Njoma1
Members-
Posts
7 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Alright thanks for the help.. best of luck
-
Its fine when i turn it off, the notifications (no more popping up) .. Im currently on a trial using premium service.. will i still get the protection of this "trojan attack" on a free version?? If not is there something i could do to protect myself?
-
Im still having Malwarebytes pop-ups that website is blocked due to Trojan even tho im not doing anything on my pc
-
What was the problem? Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018 Ran by Korisnik1 (30-09-2018 18:16:13) Run:1 Running from C:\Users\Korisnik1\Desktop\tes Loaded Profiles: Korisnik1 (Available Profiles: Korisnik1) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: EmptyTemp: CloseProcesses: Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk [2018-06-14] ShortcutTarget: I.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe () Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2018-06-14] ShortcutTarget: v.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe () HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaie SearchScopes: HKU\S-1-5-21-3457384497-306178297-758070085-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180128__yaie&p={searchTerms} S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File AlternateDataStreams: C:\Users\Korisnik1:Heroes & Generals [38] AlternateDataStreams: C:\ProgramData\.rdata:X [526] C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dl?????l? C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe Reboot: End ***************** Restore point was successfully created. Processes closed successfully. C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk => moved successfully C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe => moved successfully C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk => moved successfully C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe => moved successfully HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-3457384497-306178297-758070085-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => removed successfully HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found "HKLM\System\CurrentControlSet\Services\gupdate" => removed successfully gupdate => service removed successfully "HKLM\System\CurrentControlSet\Services\gupdatem" => removed successfully gupdatem => service removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found C:\Users\Korisnik1 => ":Heroes & Generals" ADS removed successfully C:\ProgramData\.rdata => ":X" ADS removed successfully "C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dl?????l?" => not found "C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk" => not found "C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe" => not found "C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk" => not found "C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe" => not found =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5498597 B Java, Flash, Steam htmlcache => 650499880 B Windows/system/drivers => 10796 B Edge => 0 B Chrome => 388220059 B Firefox => 6368452 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 66356 B LocalService => 0 B NetworkService => 2494 B Korisnik1 => 36395051 B RecycleBin => 0 B EmptyTemp: => 1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:17:51 ====
-
Hey, sorry i was geting some error messages that said it was spam or something.. i sent you a private message with the info i guess you didnt see it.. here it goes Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018 Ran by Korisnik1 (administrator) on KORISNIK1-PC (28-09-2018 22:54:55) Running from C:\Users\Korisnik1\Desktop\tes Loaded Profiles: Korisnik1 (Available Profiles: Korisnik1) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Oracle Corporation) D:\oracle\app\oracle\product\11.2.0\server\bin\oracle.exe (Oracle Corporation) D:\oracle\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE () C:\Windows\SysWOW64\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [Viber] => C:\Users\Korisnik1\AppData\Local\Viber\Viber.exe [35790408 2018-09-17] (Viber Media S.Ã r.l.) HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd) HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\MountPoints2: F - F:\MTW2_Gold_setup.exe HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\MountPoints2: G - G:\setup.exe HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk [2018-06-14] ShortcutTarget: I.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe () Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2018-06-14] ShortcutTarget: v.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{51D6A19B-EB54-49E8-8760-38677EF6AE0E}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{A1790DF9-D320-4C10-B896-EB26748F573F}: [DhcpNameServer] 192.168.100.1 Internet Explorer: ================== HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaie HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-3457384497-306178297-758070085-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180128__yaie&p={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) FireFox: ======== FF DefaultProfile: 6r4tchdq.default FF ProfilePath: C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default [2018-09-28] FF user.js: detected! => C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default\user.js [2017-06-30] FF Homepage: Mozilla\Firefox\Profiles\6r4tchdq.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaff FF NewTab: Mozilla\Firefox\Profiles\6r4tchdq.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaff FF SearchPlugin: C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default\searchplugins\yahoo-lavasoft.xml [2018-01-28] FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Korisnik1\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3457384497-306178297-758070085-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Korisnik1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) Chrome: ======= CHR Profile: C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default [2018-09-28] CHR Extension: (Slides) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15] CHR Extension: (YouTube) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-15] CHR Extension: (Adblock Plus) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-28] CHR Extension: (Adobe Acrobat) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (Sheets) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Postman) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2018-09-01] CHR Extension: (Google Docs Offline) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (AdBlock) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-15] CHR Extension: (Chrome Media Router) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-05] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-09-18] () S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395536 2016-12-27] (EasyAntiCheat Ltd) U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-03-28] (Hi-Rez Studios) [File not signed] R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172784 2016-07-23] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-06-08] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] () S4 OracleJobSchedulerXE; d:\oracle\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed] S3 OracleMTSRecoveryService; D:\oracle\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed] R2 OracleServiceXE; d:\oracle\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; D:\oracle\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed] R2 OracleXETNSListener; D:\oracle\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2017-12-05] () R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252520 2016-05-25] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-19] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-14] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-28] (Motorola Solutions, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [355080 2016-07-31] (Intel Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-28] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-28] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-28] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-28] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-28] (Malwarebytes) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3425768 2014-11-17] (Intel Corporation) R1 nfstat; C:\Windows\System32\drivers\nfstat.sys [134760 2018-09-20] (Riverbed Technology, Inc.) R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [416472 2016-05-18] (Realsil Semiconductor Corporation) S3 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2017-06-06] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] U3 aswbdisk; no ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-28 22:54 - 2018-09-28 22:54 - 000000000 ____D C:\Users\Korisnik1\Desktop\tes 2018-09-28 22:54 - 2018-09-28 22:54 - 000000000 ____D C:\FRST 2018-09-28 15:38 - 2018-09-28 15:38 - 000000023 _____ C:\Users\Korisnik1\Desktop\tablete.txt 2018-09-28 14:37 - 2018-09-28 22:41 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-09-28 14:37 - 2018-09-28 14:37 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-09-28 14:37 - 2018-09-28 14:37 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-09-28 14:36 - 2018-09-28 14:36 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-09-28 14:26 - 2018-09-28 14:34 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\AVAST Software 2018-09-28 14:22 - 2018-09-28 14:22 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-09-28 14:22 - 2018-09-28 14:22 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-09-28 14:22 - 2018-09-28 14:22 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-09-28 14:22 - 2018-09-28 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-09-28 14:22 - 2018-09-28 14:22 - 000000000 ____D C:\Program Files\CCleaner 2018-09-28 14:20 - 2018-09-28 14:21 - 016796856 _____ (Piriform Ltd) C:\Users\Korisnik1\Downloads\ccsetup547.exe 2018-09-28 02:10 - 2018-09-28 02:10 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-09-28 02:10 - 2018-09-28 02:10 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-28 02:10 - 2018-09-28 02:10 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\mbamtray 2018-09-28 02:10 - 2018-09-28 02:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-28 02:10 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-09-27 00:21 - 2018-09-27 00:21 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Viber 2018-09-26 23:54 - 2018-09-26 23:54 - 000000000 ____D C:\Program Files (x86)\TigerTrade 2018-09-20 09:16 - 2018-09-20 09:16 - 000134760 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\nfstat.sys 2018-09-12 22:36 - 2018-09-12 22:36 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Oblivion 2018-09-12 22:34 - 2018-09-12 22:34 - 000001662 _____ C:\Users\Public\Desktop\The Elder Scrolls IV - Oblivion.lnk 2018-09-12 22:34 - 2018-09-12 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2018-09-12 01:06 - 2018-09-12 01:06 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e10.when.this.is.over.(2018).hrv.1cd.(7475850) 2018-09-12 01:03 - 2018-09-12 01:03 - 000039875 _____ C:\Users\Korisnik1\Downloads\power.s05.e10.when.this.is.over.(2018).hrv.1cd.(7475850).zip 2018-09-08 21:18 - 2018-09-08 21:18 - 000000000 ____D C:\Users\Korisnik1\Desktop\sajt 2018-09-08 20:23 - 2018-09-27 00:42 - 000000000 ____D C:\Users\Korisnik1\Documents\ViberDownloads 2018-09-08 02:39 - 2018-09-08 02:39 - 000059546 _____ C:\Users\Korisnik1\Downloads\deadpool.2.(2018).hrv.1cd.(7467082).zip 2018-09-08 02:39 - 2018-09-08 02:39 - 000000000 ____D C:\Users\Korisnik1\Downloads\deadpool.2.(2018).hrv.1cd.(7467082) 2018-09-07 03:03 - 2018-09-07 03:03 - 000033471 _____ C:\Users\Korisnik1\Downloads\power.s05.e09.theres.a.snitch.among.us.(2018).hrv.1cd.(7468767).zip 2018-09-07 03:03 - 2018-09-07 03:03 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e09.theres.a.snitch.among.us.(2018).hrv.1cd.(7468767) 2018-09-03 07:17 - 2018-09-03 07:17 - 000005361 _____ C:\Users\Korisnik1\Downloads\zavrsni.sql 2018-09-03 01:33 - 2018-09-03 01:33 - 000000000 ____D C:\Users\Korisnik1\Downloads\Projekat11F 2018-09-03 01:30 - 2018-09-03 01:31 - 048919564 _____ C:\Users\Korisnik1\Downloads\Projekat11F.rar 2018-09-02 18:12 - 2018-09-02 18:13 - 048533775 _____ C:\Users\Korisnik1\Downloads\Projekat11.rar 2018-09-01 02:50 - 2018-09-01 02:50 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2018-09-01 02:38 - 2018-09-01 02:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-08-30 13:51 - 2018-08-30 23:28 - 000000000 ____D C:\Users\Korisnik1\.android 2018-08-30 03:01 - 2018-08-30 03:01 - 000000000 ____D C:\Users\Korisnik1\Downloads\Projekat11 2018-08-29 01:11 - 2018-08-29 01:11 - 000030256 _____ C:\Users\Korisnik1\Downloads\power.s05.e08.a.friend.of.the.family.(2018).eng.1cd.(7462834).zip 2018-08-29 01:11 - 2018-08-29 01:11 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e08.a.friend.of.the.family.(2018).eng.1cd.(7462834) ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-28 14:43 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-28 14:43 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-28 14:41 - 2016-10-14 16:50 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\ClassicShell 2018-09-28 14:38 - 2017-04-06 15:03 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\ViberPC 2018-09-28 14:36 - 2016-10-14 18:18 - 000000000 __SHD C:\Users\Korisnik1\IntelGraphicsProfiles 2018-09-28 14:36 - 2016-10-14 18:15 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-09-28 14:36 - 2016-10-14 16:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-09-28 14:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-09-28 14:34 - 2016-10-14 16:39 - 000000000 ____D C:\ProgramData\AVAST Software 2018-09-28 14:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-09-28 14:28 - 2017-01-02 17:45 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\MPC-HC 2018-09-28 14:28 - 2016-11-27 20:05 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\TS3Client 2018-09-28 14:28 - 2016-10-14 16:32 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\TeamViewer 2018-09-28 14:25 - 2016-10-14 17:58 - 000000000 ____D C:\Windows\Panther 2018-09-27 14:43 - 2016-11-27 20:05 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client 2018-09-26 23:57 - 2018-01-28 19:25 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\uTorrent 2018-09-26 23:55 - 2016-10-14 16:33 - 000000000 ____D C:\Program Files (x86)\Google 2018-09-20 21:08 - 2016-10-18 07:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-09-20 21:06 - 2016-10-18 07:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-09-19 00:47 - 2017-02-10 03:51 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\vlc 2018-09-17 23:15 - 2016-10-14 18:32 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-17 23:15 - 2016-10-14 18:32 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-12 22:46 - 2016-10-14 12:58 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\VirtualStore 2018-09-12 22:40 - 2016-11-24 19:52 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2018-09-12 22:36 - 2016-11-11 20:31 - 000000000 ____D C:\Users\Korisnik1\Documents\My Games 2018-09-12 22:24 - 2017-04-03 21:19 - 000000000 ____D C:\GOG Games 2018-09-04 13:33 - 2009-07-14 07:13 - 000784474 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-03 17:25 - 2018-01-28 00:56 - 000000000 ____D C:\Users\Korisnik1\Documents\Paradox Interactive 2018-09-01 19:06 - 2018-08-28 18:21 - 000000414 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job 2018-09-01 13:47 - 2018-06-28 16:08 - 000000000 ____D C:\Users\Korisnik1\Desktop\Com's 2018-09-01 02:37 - 2017-03-16 21:21 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-09-01 02:37 - 2016-10-14 16:34 - 000000000 ____D C:\ProgramData\Skype 2018-09-01 02:34 - 2016-10-14 18:03 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Skype 2018-08-30 13:51 - 2016-10-14 12:58 - 000000000 ____D C:\Users\Korisnik1 2018-08-30 13:47 - 2017-10-05 18:58 - 000000000 ____D C:\Program Files\Android 2018-08-30 01:01 - 2016-11-21 20:04 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Eclipse 2018-08-30 01:01 - 2016-11-21 19:51 - 000000000 ____D C:\Users\Korisnik1\.p2 ==================== Files in the root of some directories ======= 2018-06-14 14:19 - 2018-06-14 14:19 - 078921826 __RSH () C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe 2018-06-14 14:19 - 2018-06-14 14:19 - 078963298 __RSH () C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe 2018-07-29 22:04 - 2018-07-29 22:04 - 000000017 _____ () C:\Users\Korisnik1\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== 2018-09-28 14:36 - 2016-04-19 00:34 - 000805376 _____ (Microsoft Corporation) C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-09-26 17:30 ==================== End of FRST.txt =========================== Addition.txt
-
Test teste.
-
Hey guys, im geting a message every few seconds saying "Website blocked due to Trojan , IP adress is not mine, port 55140 and type Outbound (sometimes it says c/windows/explorer.exe)". I downloaded some files that were trojans couple days ago and I cleared them all with Malwarebytes but im still geting these messages even though when i run a scan check now it says my PC is clean. Is this an program error or my PC is still corrupt?