mi i izbacuje ovo http://prntscr.com/axh7ai. I jos sam htio da te pitam u vezi onog OTL a koji mi na desktopu stoji, kako da ga izbrisem ako uopste trebam da ga brisem?
klikni na moreinfo i dozvoli pokretanje programa
OTL normalno izbrišeš, ili ostavi za kraj kad će se pobrisati svi alati koji se koriste u čiščenju
http://speedy.sh/kQ6Zr/Addition.txt
http://speedy.sh/7vwyk/FRST.txt
Evo ga nadam se da sam ok uploadovao?
http://speedy.sh/kQ6Zr/Addition.txt
http://speedy.sh/7vwyk/FRST.txt
Evo ga nadam se da sam ok uploadovao?
skini fixlist.txt i spremi na desktop
http://speedy.sh/6rhtv/fixlist.txt
pokreni FRST i klik na Fix
log koji odbiješ nakon restarta kopiraj
nakon toga napravi scan s adwarecleaner
spremi programna desktop i pokreni ga, ozbači sve što pronađe i klik na clean
log isto tako kopiraj
Isao sam na ovo drugo slow download sa ovog linka sto si mi fixlist poslao i skinuo na desktom i pojavila mi se ikonica na desktopu koja sadrzi ovo kad otvorim
EmptyTemp:
CloseProcesses:
Start
HKU\S-1-5-21-2556443489-243370501-1283378790-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://houmpage.com/?src=hp&ssid=1449759813&a=1024132&uuid=be5e1f58-edb8-4cb7-b2db-773602c46e45
SearchScopes: HKU\S-1-5-21-2556443489-243370501-1283378790-1003 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449759813&a=1024132&uuid=be5e1f58-edb8-4cb7-b2db-773602c46e45
SearchScopes: HKU\S-1-5-21-2556443489-243370501-1283378790-1003 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449759813&a=1024132&uuid=be5e1f58-edb8-4cb7-b2db-773602c46e45
2016-04-14 17:17 - 2016-04-27 13:47 - 00001312 ____H C:\WINDOWS\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}.job
Task: {0CD2908B-943E-4C36-BB77-441A1907A071} - System32\Tasks\Rush Form => Rundll32.exe "C:\Users\Nedjo\AppData\Local\Rush Form\{47398BE8-881F-98EA-43D5-7CE2F08C3EE7}\RushForm.dll",#1 <==== ATTENTION
Task: {7793BB45-07AA-41F2-9D5D-06EB09D25A44} - System32\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4} => C:\Users\starc\AppData\Local\Temp\is-G1U81.tmp\XRD Manager.exe <==== ATTENTION
Task: {A20650DD-4887-4EE2-AF06-7346E4FFD510} - System32\Tasks\Rush Form2 => Rundll32.exe "C:\Users\Nedjo\AppData\Local\Rush Form\{47398BE8-881F-98EA-43D5-7CE2F08C3EE7}\fioslucb.dll",#1 <==== ATTENTION
Task: {ACEF6BF3-DD5C-4AC8-AE62-6B98A43B9B76} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe <==== ATTENTION
Task: {F6DE1C32-AF88-480C-AF96-06E72EFDFE11} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: C:\WINDOWS\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}.job => C:\Users\starc\AppData\Local\Temp\is-G1U81.tmp\XRD Manager.exe?/exenoupdates /exelang 0 /noprereqs /qr AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE E:\ AI_PREREQFILES=C:\Users\starc\AppData\Local\Temp\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}\drivers64.msi AI_PREREQDIRS=C:\Users\starc\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\starc\AppData\Local\Temp\is-G1U81.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\starc\AppData\Local\Temp\is-G1U81.tmp <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2556443489-243370501-1283378790-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\LuckyBrowse
C:\Program Files (x86)\Skillbrains
C:\Users\Nedjo\AppData\Local\Rush Form\
CMD: ipconfig /flushdns
End
Jel to ok da idem na drugi dio ovoga sto si mi napisao?
pogledaj sliku
znači i FRST i fixlist.txt moraju bit na desktopu
klik na Fix i nakon restarta, nastavi s adwcleanerom
Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by Nedjo (2016-04-27 16:43:29) Run:1
Running from C:\Users\Nedjo\Desktop
Loaded Profiles: starca & Nedjo (Available Profiles: starca & Nedjo)
Boot Mode: Normal
==============================================
fixlist content:
*****************
EmptyTemp:
CloseProcesses:
Start
HKU\S-1-5-21-2556443489-243370501-1283378790-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://houmpage.com/?src=hp&ssid=1449759813&a=1024132&uuid=be5e1f58-edb8-4cb7-b2db-773602c46e45
SearchScopes: HKU\S-1-5-21-2556443489-243370501-1283378790-1003 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449759813&a=1024132&uuid=be5e1f58-edb8-4cb7-b2db-773602c46e45
SearchScopes: HKU\S-1-5-21-2556443489-243370501-1283378790-1003 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449759813&a=1024132&uuid=be5e1f58-edb8-4cb7-b2db-773602c46e45
2016-04-14 17:17 - 2016-04-27 13:47 - 00001312 ____H C:\WINDOWS\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}.job
Task: {0CD2908B-943E-4C36-BB77-441A1907A071} - System32\Tasks\Rush Form => Rundll32.exe "C:\Users\Nedjo\AppData\Local\Rush Form\{47398BE8-881F-98EA-43D5-7CE2F08C3EE7}\RushForm.dll",#1 <==== ATTENTION
Task: {7793BB45-07AA-41F2-9D5D-06EB09D25A44} - System32\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4} => C:\Users\starc\AppData\Local\Temp\is-G1U81.tmp\XRD Manager.exe <==== ATTENTION
Task: {A20650DD-4887-4EE2-AF06-7346E4FFD510} - System32\Tasks\Rush Form2 => Rundll32.exe "C:\Users\Nedjo\AppData\Local\Rush Form\{47398BE8-881F-98EA-43D5-7CE2F08C3EE7}\fioslucb.dll",#1 <==== ATTENTION
Task: {ACEF6BF3-DD5C-4AC8-AE62-6B98A43B9B76} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe <==== ATTENTION
Task: {F6DE1C32-AF88-480C-AF96-06E72EFDFE11} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: C:\WINDOWS\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}.job => C:\Users\starc\AppData\Local\Temp\is-G1U81.tmp\XRD Manager.exe?/exenoupdates /exelang 0 /noprereqs /qr AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE E:\ AI_PREREQFILES=C:\Users\starc\AppData\Local\Temp\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}\drivers64.msi AI_PREREQDIRS=C:\Users\starc\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\starc\AppData\Local\Temp\is-G1U81.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\starc\AppData\Local\Temp\is-G1U81.tmp <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2556443489-243370501-1283378790-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\LuckyBrowse
C:\Program Files (x86)\Skillbrains
C:\Users\Nedjo\AppData\Local\Rush Form\
CMD: ipconfig /flushdns
End
*****************
Processes closed successfully.
HKU\S-1-5-21-2556443489-243370501-1283378790-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2556443489-243370501-1283378790-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2556443489-243370501-1283378790-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf34d395-9ff1-49a0-98a5-8db1636431b1}" => key removed successfully
HKCR\CLSID\{cf34d395-9ff1-49a0-98a5-8db1636431b1} => key not found.
C:\WINDOWS\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CD2908B-943E-4C36-BB77-441A1907A071}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CD2908B-943E-4C36-BB77-441A1907A071}" => key removed successfully
C:\WINDOWS\System32\Tasks\Rush Form => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rush Form" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7793BB45-07AA-41F2-9D5D-06EB09D25A44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7793BB45-07AA-41F2-9D5D-06EB09D25A44}" => key removed successfully
C:\WINDOWS\System32\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A20650DD-4887-4EE2-AF06-7346E4FFD510}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A20650DD-4887-4EE2-AF06-7346E4FFD510}" => key removed successfully
C:\WINDOWS\System32\Tasks\Rush Form2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rush Form2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACEF6BF3-DD5C-4AC8-AE62-6B98A43B9B76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACEF6BF3-DD5C-4AC8-AE62-6B98A43B9B76}" => key removed successfully
C:\WINDOWS\System32\Tasks\LuckyBrowse => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyBrowse" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6DE1C32-AF88-480C-AF96-06E72EFDFE11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6DE1C32-AF88-480C-AF96-06E72EFDFE11}" => key removed successfully
C:\WINDOWS\System32\Tasks\update-sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => key removed successfully
C:\WINDOWS\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}.job => not found.
C:\WINDOWS\Tasks\update-S-1-5-21-2556443489-243370501-1283378790-1001.job => moved successfully
C:\WINDOWS\Tasks\update-sys.job => moved successfully
"C:\Program Files (x86)\LuckyBrowse" => not found.
C:\Program Files (x86)\Skillbrains => moved successfully
C:\Users\Nedjo\AppData\Local\Rush Form => moved successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => 2.3 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 16:44:31 ====
# AdwCleaner v5.113 - Logfile created 27/04/2016 at 16:51:22
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : Nedjo - STARCA
# Running from : C:\Users\Nedjo\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\rei
[-] Folder Deleted : C:\ProgramData\LuckyBrowse
[#] Folder Deleted : C:\ProgramData\Application Data\LuckyBrowse
[-] Folder Deleted : C:\Users\Nedjo\AppData\Roaming\OpenCandy
***** [ Files ] *****
[-] File Deleted : C:\WINDOWS\Reimage.ini
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\Nedjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\LuckyBrowse
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAD0F79E-5EA4-542B-76A3-46093E52C1F5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8C6E0C94-74F5-4918-A2D6-FFC9233A1896}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C9F8B29C-0188-4EB2-B06F-542E508598AA}]
***** [ Web browsers ] *****
[-] [C:\Users\Nedjo\AppData\Roaming\Mozilla\Firefox\Profiles\bnbklac3.default\prefs.js] Deleted : user_pref("datareporting.sessions.previous.127", "{\"s\":1461577064600,\"a\":350,\"t\":5752,\"c\":true,\"m\":808,\"fp\":2345,\"sr\":2611}");
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [3111 bytes] - [27/04/2016 16:51:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [3331 bytes] - [27/04/2016 16:49:45]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3257 bytes] ##########
kako je sad ?
ako je sve ok, skini ovaj program i spremi na desktop
http://www.bleepingcomputer.com/download/delfix/
pokreni program , odaberi "remove disinfection tools" i klik na run
ako imaš i dalje problem s reklamama, ponovo odradi scan s FRST i logove uploadaj
http://speedy.sh/jACvd/Addition.txt
http://speedy.sh/bKYnE/FRST.txt
Bas dosta je bolje ali i sada iskoci tj otvori mi novi prozor ponekad kad sam na nekoj stranici. Znaci udjem na neku stranicu i kliknem na nesto i on mi sam otvori neki bezveze novi tab. Evo uradio sam jos jednom scan sa FRST...
http://speedy.sh/jACvd/Addition.txt
http://speedy.sh/bKYnE/FRST.txt
Bas dosta je bolje ali i sada iskoci tj otvori mi novi prozor ponekad kad sam na nekoj stranici. Znaci udjem na neku stranicu i kliknem na nesto i on mi sam otvori neki bezveze novi tab. Evo uradio sam jos jednom scan sa FRST...
u logovima nema ništa značjano
deinstaliraj ovaj program
Lightshot-5.3.0.0
neki kažu da je PUP, neki da nije, izbor je na tebi osobno
još ćeš napraviti scan s malwarebytesom, rezultat scana mi kopiraj da pogledam
isto tako, ako se opet pojavi prozor kopiraj njegov link pa pi i njega pošalji
ostalo je sve ok
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/28/2016
Scan Time: 3:57 PM
Logfile: aaaa.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.04.28.04
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Nedjo
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 465307
Time Elapsed: 24 min, 15 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 25
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{0292ec78-0678-4ae2-bfea-138097d7b70d}, , [082ce9cbeeab1125917a9c2dc53d56aa],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0292EC78-0678-4AE2-BFEA-138097D7B70D}, , [082ce9cbeeab1125917a9c2dc53d56aa],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{0292EC78-0678-4AE2-BFEA-138097D7B70D}, , [082ce9cbeeab1125917a9c2dc53d56aa],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{0cf3be96-d023-4f0e-bcab-0bf8ac78f706}, , [9c98e3d10c8d5adc21eb4485b052a65a],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0CF3BE96-D023-4F0E-BCAB-0BF8AC78F706}, , [9c98e3d10c8d5adc21eb4485b052a65a],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{0CF3BE96-D023-4F0E-BCAB-0BF8AC78F706}, , [9c98e3d10c8d5adc21eb4485b052a65a],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4944affb-e1c2-4ffb-a3c7-e424ea82e577}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4944affb-e1c2-4ffb-a3c7-e424ea82e577}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{194b8204-3eae-47e4-8daf-1852e7a82638}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{16879EC5-9228-448E-89C2-84B8A31A8E06}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{16879EC5-9228-448E-89C2-84B8A31A8E06}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{16879EC5-9228-448E-89C2-84B8A31A8E06}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{194b8204-3eae-47e4-8daf-1852e7a82638}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{194b8204-3eae-47e4-8daf-1852e7a82638}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4944AFFB-E1C2-4FFB-A3C7-E424EA82E577}, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}, , [73c1961efc9dec4a765c953401019b65],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}, , [73c1961efc9dec4a765c953401019b65],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [db59c9ebfe9be6504b8b12b75ea4ca36],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [db59c9ebfe9be6504b8b12b75ea4ca36],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Innovate Direct, , [3afa288ccfcae650d16641cc1de5b050],
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FCEA9712-7E8F-45BA-95D5-A2217440FA75}, , [0b29d1e30c8db77f92c83477a163cd33],
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UpdateAdmin, , [eb497c384554bd793f10b0a859abc43c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\InnovateDirect, , [88acd0e48514ac8a4bce6fd2be457090],
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}, , [e252a014debb7abc85cb8bcdc53fd828],
PUP.Optional.UpdateAdmin, HKU\S-1-5-21-2556443489-243370501-1283378790-1003\SOFTWARE\DOWNLOADADMIN\UpdateAdmin, , [8da7ac08c9d08bab420b14446d974ab6],
Registry Values: 4
PUP.Optional.DownLoadAdmin, HKU\S-1-5-21-2556443489-243370501-1283378790-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|UpdateAdmin, C:\Users\Nedjo\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN, , [80b47c387524999d278f90deee17748c]
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FCEA9712-7E8F-45BA-95D5-A2217440FA75}|Path, \UpdateAdmin, , [0b29d1e30c8db77f92c83477a163cd33]
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}|Publisher, DownloadAdmin, , [e252a014debb7abc85cb8bcdc53fd828]
Hijack.AutoConfigURL.ShrtCln, HKU\S-1-5-21-2556443489-243370501-1283378790-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://unstopp.me/wpad.dat?7f99e929babb821386bf52aca56791662458290, , [2311d1e372271026d5848e0f699bfd03]
Registry Data: 0
(No malicious items detected)
Folders: 8
PUP.Optional.UpdateAdmin, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin, , [41f3b4001485023416331a3e9074f10f],
PUP.Optional.UpdateAdmin, C:\Windows\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}, , [959f9420cfca4bebb5d9d3c8fc0829d7],
PUP.Optional.UpdateAdmin, C:\Users\Nedjo\AppData\Local\UpdateAdmin, , [fd378b292b6e0d297f461e1322e1b14f],
PUP.Optional.Yontoo, C:\ProgramData\074666a9-9c4a-46c0-9d2f-0ac2cbbb1ef3, , [f0443f75e5b4979f05f14dee47bc42be],
PUP.Optional.Yontoo, C:\Program Files (x86)\Common Files\074666a9-9c4a-46c0-9d2f-0ac2cbbb1ef3, , [ec4843710d8c7abc9c5b8bb09d66e719],
PUP.Optional.Yontoo, C:\Program Files (x86)\Innovate Direct, , [082c1f95cecb191dfdfba3986c977d83],
PUP.Optional.Yontoo, C:\Program Files (x86)\Innovate Direct\Extensions, , [082c1f95cecb191dfdfba3986c977d83],
PUP.Optional.Yontoo, C:\Users\Nedjo\AppData\Local\Temp\Innovate Direct, , [2410199b5e3bfc3a8b6e2219966d43bd],
Files: 11
PUP.Optional.DownLoadAdmin, C:\Users\Nedjo\AppData\Local\UpdateAdmin\UpdateAdmin.exe, , [80b47c387524999d278f90deee17748c],
PUP.Optional.Yontoo, C:\Program Files (x86)\Innovate Direct\Extensions\4944affb-e1c2-4ffb-a3c7-e424ea82e577.dll, , [ee467044fe9b9f97d242caff99695ca4],
PUP.Optional.Yontoo, C:\Program Files (x86)\Innovate Direct\Uninstaller.exe, , [3afa288ccfcae650d16641cc1de5b050],
PUP.Optional.Yontoo, C:\Users\Nedjo\AppData\Local\Temp\B2ag3HrxNxwcqxRdKW\299\setup.exe, , [71c3d6decacf5dd9ee494cc14bb7659b],
PUP.Optional.OpenCandy, C:\Users\starc\Downloads\SaveFromNetHelper-Web-7f08e74fc5.exe, , [8ea6d4e02f6a2511f2bcf09a917137c9],
PUP.Optional.UpdateAdmin, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin\UpdateAdmin.lnk, , [41f3b4001485023416331a3e9074f10f],
PUP.Optional.UpdateAdmin, C:\Windows\System32\Tasks\UpdateAdmin, , [1d17793bb5e4c175d773d286dd2728d8],
PUP.Optional.UpdateAdmin, C:\Windows\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}\icon.ico, , [959f9420cfca4bebb5d9d3c8fc0829d7],
PUP.Optional.Yontoo, C:\Program Files (x86)\Innovate Direct\7za.exe, , [082c1f95cecb191dfdfba3986c977d83],
PUP.Optional.Yontoo, C:\Program Files (x86)\Innovate Direct\Extensions\{ee866912-dc71-48cd-a3f9-46219827177e}.xpi, , [082c1f95cecb191dfdfba3986c977d83],
PUM.Optional.FireFoxSearchOverride, C:\Users\Nedjo\AppData\Roaming\Mozilla\Firefox\Profiles\bnbklac3.default\user.js, , [62d290245a3f5bdb5f1afb7c58ad2bd5],
Physical Sectors: 0
(No malicious items detected)
(end)
Evo malwarebytes mi je nasao 48 threatsa, hocu ici da ih remove?
http://042816.protect0r.com/errorCode?id=31539832&o=WIX&s1=232744&s2=5347423371461855162&p=224387
Evo sad mi je recimo otvorio sam ovaj tab...
izbriši sve što je pronađeno
javi kako je nakon brisanja
Obrisao, i dalje iskoci ponekada novi tab... Dodje mi da izbrisem ovaj svoj user pa napravim ponovo. Posto na kompu ima dva usera sada a na drugom je sve ok i ne iskacu ovi tabovi...
@total
Mozda bi brisanje i ponovno stavljanje Firefox-a (browsera) pomoglo, pogotovo profila tj. foldera sa profilom?
Mozda pokretanje MBAE u Safe Modu?
Obrisao, i dalje iskoci ponekada novi tab... Dodje mi da izbrisem ovaj svoj user pa napravim ponovo. Posto na kompu ima dva usera sada a na drugom je sve ok i ne iskacu ovi tabovi...
onda izbriši user pa ponovo napravi, iako u logu nema znakova da je korumptiran preglednik. taj tab koji ponekad iskače, iskače na svim stranicama koje posjetiš ili samo na određenim stranicama, tipa torrent?
kako bilo najednostavnije je da napraviš to s novim userom.
@total
Mozda bi brisanje i ponovno stavljanje Firefox-a (browsera) pomoglo, pogotovo profila tj. foldera sa profilom?
Mozda pokretanje MBAE u Safe Modu?
nije korumptiran, tako da nema potrebe reinstalirat preglednik...može napravit to s userom ili restart preglednika.
Obrisao, i dalje iskoci ponekada novi tab... Dodje mi da izbrisem ovaj svoj user pa napravim ponovo. Posto na kompu ima dva usera sada a na drugom je sve ok i ne iskacu ovi tabovi...
onda izbriši user pa ponovo napravi, iako u logu nema znakova da je korumptiran preglednik. taj tab koji ponekad iskače, iskače na svim stranicama koje posjetiš ili samo na određenim stranicama, tipa torrent?
kako bilo najednostavnije je da napraviš to s novim userom.
Iskace na svim sem cini mi se na facebooku, tj najcesce iskace na jednom forumu koji posjecujem. Vidjecu sutra da brisem user pa novi da napravim nije ni to puno posla. Tebi total hocu puno da se zahvalim na pomoci. Pozdrav veliki
poz ljudi
ja sam nov ovde i imam jedan problem, pa ako mozete pomoci bio bih vam zahvalan. 
hteo sam skinuti neku igricu nisam je dugo igrao, i fora pokrenem instalaciju i kad se zavrsila meni se instalirase neki kineski programi i reklame pocese da iskacu svaki minut.
i racunar je usporio. Imam windows 10 na njemu, i sa njim se tesko snalazim jer sam do skoro radio na win 7. Kontam da je neki virus. Ima li neko ideju kako bih mogao da se resim ovih reklama http://prntscr.com/d0tddg; http://prntscr.com/d0tdq1 ? Hvala unapred
https://www.sendspace.com/filegroup/khOEmTBXpU8RtnBd50XN%2Bg
evo logfile od AdwCleanera
https://www.sendspace.com/file/dx2qfx
a evo ga i ovaj poslednji logfile kada sam clean
joj buraz sjebah ga tako lako da je to neverovatno hahah
pa nisam ni jednom pokusavao ali ono,znas kako mogu googlati pa videti..
Press Windows logo key Windows logo key + I on your keyboard to open Settings. If that doesn't work, select the Start button in the lower-left corner of your screen, then select Settings.
Select Update & security > Recovery.
Under Advanced startup, select Restart now.
After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart.
After your PC restarts, you'll see a list of options. Select 4 or F4 to start your PC in Safe Mode. Or if you'll need to use the Internet, select 5 or F5 for Safe Mode with Networking.
tako nesto a ? :D
a sta posle ? :D hahah
i kako taj sistem restore ?
Sta je sa kompom sad?
Radi ili...
Koje Win imas (10?)?
A radi jebes ga,ok je sad sve...a da ja to nista ne pipam, a ? haha :D
pa ono kad bude zezao videcu da udjem u safe mode ili da reinstall win :D
Yes, 10ka je. Valja li on cemu? koji ti imas ?
Imam Win 10.
Bilo bi dobro da prodjes komp barem sa jos HitmanPro i Malwarebytes Antimalware i stavi slike kad skeniranje zavrsi.
evo od Malwarebytes Antimalware
