Usporen racunar

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Da li bi mogla pomoc oko ciscenja racunara!



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-08-2017
Ran by pc (administrator) on PC-PC (14-08-2017 22:16:11)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(BitTorrent Inc.) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-08-13] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-14] (Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3097420717-3562012300-2149686657-1000\...\Run: [Google Update] => C:\Users\pc\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-02] (Google Inc.)
HKU\S-1-5-21-3097420717-3562012300-2149686657-1000\...\Run: [uTorrent] => C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-23] (BitTorrent Inc.)
HKU\S-1-5-21-3097420717-3562012300-2149686657-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8CE8FC9C-F3B1-4F35-8CD6-67C497FF49EE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BD595615-A9FA-4957-A4E6-71B449650548}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3097420717-3562012300-2149686657-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2016-09-01] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-13] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2016-09-01] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-07-27] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-14] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3097420717-3562012300-2149686657-1000: @tools.google.com/Google Update;version=3 -> C:\Users\pc\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3097420717-3562012300-2149686657-1000: @tools.google.com/Google Update;version=9 -> C:\Users\pc\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2017-08-14]
CHR Extension: (Google презентације) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-01]
CHR Extension: (Google документи) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-01]
CHR Extension: (Google диск) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-01]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-01]
CHR Extension: (Google табеле) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-01]
CHR Extension: (Google документи офлајн) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-01]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-14]
StartMenuInternet: Google Chrome.626SMPLB6YW7EDO4C27KRA5JBY - C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-08-13] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-08-13] (AVAST Software)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267008 2017-08-13] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-08-13] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-08-13] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-08-13] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [70008 2017-03-20] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-08-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-08-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123928 2017-08-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99536 2017-08-13] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-08-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774320 2017-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-08-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [147688 2017-08-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-08-13] (AVAST Software)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-14 22:16 - 2017-08-14 22:16 - 000011589 _____ C:\Users\pc\Desktop\FRST.txt
2017-08-14 22:15 - 2017-08-14 22:16 - 000000000 ____D C:\FRST
2017-08-14 22:15 - 2017-08-14 22:15 - 001792000 _____ (Farbar) C:\Users\pc\Downloads\FRST.exe
2017-08-14 22:15 - 2017-08-14 22:15 - 001792000 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2017-08-14 20:23 - 2017-08-14 20:23 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-13 15:51 - 2017-08-13 15:51 - 000000152 _____ C:\Users\pc\AppData\Roaming\burnaware.ini
2017-08-13 14:47 - 2017-08-13 14:47 - 000303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-08-13 14:45 - 2017-08-13 15:17 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-13 14:45 - 2017-08-13 14:57 - 000085400 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-13 14:45 - 2017-08-13 14:56 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-13 14:45 - 2017-08-13 14:45 - 000162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-13 14:44 - 2017-08-13 14:56 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-13 14:44 - 2017-08-13 14:44 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-13 14:44 - 2017-08-13 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-13 14:44 - 2017-08-13 14:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-13 14:44 - 2017-08-13 14:44 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-13 14:44 - 2017-06-27 12:06 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-08-13 14:41 - 2017-08-13 14:43 - 065033984 _____ (Malwarebytes ) C:\Users\pc\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-23 20:31 - 2017-07-23 20:31 - 000000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-14 22:16 - 2016-09-04 18:36 - 000000000 ____D C:\Users\pc\AppData\Roaming\uTorrent
2017-08-14 22:11 - 2016-09-01 18:47 - 000000000 ____D C:\Users\pc\AppData\Roaming\Skype
2017-08-14 20:23 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-14 20:23 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-14 20:08 - 2017-06-26 12:01 - 000000000 ____D C:\Users\pc\AppData\LocalLow\uTorrent
2017-08-14 20:08 - 2016-09-01 18:34 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2017-08-14 20:08 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-14 19:54 - 2016-09-01 18:19 - 000002325 _____ C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-14 19:54 - 2016-09-01 18:19 - 000002317 _____ C:\Users\pc\Desktop\Google Chrome.lnk
2017-08-14 19:50 - 2016-10-08 18:52 - 000000000 ____D C:\Users\pc\AppData\Local\Adobe
2017-08-13 15:12 - 2016-09-01 18:47 - 000000000 ____D C:\ProgramData\Skype
2017-08-13 15:10 - 2016-09-01 18:16 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-13 14:52 - 2016-09-01 18:53 - 000774320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-08-13 14:52 - 2016-09-01 18:53 - 000123928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-08-13 14:47 - 2016-09-01 18:53 - 000496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-08-13 14:47 - 2016-09-01 18:53 - 000296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-08-13 14:47 - 2016-09-01 18:53 - 000147688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-08-13 14:47 - 2016-09-01 18:53 - 000099536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-08-13 14:47 - 2016-09-01 18:53 - 000070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-08-13 14:47 - 2016-09-01 18:53 - 000042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-08-13 14:47 - 2016-09-01 18:48 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-13 14:46 - 2017-03-19 00:28 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-08-13 14:46 - 2017-03-19 00:28 - 000267008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-08-13 14:46 - 2017-03-19 00:28 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-08-13 14:46 - 2017-03-19 00:28 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-08-13 14:46 - 2016-09-01 18:58 - 000039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

==================== Files in the root of some directories =======

2017-08-13 15:51 - 2017-08-13 15:51 - 000000152 _____ () C:\Users\pc\AppData\Roaming\burnaware.ini

Some files in TEMP:
====================
2013-01-29 00:20 - 2013-01-29 00:20 - 000248008 _____ (Ask.com) C:\Users\pc\AppData\Local\Temp\AskSLib.dll
2016-10-19 00:28 - 2016-10-19 00:28 - 000737856 _____ (Oracle Corporation) C:\Users\pc\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-08-13 14:43 - 2017-08-13 14:43 - 000740416 _____ (Oracle Corporation) C:\Users\pc\AppData\Local\Temp\jre-8u144-windows-au.exe
2016-10-27 21:12 - 2016-10-27 21:27 - 050563233 _____ (Popcorn Time ) C:\Users\pc\AppData\Local\Temp\setup_45D2.exe
2017-07-23 20:23 - 2017-07-23 20:24 - 058740704 _____ (Skype Technologies S.A.) C:\Users\pc\AppData\Local\Temp\SkypeSetup.exe
2017-03-19 00:50 - 2017-03-19 00:50 - 014456872 _____ (Microsoft Corporation) C:\Users\pc\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-13 15:49

==================== End of FRST.txt ============================




mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,

zamolio bih te da ukloniš Popcorn Time s računara.



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Google документи офлајн) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-01]
CustomCLSID: HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
FirewallRules: [{4C0720D7-83C2-42D9-B6F9-22711912E696}] => (Allow) C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{E22CDC8F-88D4-46C5-A99E-CBCD287AD531}] => (Allow) C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odradio kako ste rekli.
Evo sadrzaja log fajla:
Citat:
Fix result of Farbar Recovery Scan Tool (x86) Version: 12-08-2017
Ran by pc (15-08-2017 15:50:50) Run:1
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Google документи офлајн) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-01]
CustomCLSID: HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
FirewallRules: [{4C0720D7-83C2-42D9-B6F9-22711912E696}] => (Allow) C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{E22CDC8F-88D4-46C5-A99E-CBCD287AD531}] => (Allow) C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12] => Error: No automatic fix found for this entry.
CHR Extension: (Google документи офлајн) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-01] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully.
HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully.
HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully.
HKU\S-1-5-21-3097420717-3562012300-2149686657-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C0720D7-83C2-42D9-B6F9-22711912E696} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E22CDC8F-88D4-46C5-A99E-CBCD287AD531} => value not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21859763 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 246967984 B
Edge => 0 B
Chrome => 263086496 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
LocalService => 0 B
NetworkService => 0 B
pc => 1034867824 B

RecycleBin => 50301644 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:52:31 ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori Chrome, u adresnu traku gore napiši: chrome://extensions/ i pritisni Enter.
Kad se pojave ekstenzije na popisu nađi:

Плаћања у Chrome веб-продавници
Google документи офлајн


Klikni na ikonu kante za smeće kraj svake i potvrdi uklanjanje.

Nakon toga ugasi Chrome i isprati sledeća uputstva:


Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.


Zatim:


Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.

Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Uradjeno
mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odradio.
Hvala na pomoci.