Za svaki slucaj,molim proveru?

Za svaki slucaj,molim proveru?

offline
  • Zeljko
  • Pridružio: 27 Okt 2017
  • Poruke: 22

Skidao sam neke programe sa neta da bih komsiji skinuo muziku,pri tom mi se sto sta dodatno instaliralo na kompu,a da nisam ni znao dok nisam ugasio prozor mozile.Windows defender se sam od sebe ugasio,ja ga upalim on se opet sam ugasi,kompjuter je sporo radio

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
Ran by ALEXA (administrator) on ALEX (HP-Pavilion KQ485AA-UUZ a6410.ch) (19-01-2020 21:22:42)
Running from C:\Users\ALEXA\Desktop
Loaded Profiles: ALEXA (Available Profiles: ALEXA)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-20] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-3150172443-768184680-3727231964-1001\...\Run: [Chromium] => "c:\users\alexa\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-07] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05159E82-B35C-4C94-AF01-1EE572817214} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {28F48620-6CA8-4627-8A88-B884BEC083FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {70E65B82-8E28-4EAE-AE73-D942263C9B22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-14] (Google Inc -> Google Inc.)
Task: {7B3AE5E7-3455-42D4-ACC3-37E5516196C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E9C7B90-9EE5-4113-B891-F8983CFF53A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-14] (Google Inc -> Google Inc.)
Task: {8102DF19-3A92-407C-AF97-D2D9D06C7230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd -> Piriform Ltd)
Task: {B6CCCAEA-741E-41C6-B7E5-BC34B41FF918} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-15] (Adobe Inc. -> Adobe)
Task: {BA3C739E-5AE3-4FA4-AE56-CC92A92385B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {C90A2C63-BA01-41D9-81BF-C8C3585411A7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2020-01-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {EF29B506-874B-40EF-9181-D2DDFE152688} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F0D592D9-D2CD-4662-87C3-B60C3E13DCA4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_314_Plugin.exe [1457720 2020-01-15] (Adobe Inc. -> Adobe)
Task: {F2F5834B-F569-4A3C-B264-61CEF346724F} - System32\Tasks\Product Updater => C:\Program Files (x86)\Free Sound Recorder\FFProductUpdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3AAF9CAA-C431-4BD8-A46F-924B5D1D164F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5C963D74-209D-4D11-9C7A-0EC42FBE0930}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3150172443-768184680-3727231964-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

FireFox:
========
FF DefaultProfile: ins15w47.default-1576102854777
FF ProfilePath: C:\Users\ALEXA\AppData\Roaming\Mozilla\Firefox\Profiles\ins15w47.default-1576102854777 [2020-01-19]
FF NetworkProxy: Mozilla\Firefox\Profiles\ins15w47.default-1576102854777 -> type", 4
FF Extension: (Avast Online Security) - C:\Users\ALEXA\AppData\Roaming\Mozilla\Firefox\Profiles\ins15w47.default-1576102854777\Extensions\wrc@avast.com.xpi [2020-01-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_314.dll [2020-01-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_314.dll [2020-01-15] (Adobe Inc. -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

Chrome:
=======
CHR NewTab: Default -> Not-active:"chrome-extension://jkbnhlhcdndaamafgbelomapajcnjpde/stubby.html"
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Profile: C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default [2020-01-19]
CHR DownloadDir: C:\Users\ALEXA\Desktop
CHR Extension: (Презентације) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Документи) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google диск) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-14]
CHR Extension: (YouTube) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-14]
CHR Extension: (Табеле) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google документи офлајн) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15]
CHR Extension: (MyFunCards) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde [2019-12-18]
CHR Extension: (Save to Facebook) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-06-26]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Gmail) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-17]
CHR Profile: C:\Users\ALEXA\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-12]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 KMWDFILTER; C:\Windows\System32\drivers\KMWDFILTER.sys [30208 2009-04-29] (MLK Technologies Limited -> Windows (R) Codename Longhorn DDK provider)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2408208 2013-06-18] (Mediatek Inc. -> Ralink Technology Corp.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-19 21:22 - 2020-01-19 21:24 - 000012643 _____ C:\Users\ALEXA\Desktop\FRST.txt
2020-01-19 21:20 - 2020-01-19 21:20 - 002572800 _____ (Farbar) C:\Users\ALEXA\Desktop\FRST64.exe
2020-01-19 21:16 - 2020-01-19 21:16 - 000337808 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-19 16:16 - 2020-01-19 16:16 - 000001052 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-01-19 16:16 - 2020-01-19 16:16 - 000001052 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
2020-01-19 16:16 - 2020-01-19 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-01-19 16:16 - 2020-01-19 16:16 - 000000000 ____D C:\Program Files\VS Revo Group
2020-01-18 13:37 - 2020-01-18 13:37 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-01-18 13:35 - 2020-01-18 13:35 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-01-18 13:33 - 2020-01-19 15:38 - 000000000 ____D C:\ProgramData\AVAST Software
2020-01-15 18:20 - 2020-01-03 08:39 - 001541144 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-01-15 18:20 - 2020-01-03 08:39 - 000642488 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-01-15 18:20 - 2020-01-03 07:55 - 000493944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-01-15 18:20 - 2020-01-03 05:02 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2020-01-15 18:20 - 2020-01-03 04:52 - 001377280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-01-15 18:20 - 2019-12-17 03:39 - 025754624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-01-15 18:20 - 2019-12-17 02:04 - 000580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-01-15 18:20 - 2019-12-17 01:53 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-01-15 18:20 - 2019-12-17 01:52 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-01-15 18:20 - 2019-12-17 01:52 - 000797184 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-01-15 18:20 - 2019-12-17 01:37 - 000496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-01-15 18:20 - 2019-12-17 01:27 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-01-15 18:20 - 2019-12-17 01:24 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-01-15 18:20 - 2019-12-17 01:16 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-01-15 18:20 - 2019-12-17 01:14 - 015445504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-01-15 18:20 - 2019-12-17 01:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-01-15 18:20 - 2019-12-17 01:04 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-01-15 18:20 - 2019-12-17 01:03 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-01-15 18:20 - 2019-12-17 01:01 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-01-15 18:20 - 2019-12-17 00:56 - 013838336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-01-15 18:20 - 2019-12-17 00:52 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-01-15 18:20 - 2019-12-17 00:43 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-01-15 18:20 - 2019-12-17 00:41 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-01-15 18:20 - 2019-12-17 00:39 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-01-15 18:20 - 2019-12-17 00:38 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-01-15 18:20 - 2019-12-13 22:32 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-01-15 18:20 - 2019-12-13 19:35 - 001317376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2020-01-15 18:20 - 2019-12-13 19:28 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2020-01-15 18:20 - 2019-12-13 18:49 - 001103360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2020-01-15 18:20 - 2019-12-13 18:45 - 000215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2020-01-15 18:20 - 2019-12-12 08:10 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-01-15 18:20 - 2019-12-12 07:49 - 001492992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-01-15 18:20 - 2019-12-09 21:46 - 000376568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-01-15 18:20 - 2019-12-07 19:00 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-01-15 18:20 - 2019-12-07 02:09 - 000427824 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-01-15 18:20 - 2019-12-07 00:39 - 000367936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-01-15 18:20 - 2019-12-06 22:19 - 006218240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-01-15 18:20 - 2019-12-06 22:15 - 007037440 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-01-15 18:20 - 2019-12-05 15:55 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-01-15 18:20 - 2019-12-05 15:55 - 000671232 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-01-15 18:20 - 2019-12-05 15:55 - 000322560 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-01-15 18:20 - 2019-12-05 15:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll
2020-01-15 18:20 - 2019-12-05 15:55 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll
2020-01-15 18:20 - 2019-12-05 15:55 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-01-15 18:20 - 2019-12-05 15:53 - 000580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-01-15 18:20 - 2019-12-05 15:53 - 000236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2020-01-15 18:20 - 2019-12-05 15:53 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2020-01-15 18:20 - 2019-12-01 08:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2020-01-15 18:20 - 2019-12-01 08:08 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2020-01-15 18:20 - 2019-12-01 08:07 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2020-01-15 18:20 - 2019-12-01 07:59 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2020-01-15 18:20 - 2019-12-01 07:46 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2020-01-15 18:20 - 2019-12-01 07:40 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2020-01-15 18:20 - 2019-12-01 07:40 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2020-01-15 18:20 - 2019-12-01 07:37 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2020-01-15 18:20 - 2019-12-01 07:35 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2020-01-15 18:20 - 2019-12-01 07:32 - 000750080 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-01-15 18:20 - 2019-12-01 07:21 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-01-15 18:20 - 2019-12-01 07:19 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2020-01-15 18:20 - 2019-12-01 07:15 - 000504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-01-15 18:20 - 2019-12-01 07:08 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2020-01-15 18:20 - 2019-12-01 07:08 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-19 21:23 - 2019-06-11 22:22 - 000000000 ____D C:\FRST
2020-01-19 21:21 - 2016-11-26 22:03 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3150172443-768184680-3727231964-1001
2020-01-19 21:17 - 2016-12-14 03:40 - 000000000 ____D C:\Users\ALEXA\AppData\LocalLow\Mozilla
2020-01-19 21:16 - 2016-12-14 03:41 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-19 21:16 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-19 21:15 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2020-01-19 21:15 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-01-19 20:16 - 2016-12-14 03:23 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{C5FCD416-1F18-4505-A726-3093C6CE8831}
2020-01-19 16:19 - 2018-01-28 13:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-01-17 23:28 - 2019-12-11 23:28 - 000000270 _____ C:\Users\ALEXA\Desktop\New Text Document.txt
2020-01-15 18:43 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp
2020-01-15 18:29 - 2016-12-15 04:46 - 000000000 ____D C:\Windows\system32\MRT
2020-01-15 18:25 - 2016-12-15 04:45 - 120202352 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-01-15 18:12 - 2018-03-14 07:44 - 000004454 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-01-15 18:12 - 2017-01-25 19:32 - 000004288 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-01-15 18:12 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-01-15 18:12 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-01-09 22:52 - 2016-11-26 21:56 - 000000000 ___HD C:\Users\ALEXA
2020-01-09 22:50 - 2019-03-08 22:39 - 000000000 ____D C:\Windows\Minidump
2020-01-09 22:29 - 2016-12-14 03:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-08 18:37 - 2019-10-12 18:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-01-08 18:37 - 2016-12-14 03:40 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-07 22:32 - 2016-12-14 04:17 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-07 22:32 - 2016-12-14 04:17 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-07 22:32 - 2016-12-14 04:17 - 000002205 _____ C:\ProgramData\Desktop\Google Chrome.lnk

==================== Files in the root of some directories ========

2017-11-19 14:04 - 2017-11-19 14:04 - 000000017 _____ () C:\Users\ALEXA\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-01-18 00:03
==================== End of FRST.txt ========================
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6072

Pozdrav, Smile

zeljk87 ::Skidao sam neke programe sa neta da bih komsiji skinuo muziku,pri tom mi se sto sta dodatno instaliralo na kompu,a da nisam ni znao dok nisam ugasio prozor mozile.Windows defender se sam od sebe ugasio,ja ga upalim on se opet sam ugasi,kompjuter je sporo radio
Koliko te razumem, ti sada nemas problema. Jer u izvestajima ne vidim aktivan malware, no ima par ostataka koje bi mogli 'srediti'.






1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
File: c:\users\alexa\appdata\local\chromium\application\chrome.exe

CloseProcesses:
HKU\S-1-5-21-3150172443-768184680-3727231964-1001\...\Run: [Chromium] => "c:\users\alexa\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
CHR NewTab: Default -> Not-active:"chrome-extension://jkbnhlhcdndaamafgbelomapajcnjpde/stubby.html"

EmptyTemp:
C:\program files (x86)\relevantknowledge


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.


----------------------------------------------------------------------------------------
Potom resetuj Google Chrome na njegova podrazumevana (default) podesavanja:
Otvori Settings na Google Chrome > Advanced > Restore settings to their original defaults
https://support.google.com/chrome/answer/3296214?hl=en




----------------------------------------------------------------------------------------
Zatim kao dodatnu proveru mozes da instaliras Malwarebytes AntiMalware softver.
Malwarebytes ce sigurno naci neke unose ali to su samo neaktivni unosi, ostatci recimo tako, pa da te to ne alarmira, prosto danasnji softver se na taj nacin danas reklamira.





Malwarebytes; https://www.malwarebytes.com/
=> kako instalirati Malwarebytes : https://www.malwarebytes.com/mwb-download/thankyou/

Instaliraj program, klik na Scanner da bi izvrsio skeniranje sistema. Ako MBAM detektuje neke unose, dozvoli mu uklanjanje.

Snimi logfile i postavi mi MBAM logfile na uvid:

* Kada se skeiranje zavrsi klik na View report. Na Advanced tabu klik na Export dugme a potom izaberi Text file (*.txt)

* Kada se "Save File" dijalog otvori, izaberi Desktop. Pod File name: upisi mbam za naziv izvestaja.
Pojavice se Your file has been successfully exported poruka, klik OK i zatvori prozore.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju .





----------------------------------------------------------------------------------------

Arrow Kakvo je sada stanje?

offline
  • Zeljko
  • Pridružio: 27 Okt 2017
  • Poruke: 22

Napisano: 20 Jan 2020 18:59

Kada sam pokusao da imenujem notepad fajl desilo se da je kompjuter zakocio i kao da se brzinski restartovao,poplaveo je ekran.Ikonice od vindovs defendera nije bilo.
Sada cu da probam i ostale korake da uradim...

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by ALEXA (20-01-2020 18:48:01) Run:1
Running from C:\Users\ALEXA\Desktop
Loaded Profiles: ALEXA (Available Profiles: ALEXA)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
File: c:\users\alexa\appdata\local\chromium\application\chrome.exe

CloseProcesses:
HKU\S-1-5-21-3150172443-768184680-3727231964-1001\...\Run: [Chromium] => "c:\users\alexa\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
CHR NewTab: Default -> Not-active:"chrome-extension://jkbnhlhcdndaamafgbelomapajcnjpde/stubby.html"

EmptyTemp:
C:\program files (x86)\relevantknowledge
*****************

Restore point was successfully created.

========================= File: c:\users\alexa\appdata\local\chromium\application\chrome.exe ========================

c:\users\alexa\appdata\local\chromium\application\chrome.exe
File not signed
MD5: 1806BCE02A330F60CA278372E7D9DAD2
Creation and modification date: 2018-10-19 21:58 - 2017-09-22 18:46
Size: 004149760
Attributes: ----A
Company Name: The Chromium Authors
Internal Name: chrome_exe
Original Name: chrome.exe
Product: Chromium
Description: Chromium
File Version: 63.0.3223.0
Product Version: 63.0.3223.0
Copyright: Copyright 2017 The Chromium Authors. All rights reserved.
VirusTotal: virustotal.com/file/5cb392843f3887de2c.....553624488/

====== End of File: ======

Processes closed successfully.
"HKU\S-1-5-21-3150172443-768184680-3727231964-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"Chrome NewTab" => removed successfully
"C:\program files (x86)\relevantknowledge" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28537858 B
Java, Flash, Steam htmlcache => 1323 B
Windows/system/drivers => 184883713 B
Edge => 0 B
Chrome => 402795943 B
Firefox => 19465540 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 256 B
NetworkService => 43323580 B
ALEXA => 48689834 B

RecycleBin => 0 B
EmptyTemp: => 702 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:51:09 ====

Dopuna: 20 Jan 2020 19:17

mycity.rs/must-login.png

Dopuna: 20 Jan 2020 19:23

Kada sam sve zavrsio vindovs je trazio apdejt,pustio sam ga,pisalo je 2 stavke se apdejtuju

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6072

zeljk87 ::Kada sam pokusao da imenujem notepad fajl desilo se da je kompjuter zakocio i kao da se brzinski restartovao,poplaveo je ekran.Ikonice od vindovs defendera nije bilo.
Sada cu da probam i ostale korake da uradim...
Ovo deluje kao hardverski problem. Mogao bi da svratis u Hardwer forum da se posavetujes i tamo. Sacekaj update svakako pa vidi hoce li biti promena na bolje.



Malwarebytes kaze "No Action By User", dozvoli mu da ukloni sve detekcije.
Detektovao je jednu Chrome extenziju, MyFunCards. To mozes i rucno ukloniti (u Chrome browseru > settings > more tool > extension). Kako god, posle uklanjanja i kada resetujes Chrome na default podesavanja mi smo u principu i zavrsili i ti ne bi trebao imati vise probleme vezane za PUP.

offline
  • Zeljko
  • Pridružio: 27 Okt 2017
  • Poruke: 22

Uklonio sam iz Chrome posto u MB nemam tu opciju.
Hvala vam mnogo

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6072

Nema na cemu. Wink

FRST mozes ukloniti tako sto ces mu promeniti naziv u uninstall.exe i pokrenuti program dvoklikom. FRST ce sam sebe ukloniti sa tvog racunara.

offline
  • Zeljko
  • Pridružio: 27 Okt 2017
  • Poruke: 22

Opusteno ne smeta mi taj program,ali hvala vam

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6072

Ondak obrisi rucno C:\FRST folder i isprazni Recycle Bin.
Folder sadrzi izm. ostalog Quarantine koje AV/AM programi mozda mogu detektovati kao malware.

offline
  • Zeljko
  • Pridružio: 27 Okt 2017
  • Poruke: 22

Uradio sam,ali nije bila opcija delete desnim klikom pa sam isao na shift+del

Ko je trenutno na forumu
 

Ukupno su 954 korisnika na forumu :: 58 registrovanih, 7 sakrivenih i 889 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksandar_tatic, aljosa7, Arhiv, Aslani Samir, Boris902, croato, Cufo, darcaud, darkangel, Davor Kondic, dejoglina, djboj, dragan638, dragoljub11987, Drug pukovnik, dule10savic, Futurama, ILGromovnik, indja, Insan2, ivance95, Kibice, Kristian_KG, Kubovac, KUZMAR, ljs, LUDI, madza2, Marko Marković, mačković, MB120mm, Mikulino, Milenko Vujinovic, MORAVA1, pedjolino76, pein, RADOVAN.S, renoje2, repac2, SAA fan, sale755, shaja1, Skijavoneska, slonic_tonic, Sr.Stat., stefanmpurtic, theNedjeljko, vasa.93, vathra, VJ, Vlad000, vujosevic.r, x92, Yellow Pinky2, Zandar, zveki63, |_MeD_|