Jump to content

Njoma1

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Alright thanks for the help.. best of luck
  2. Its fine when i turn it off, the notifications (no more popping up) .. Im currently on a trial using premium service.. will i still get the protection of this "trojan attack" on a free version?? If not is there something i could do to protect myself?
  3. Im still having Malwarebytes pop-ups that website is blocked due to Trojan even tho im not doing anything on my pc
  4. What was the problem? Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018 Ran by Korisnik1 (30-09-2018 18:16:13) Run:1 Running from C:\Users\Korisnik1\Desktop\tes Loaded Profiles: Korisnik1 (Available Profiles: Korisnik1) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: EmptyTemp: CloseProcesses: Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk [2018-06-14] ShortcutTarget: I.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe () Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2018-06-14] ShortcutTarget: v.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe () HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaie SearchScopes: HKU\S-1-5-21-3457384497-306178297-758070085-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180128__yaie&p={searchTerms} S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File AlternateDataStreams: C:\Users\Korisnik1:Heroes & Generals [38] AlternateDataStreams: C:\ProgramData\.rdata:X [526] C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dl?????l? C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe Reboot: End ***************** Restore point was successfully created. Processes closed successfully. C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk => moved successfully C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe => moved successfully C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk => moved successfully C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe => moved successfully HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-3457384497-306178297-758070085-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => removed successfully HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found "HKLM\System\CurrentControlSet\Services\gupdate" => removed successfully gupdate => service removed successfully "HKLM\System\CurrentControlSet\Services\gupdatem" => removed successfully gupdatem => service removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found C:\Users\Korisnik1 => ":Heroes & Generals" ADS removed successfully C:\ProgramData\.rdata => ":X" ADS removed successfully "C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dl?????l?" => not found "C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk" => not found "C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe" => not found "C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk" => not found "C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe" => not found =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5498597 B Java, Flash, Steam htmlcache => 650499880 B Windows/system/drivers => 10796 B Edge => 0 B Chrome => 388220059 B Firefox => 6368452 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 66356 B LocalService => 0 B NetworkService => 2494 B Korisnik1 => 36395051 B RecycleBin => 0 B EmptyTemp: => 1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:17:51 ====
  5. Hey, sorry i was geting some error messages that said it was spam or something.. i sent you a private message with the info i guess you didnt see it.. here it goes Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018 Ran by Korisnik1 (administrator) on KORISNIK1-PC (28-09-2018 22:54:55) Running from C:\Users\Korisnik1\Desktop\tes Loaded Profiles: Korisnik1 (Available Profiles: Korisnik1) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Oracle Corporation) D:\oracle\app\oracle\product\11.2.0\server\bin\oracle.exe (Oracle Corporation) D:\oracle\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE () C:\Windows\SysWOW64\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [Viber] => C:\Users\Korisnik1\AppData\Local\Viber\Viber.exe [35790408 2018-09-17] (Viber Media S.Ã r.l.) HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd) HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\MountPoints2: F - F:\MTW2_Gold_setup.exe HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\MountPoints2: G - G:\setup.exe HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk [2018-06-14] ShortcutTarget: I.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe () Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2018-06-14] ShortcutTarget: v.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{51D6A19B-EB54-49E8-8760-38677EF6AE0E}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{A1790DF9-D320-4C10-B896-EB26748F573F}: [DhcpNameServer] 192.168.100.1 Internet Explorer: ================== HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaie HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-3457384497-306178297-758070085-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180128__yaie&p={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) FireFox: ======== FF DefaultProfile: 6r4tchdq.default FF ProfilePath: C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default [2018-09-28] FF user.js: detected! => C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default\user.js [2017-06-30] FF Homepage: Mozilla\Firefox\Profiles\6r4tchdq.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaff FF NewTab: Mozilla\Firefox\Profiles\6r4tchdq.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaff FF SearchPlugin: C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default\searchplugins\yahoo-lavasoft.xml [2018-01-28] FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Korisnik1\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3457384497-306178297-758070085-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Korisnik1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) Chrome: ======= CHR Profile: C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default [2018-09-28] CHR Extension: (Slides) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15] CHR Extension: (YouTube) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-15] CHR Extension: (Adblock Plus) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-28] CHR Extension: (Adobe Acrobat) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (Sheets) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Postman) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2018-09-01] CHR Extension: (Google Docs Offline) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (AdBlock) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-15] CHR Extension: (Chrome Media Router) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-05] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-09-18] () S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395536 2016-12-27] (EasyAntiCheat Ltd) U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-03-28] (Hi-Rez Studios) [File not signed] R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172784 2016-07-23] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-06-08] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] () S4 OracleJobSchedulerXE; d:\oracle\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed] S3 OracleMTSRecoveryService; D:\oracle\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed] R2 OracleServiceXE; d:\oracle\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; D:\oracle\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed] R2 OracleXETNSListener; D:\oracle\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2017-12-05] () R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252520 2016-05-25] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-19] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-14] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-28] (Motorola Solutions, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [355080 2016-07-31] (Intel Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-28] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-28] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-28] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-28] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-28] (Malwarebytes) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3425768 2014-11-17] (Intel Corporation) R1 nfstat; C:\Windows\System32\drivers\nfstat.sys [134760 2018-09-20] (Riverbed Technology, Inc.) R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [416472 2016-05-18] (Realsil Semiconductor Corporation) S3 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2017-06-06] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] U3 aswbdisk; no ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-28 22:54 - 2018-09-28 22:54 - 000000000 ____D C:\Users\Korisnik1\Desktop\tes 2018-09-28 22:54 - 2018-09-28 22:54 - 000000000 ____D C:\FRST 2018-09-28 15:38 - 2018-09-28 15:38 - 000000023 _____ C:\Users\Korisnik1\Desktop\tablete.txt 2018-09-28 14:37 - 2018-09-28 22:41 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-09-28 14:37 - 2018-09-28 14:37 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-09-28 14:37 - 2018-09-28 14:37 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-09-28 14:36 - 2018-09-28 14:36 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-09-28 14:26 - 2018-09-28 14:34 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\AVAST Software 2018-09-28 14:22 - 2018-09-28 14:22 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-09-28 14:22 - 2018-09-28 14:22 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-09-28 14:22 - 2018-09-28 14:22 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-09-28 14:22 - 2018-09-28 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-09-28 14:22 - 2018-09-28 14:22 - 000000000 ____D C:\Program Files\CCleaner 2018-09-28 14:20 - 2018-09-28 14:21 - 016796856 _____ (Piriform Ltd) C:\Users\Korisnik1\Downloads\ccsetup547.exe 2018-09-28 02:10 - 2018-09-28 02:10 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-09-28 02:10 - 2018-09-28 02:10 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-28 02:10 - 2018-09-28 02:10 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\mbamtray 2018-09-28 02:10 - 2018-09-28 02:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-28 02:10 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-09-27 00:21 - 2018-09-27 00:21 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Viber 2018-09-26 23:54 - 2018-09-26 23:54 - 000000000 ____D C:\Program Files (x86)\TigerTrade 2018-09-20 09:16 - 2018-09-20 09:16 - 000134760 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\nfstat.sys 2018-09-12 22:36 - 2018-09-12 22:36 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Oblivion 2018-09-12 22:34 - 2018-09-12 22:34 - 000001662 _____ C:\Users\Public\Desktop\The Elder Scrolls IV - Oblivion.lnk 2018-09-12 22:34 - 2018-09-12 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2018-09-12 01:06 - 2018-09-12 01:06 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e10.when.this.is.over.(2018).hrv.1cd.(7475850) 2018-09-12 01:03 - 2018-09-12 01:03 - 000039875 _____ C:\Users\Korisnik1\Downloads\power.s05.e10.when.this.is.over.(2018).hrv.1cd.(7475850).zip 2018-09-08 21:18 - 2018-09-08 21:18 - 000000000 ____D C:\Users\Korisnik1\Desktop\sajt 2018-09-08 20:23 - 2018-09-27 00:42 - 000000000 ____D C:\Users\Korisnik1\Documents\ViberDownloads 2018-09-08 02:39 - 2018-09-08 02:39 - 000059546 _____ C:\Users\Korisnik1\Downloads\deadpool.2.(2018).hrv.1cd.(7467082).zip 2018-09-08 02:39 - 2018-09-08 02:39 - 000000000 ____D C:\Users\Korisnik1\Downloads\deadpool.2.(2018).hrv.1cd.(7467082) 2018-09-07 03:03 - 2018-09-07 03:03 - 000033471 _____ C:\Users\Korisnik1\Downloads\power.s05.e09.theres.a.snitch.among.us.(2018).hrv.1cd.(7468767).zip 2018-09-07 03:03 - 2018-09-07 03:03 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e09.theres.a.snitch.among.us.(2018).hrv.1cd.(7468767) 2018-09-03 07:17 - 2018-09-03 07:17 - 000005361 _____ C:\Users\Korisnik1\Downloads\zavrsni.sql 2018-09-03 01:33 - 2018-09-03 01:33 - 000000000 ____D C:\Users\Korisnik1\Downloads\Projekat11F 2018-09-03 01:30 - 2018-09-03 01:31 - 048919564 _____ C:\Users\Korisnik1\Downloads\Projekat11F.rar 2018-09-02 18:12 - 2018-09-02 18:13 - 048533775 _____ C:\Users\Korisnik1\Downloads\Projekat11.rar 2018-09-01 02:50 - 2018-09-01 02:50 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2018-09-01 02:38 - 2018-09-01 02:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-08-30 13:51 - 2018-08-30 23:28 - 000000000 ____D C:\Users\Korisnik1\.android 2018-08-30 03:01 - 2018-08-30 03:01 - 000000000 ____D C:\Users\Korisnik1\Downloads\Projekat11 2018-08-29 01:11 - 2018-08-29 01:11 - 000030256 _____ C:\Users\Korisnik1\Downloads\power.s05.e08.a.friend.of.the.family.(2018).eng.1cd.(7462834).zip 2018-08-29 01:11 - 2018-08-29 01:11 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e08.a.friend.of.the.family.(2018).eng.1cd.(7462834) ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-28 14:43 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-28 14:43 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-28 14:41 - 2016-10-14 16:50 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\ClassicShell 2018-09-28 14:38 - 2017-04-06 15:03 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\ViberPC 2018-09-28 14:36 - 2016-10-14 18:18 - 000000000 __SHD C:\Users\Korisnik1\IntelGraphicsProfiles 2018-09-28 14:36 - 2016-10-14 18:15 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-09-28 14:36 - 2016-10-14 16:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-09-28 14:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-09-28 14:34 - 2016-10-14 16:39 - 000000000 ____D C:\ProgramData\AVAST Software 2018-09-28 14:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-09-28 14:28 - 2017-01-02 17:45 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\MPC-HC 2018-09-28 14:28 - 2016-11-27 20:05 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\TS3Client 2018-09-28 14:28 - 2016-10-14 16:32 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\TeamViewer 2018-09-28 14:25 - 2016-10-14 17:58 - 000000000 ____D C:\Windows\Panther 2018-09-27 14:43 - 2016-11-27 20:05 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client 2018-09-26 23:57 - 2018-01-28 19:25 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\uTorrent 2018-09-26 23:55 - 2016-10-14 16:33 - 000000000 ____D C:\Program Files (x86)\Google 2018-09-20 21:08 - 2016-10-18 07:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-09-20 21:06 - 2016-10-18 07:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-09-19 00:47 - 2017-02-10 03:51 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\vlc 2018-09-17 23:15 - 2016-10-14 18:32 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-17 23:15 - 2016-10-14 18:32 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-12 22:46 - 2016-10-14 12:58 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\VirtualStore 2018-09-12 22:40 - 2016-11-24 19:52 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2018-09-12 22:36 - 2016-11-11 20:31 - 000000000 ____D C:\Users\Korisnik1\Documents\My Games 2018-09-12 22:24 - 2017-04-03 21:19 - 000000000 ____D C:\GOG Games 2018-09-04 13:33 - 2009-07-14 07:13 - 000784474 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-03 17:25 - 2018-01-28 00:56 - 000000000 ____D C:\Users\Korisnik1\Documents\Paradox Interactive 2018-09-01 19:06 - 2018-08-28 18:21 - 000000414 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job 2018-09-01 13:47 - 2018-06-28 16:08 - 000000000 ____D C:\Users\Korisnik1\Desktop\Com's 2018-09-01 02:37 - 2017-03-16 21:21 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-09-01 02:37 - 2016-10-14 16:34 - 000000000 ____D C:\ProgramData\Skype 2018-09-01 02:34 - 2016-10-14 18:03 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Skype 2018-08-30 13:51 - 2016-10-14 12:58 - 000000000 ____D C:\Users\Korisnik1 2018-08-30 13:47 - 2017-10-05 18:58 - 000000000 ____D C:\Program Files\Android 2018-08-30 01:01 - 2016-11-21 20:04 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Eclipse 2018-08-30 01:01 - 2016-11-21 19:51 - 000000000 ____D C:\Users\Korisnik1\.p2 ==================== Files in the root of some directories ======= 2018-06-14 14:19 - 2018-06-14 14:19 - 078921826 __RSH () C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe 2018-06-14 14:19 - 2018-06-14 14:19 - 078963298 __RSH () C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe 2018-07-29 22:04 - 2018-07-29 22:04 - 000000017 _____ () C:\Users\Korisnik1\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== 2018-09-28 14:36 - 2016-04-19 00:34 - 000805376 _____ (Microsoft Corporation) C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-09-26 17:30 ==================== End of FRST.txt =========================== Addition.txt
  6. Hey guys, im geting a message every few seconds saying "Website blocked due to Trojan , IP adress is not mine, port 55140 and type Outbound (sometimes it says c/windows/explorer.exe)". I downloaded some files that were trojans couple days ago and I cleared them all with Malwarebytes but im still geting these messages even though when i run a scan check now it says my PC is clean. Is this an program error or my PC is still corrupt?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.