molim proveru

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 15 Feb 2021 16:44

U posledenjih par dana mi intenzivno iskaču poruke da mi laptop napadaju trojanci i program Malwarebytes mi malazi razne trojance i svašta nešto. Dobijam poruke da posetim neke sajtove što ne činim. u par navrata sam čistio ovim programom i bilo je 12, 24 trojanaca ili drugih napadača. Inače mi se laptop usporio i ne funkcioniše kako treba. Sve radi jako usporeno kao da ga nešto ometa.
Molim proveru


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2021
Ran by korisnik (administrator) on 720-PC (SAMSUNG ELECTRONICS CO., LTD. RV420/RV520/RV720/E3530/S3530/E3420/E3520) (15-02-2021 16:42:33)
Running from C:\Users\korisnik\Desktop
Loaded Profiles: korisnik
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ACD Systems International -> ) [File not signed] C:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe
(ACD Systems International Inc. -> ) [File not signed] C:\Program Files\ACD Systems\ACDSee Home\24.0\ACDSeeCommanderHome24.exe
(ACD Systems International Inc. -> ACD Systems) [File not signed] C:\Program Files\ACD Systems\ACDSee Home\24.0\acdIDInTouch2.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ACHW24EN] => C:\Program Files\ACD Systems\ACDSee Home\24.0\acdIDInTouch2.exe [2088408 2020-10-20] (ACD Systems International Inc. -> ACD Systems) [File not signed]
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-12-24] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Run: [ACDSeeCommanderPro10] => C:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe [3412936 2016-10-04] (ACD Systems International -> ) [File not signed]
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Run: [ACDSeeCommanderHome24] => C:\Program Files\ACD Systems\ACDSee Home\24.0\ACDSeeCommanderHome24.exe [6658208 2020-10-20] (ACD Systems International Inc. -> ) [File not signed]
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {2b1d43f5-1c09-11e6-8ba0-90a4de6d68cc} - G:\USBAutoRun.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {3408e1f5-5588-11e7-b4f3-90a4de6d68cc} - G:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {38bbb30b-60bd-11e7-b1bc-90a4de6d68cc} - F:\Autorun.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {4228f246-f505-11e6-8a28-90a4de6d68cc} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {7ded094a-1c92-11e9-8249-90a4de6d68cc} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {8eafdc6a-12c0-11e7-b3c4-90a4de6d68cc} - G:\SetupWi-Fi.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {ea090054-0eac-11e6-8893-90a4de6d68cc} - F:\setup.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {ea09037c-0eac-11e6-8893-90a4de6d68cc} - G:\setup.exe
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\SYSTEM32\nitrolocalmon9.dll [29704 2013-12-17] (Nitro PDF Software -> Nitro PDF Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-31] (Google LLC -> Google LLC)
BootExecute: autocheck autochk *
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {040DB50B-AC9A-4D06-8298-422A707CF1D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0CDD01B9-539A-4881-AEE9-05387259CE1E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {0CDD01B9-539A-4881-AEE9-05387259CE1E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {0CDD01B9-539A-4881-AEE9-05387259CE1E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-04-24]] (Microsoft Windows -> Microsoft Corporation)
Task: {0EC9067F-AD5D-4B5D-A049-209F15084608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3014A3B5-0EAF-4F76-AD3E-894177454475} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F534421-FE0A-4591-BE95-E27C384ED1B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {3F534421-FE0A-4591-BE95-E27C384ED1B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-04-24]] (Microsoft Windows -> Microsoft Corporation)


[Link mogu videti samo ulogovani korisnici]

Dopuna: 15 Feb 2021 17:08

nešto mi ovaj prvi sken nije kako treba pa sam uradio drugi. i kod prvog sam jedva uspeo da isključim FRST pa mi je sam radio sken iznova i iznova.



==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41C84ED3-C0DD-4CB2-8A18-D0BDF0E29827}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6678FE1E-5241-4B1B-93E9-044DB267A373}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B52A5556-1FFA-4B76-84FB-6EBE83B28CEE}: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{FBA819D8-C074-4A1F-A148-259DBF56E06A}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: 8j2bf1ih.default
FF ProfilePath: C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\8j2bf1ih.default [2021-02-15]
FF Homepage: Mozilla\Firefox\Profiles\8j2bf1ih.default -> [Link mogu videti samo ulogovani korisnici]
FF Extension: (Video DownloadHelper) - C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\8j2bf1ih.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-13] (Adobe Systems Incorporated -> )
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_91\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-17] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-746845287-3329047123-463373260-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR Profile: C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default [2021-02-15]
CHR Extension: (Презентације) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-26]
CHR Extension: (Документи) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-26]
CHR Extension: (Google диск) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-26]
CHR Extension: (Video Downloader professional) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-24]
CHR Extension: (Табеле) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-26]
CHR Extension: (Google документи офлајн) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-14]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR Extension: (Gmail) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-03]
CHR HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC -> Performix LLC)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137448 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
S3 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd -> Digital Wave Ltd.)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [887056 2014-07-10] (Disc Soft Ltd -> Disc Soft Ltd)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software -> Nitro PDF Software)
S3 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [69640 2013-12-17] (Nitro PDF Software -> Nalpeiron Ltd.)
S3 RalinkRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 RalinkRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [454208 2011-03-31] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files (x86)\Tenda\Common\RaMediaServer.exe [621632 2011-03-04] (Ralink Technology Corporation -> )
S3 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-15] (Microsoft Windows -> Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [X]
S3 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [62536 2016-07-21] (Performix LLC -> )
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2016-04-26] (Disc Soft Ltd -> Disc Soft Ltd)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (GFI Software (Florida) Inc. -> ThreatTrack Security)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2019-01-14] (Glarysoft LTD -> Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2018-02-25] (Martin Malik - REALiX -> REALiX(tm))
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (ManyCam LLC -> Visicom Media Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (ManyCam LLC -> Visicom Media Inc.)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567488 2016-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (Silicon Motion, Inc. -> SMI)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alatke za Microsoft Office "
2021-02-15 16:31 - 2021-02-15 16:56 - 000011757 _____ C:\Users\korisnik\Desktop\FRST.txt
2021-02-15 16:31 - 2021-02-15 16:55 - 000000000 ____D C:\FRST
2021-02-15 16:29 - 2021-02-15 16:29 - 002297856 _____ (Farbar) C:\Users\korisnik\Desktop\FRST64.exe
2021-02-15 15:16 - 2021-02-15 16:29 - 000000000 ____D C:\Users\korisnik\AppData\LocalLow\IGDump
2021-02-15 15:08 - 2021-02-15 15:08 - 000000000 ____D C:\Users\korisnik\AppData\Local\mbam
2021-02-15 15:06 - 2021-02-15 16:29 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-15 15:06 - 2021-02-15 15:06 - 000001968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-15 15:06 - 2021-02-15 15:06 - 000001956 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-15 15:05 - 2021-02-15 15:05 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-02-03 20:08 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\rc.dat
2021-02-03 20:07 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\lock.dat
2021-02-03 20:07 - 2021-02-15 15:06 - 000000072 _____ C:\ProgramData\lir.bats
2021-02-03 20:07 - 2021-02-03 20:07 - 000000008 _____ C:\ProgramData\ts.dat
2021-02-03 19:42 - 2021-02-15 16:24 - 000000000 ____D C:\ProgramData\TranslateService
2021-02-03 19:35 - 2021-02-03 19:35 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\Pecado
2021-02-03 19:34 - 2021-02-15 16:00 - 000000000 ____D C:\Users\korisnik\AppData\Local\Secure File Deleter 6
2021-02-03 19:34 - 2021-02-03 20:04 - 000000000 ____D C:\GX Action Backup
2021-02-03 19:34 - 2021-02-03 19:34 - 000000015 _____ C:\ProgramData\kaosdma.txt
2021-02-03 19:34 - 2014-04-03 20:22 - 000645592 _____ C:\Windows\SysWOW64\sqlite3.dll
2021-02-03 19:29 - 2021-02-03 19:30 - 011600667 _____ (AlcaTech ) C:\Users\korisnik\Downloads\file
2021-02-03 19:29 - 2021-02-03 19:29 - 040732864 _____ C:\Users\korisnik\Downloads\vlc-3.0.11-win32.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-15 16:33 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-02-15 16:33 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-02-15 16:30 - 2016-04-28 10:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-15 16:30 - 2009-07-14 06:13 - 000006170 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-15 16:30 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-02-15 16:24 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-15 16:00 - 2016-05-21 16:09 - 000000000 ____D C:\Program Files (x86)\ManyCam
2021-02-15 16:00 - 2016-02-08 15:22 - 000000000 ___RD C:\Users\korisnik\Desktop\Nova fascikla
2021-02-15 15:59 - 2016-06-03 15:11 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\Nitro PDF
2021-02-15 15:49 - 2018-12-22 10:20 - 000000000 ____D C:\Users\korisnik\AppData\Local\CrashDumps
2021-02-15 15:05 - 2016-05-03 11:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-14 16:04 - 2016-12-22 19:56 - 000000000 ____D C:\Program Files (x86)\Igra_ProfiPreferans_com
2021-02-14 16:03 - 2016-04-26 20:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-14 16:01 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-02-14 15:51 - 2016-04-26 20:47 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-14 15:50 - 2016-05-05 10:59 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2021-02-12 16:53 - 2016-06-01 16:29 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-02-12 16:52 - 2016-06-01 16:28 - 000002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-03 20:05 - 2016-04-26 15:52 - 000000000 ____D C:\Users\korisnik
2021-02-03 20:04 - 2016-12-27 13:17 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2021-02-03 20:04 - 2016-05-02 11:13 - 000000000 ____D C:\Users\Administrator
2021-02-03 20:04 - 2016-04-26 20:50 - 000000000 ____D C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-02-03 20:04 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2021-02-03 19:39 - 2016-05-10 21:55 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\uTorrent
2021-02-02 19:15 - 2009-07-14 06:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-01-31 13:36 - 2019-10-26 21:27 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-31 13:33 - 2020-06-19 19:30 - 000000000 ____D C:\Users\korisnik\Desktop\tel
2021-01-17 18:38 - 2018-10-12 23:13 - 000000000 ____D C:\Users\korisnik\Desktop\novi sad arhiva

==================== Files in the root of some directories ========

2016-10-14 09:00 - 2016-10-14 09:00 - 000000256 _____ () C:\ProgramData\fontcacheev1.dat
2021-02-03 20:07 - 2021-02-15 16:23 - 000000004 _____ () C:\ProgramData\lock.dat
2021-02-03 20:08 - 2021-02-15 16:23 - 000000004 _____ () C:\ProgramData\rc.dat
2021-02-03 20:07 - 2021-02-03 20:07 - 000000008 _____ () C:\ProgramData\ts.dat
2016-10-31 22:48 - 2016-10-31 22:48 - 000000000 ____H () C:\Users\korisnik\AppData\Local\BITC4E7.tmp
2017-03-24 11:55 - 2017-03-24 11:55 - 000000000 _____ () C:\Users\korisnik\AppData\Local\{7F7CD0A6-B533-4443-9BB0-121CE3C83202}
2016-10-31 22:48 - 2016-10-31 22:48 - 000000000 _____ () C:\Users\korisnik\AppData\Local\{E0C944B0-EDBC-4913-A741-41E409FE0557}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-02-08 18:13
==================== End of FRST.txt ========================
[Link mogu videti samo ulogovani korisnici]

Dopuna: 15 Feb 2021 18:30



ovako stalno

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini sto cekas, imao sam nekih obaveza. Javljam ti se sutra sa instrukcijama. Mozes taman i da odradis nov FRST sken posto je proslo malo vremena pa da imam sveze izvestaje u slucaju da se nesto promenilo u medjuvremenu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

No log file

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC -> Performix LLC)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137448 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
S3 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd -> Digital Wave Ltd.)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [887056 2014-07-10] (Disc Soft Ltd -> Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software -> Nitro PDF Software)
S3 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [69640 2013-12-17] (Nitro PDF Software -> Nalpeiron Ltd.)
S3 RalinkRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 RalinkRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [454208 2011-03-31] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files (x86)\Tenda\Common\RaMediaServer.exe [621632 2011-03-04] (Ralink Technology Corporation -> )
S3 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-15] (Microsoft Windows -> Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [X]
S3 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [62536 2016-07-21] (Performix LLC -> )
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2016-04-26] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-02-15] (Malwarebytes Corporation -> Malwarebytes)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (GFI Software (Florida) Inc. -> ThreatTrack Security)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2019-01-14] (Glarysoft LTD -> Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2018-02-25] (Martin Malik - REALiX -> REALiX(tm))
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (ManyCam LLC -> Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [130592 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (ManyCam LLC -> Visicom Media Inc.)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567488 2016-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (Silicon Motion, Inc. -> SMI)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alatke za Microsoft Office "
2021-02-19 16:59 - 2021-02-19 16:59 - 000000000 ____D C:\Users\korisnik\Desktop\FRST-OlderVersion
2021-02-19 16:40 - 2021-02-19 16:40 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-02-19 16:39 - 2021-02-19 16:39 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-02-19 16:39 - 2021-02-19 16:39 - 000130592 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-02-15 18:29 - 2021-02-15 18:29 - 000000000 ___HD C:\Users\korisnik\Desktop\[Originals]
2021-02-15 17:52 - 2021-02-15 17:52 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-02-15 16:31 - 2021-02-19 17:01 - 000006152 _____ C:\Users\korisnik\Desktop\FRST.txt
2021-02-15 16:31 - 2021-02-19 17:00 - 000000000 ____D C:\FRST
2021-02-15 16:29 - 2021-02-19 16:59 - 002298368 _____ (Farbar) C:\Users\korisnik\Desktop\FRST64.exe
2021-02-15 15:16 - 2021-02-19 16:48 - 000000000 ____D C:\Users\korisnik\AppData\LocalLow\IGDump
2021-02-15 15:08 - 2021-02-15 15:08 - 000000000 ____D C:\Users\korisnik\AppData\Local\mbam
2021-02-15 15:06 - 2021-02-15 16:29 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-15 15:06 - 2021-02-15 15:06 - 000001968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-15 15:06 - 2021-02-15 15:06 - 000001956 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-15 15:05 - 2021-02-15 15:05 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-02-03 20:08 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\rc.dat
2021-02-03 20:07 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\lock.dat
2021-02-03 20:07 - 2021-02-15 15:06 - 000000072 _____ C:\ProgramData\lir.bats
2021-02-03 20:07 - 2021-02-03 20:07 - 000000008 _____ C:\ProgramData\ts.dat
2021-02-03 19:42 - 2021-02-15 16:24 - 000000000 ____D C:\ProgramData\TranslateService
2021-02-03 19:35 - 2021-02-03 19:35 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\Pecado
2021-02-03 19:34 - 2021-02-15 16:00 - 000000000 ____D C:\Users\korisnik\AppData\Local\Secure File Deleter 6
2021-02-03 19:34 - 2021-02-03 20:04 - 000000000 ____D C:\GX Action Backup
2021-02-03 19:34 - 2021-02-03 19:34 - 000000015 _____ C:\ProgramData\kaosdma.txt
2021-02-03 19:34 - 2014-04-03 20:22 - 000645592 _____ C:\Windows\SysWOW64\sqlite3.dll
2021-02-03 19:29 - 2021-02-03 19:30 - 011600667 _____ (AlcaTech ) C:\Users\korisnik\Downloads\file
2021-02-03 19:29 - 2021-02-03 19:29 - 040732864 _____ C:\Users\korisnik\Downloads\vlc-3.0.11-win32.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-19 16:47 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-02-19 16:47 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-02-19 16:42 - 2009-07-14 06:13 - 000006170 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-19 16:42 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-02-19 16:37 - 2016-04-28 10:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-19 16:37 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-15 20:09 - 2016-06-01 16:28 - 000002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-15 16:00 - 2016-05-21 16:09 - 000000000 ____D C:\Program Files (x86)\ManyCam
2021-02-15 16:00 - 2016-02-08 15:22 - 000000000 ___RD C:\Users\korisnik\Desktop\Nova fascikla
2021-02-15 15:59 - 2016-06-03 15:11 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\Nitro PDF
2021-02-15 15:49 - 2018-12-22 10:20 - 000000000 ____D C:\Users\korisnik\AppData\Local\CrashDumps
2021-02-15 15:05 - 2016-05-03 11:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-14 16:04 - 2016-12-22 19:56 - 000000000 ____D C:\Program Files (x86)\Igra_ProfiPreferans_com
2021-02-14 16:03 - 2016-04-26 20:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-14 16:01 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-02-14 15:51 - 2016-04-26 20:47 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-14 15:50 - 2016-05-05 10:59 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2021-02-12 16:53 - 2016-06-01 16:29 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-02-03 20:05 - 2016-04-26 15:52 - 000000000 ____D C:\Users\korisnik
2021-02-03 20:04 - 2016-12-27 13:17 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2021-02-03 20:04 - 2016-05-02 11:13 - 000000000 ____D C:\Users\Administrator
2021-02-03 20:04 - 2016-04-26 20:50 - 000000000 ____D C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-02-03 20:04 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2021-02-03 19:39 - 2016-05-10 21:55 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\uTorrent
2021-02-02 19:15 - 2009-07-14 06:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-01-31 13:36 - 2019-10-26 21:27 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-31 13:33 - 2020-06-19 19:30 - 000000000 ____D C:\Users\korisnik\Desktop\tel

==================== Files in the root of some directories ========

2016-10-14 09:00 - 2016-10-14 09:00 - 000000256 _____ () C:\ProgramData\fontcacheev1.dat
2021-02-03 20:07 - 2021-02-15 16:23 - 000000004 _____ () C:\ProgramData\lock.dat
2021-02-03 20:08 - 2021-02-15 16:23 - 000000004 _____ () C:\ProgramData\rc.dat
2021-02-03 20:07 - 2021-02-03 20:07 - 000000008 _____ () C:\ProgramData\ts.dat
2016-10-31 22:48 - 2016-10-31 22:48 - 000000000 ____H () C:\Users\korisnik\AppData\Local\BITC4E7.tmp
2017-03-24 11:55 - 2017-03-24 11:55 - 000000000 _____ () C:\Users\korisnik\AppData\Local\{7F7CD0A6-B533-4443-9BB0-121CE3C83202}
2016-10-31 22:48 - 2016-10-31 22:48 - 000000000 _____ () C:\Users\korisnik\AppData\Local\{E0C944B0-EDBC-4913-A741-41E409FE0557}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-02-08 18:13
==================== End of FRST.txt ========================
[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Опет није комплетан лог, пробај још једном.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 19 Feb 2021 17:36

ok, tako mi je izbacio kao završeno ali sad ću ponovo

Dopuna: 19 Feb 2021 17:39

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01
Ran by korisnik (administrator) on 720-PC (SAMSUNG ELECTRONICS CO., LTD. RV420/RV520/RV720/E3530/S3530/E3420/E3520) (19-02-2021 17:35:03)
Running from C:\Users\korisnik\Desktop
Loaded Profiles: korisnik
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ACD Systems International -> ) [File not signed] C:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe
(ACD Systems International Inc. -> ) [File not signed] C:\Program Files\ACD Systems\ACDSee Home\24.0\ACDSeeCommanderHome24.exe
(ACD Systems International Inc. -> ACD Systems) [File not signed] C:\Program Files\ACD Systems\ACDSee Home\24.0\acdIDInTouch2.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\korisnik\AppData\Roaming\uTorrent\updates\3.5.5_45852\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\korisnik\AppData\Roaming\uTorrent\uTorrent.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ACHW24EN] => C:\Program Files\ACD Systems\ACDSee Home\24.0\acdIDInTouch2.exe [2088408 2020-10-20] (ACD Systems International Inc. -> ACD Systems) [File not signed]
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-12-24] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Run: [ACDSeeCommanderPro10] => C:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe [3412936 2016-10-04] (ACD Systems International -> ) [File not signed]
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Run: [ACDSeeCommanderHome24] => C:\Program Files\ACD Systems\ACDSee Home\24.0\ACDSeeCommanderHome24.exe [6658208 2020-10-20] (ACD Systems International Inc. -> ) [File not signed]
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {2b1d43f5-1c09-11e6-8ba0-90a4de6d68cc} - G:\USBAutoRun.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {3408e1f5-5588-11e7-b4f3-90a4de6d68cc} - G:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {38bbb30b-60bd-11e7-b1bc-90a4de6d68cc} - F:\Autorun.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {4228f246-f505-11e6-8a28-90a4de6d68cc} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {7ded094a-1c92-11e9-8249-90a4de6d68cc} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {8eafdc6a-12c0-11e7-b3c4-90a4de6d68cc} - G:\SetupWi-Fi.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {ea090054-0eac-11e6-8893-90a4de6d68cc} - F:\setup.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {ea09037c-0eac-11e6-8893-90a4de6d68cc} - G:\setup.exe
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\SYSTEM32\nitrolocalmon9.dll [29704 2013-12-17] (Nitro PDF Software -> Nitro PDF Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-31] (Google LLC -> Google LLC)
BootExecute: autocheck autochk *
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02597FCF-7C78-4C3E-B5F3-C2FE503472D5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {02597FCF-7C78-4C3E-B5F3-C2FE503472D5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-04-24]] (Microsoft Windows -> Microsoft Corporation)
Task: {040DB50B-AC9A-4D06-8298-422A707CF1D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0EC9067F-AD5D-4B5D-A049-209F15084608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {15B3DBF7-9C08-43D2-BE4E-5AF3B6C9A29A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {15B3DBF7-9C08-43D2-BE4E-5AF3B6C9A29A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {15B3DBF7-9C08-43D2-BE4E-5AF3B6C9A29A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-04-24]] (Microsoft Windows -> Microsoft Corporation)
Task: {3014A3B5-0EAF-4F76-AD3E-894177454475} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F534421-FE0A-4591-BE95-E27C384ED1B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {3F534421-FE0A-4591-BE95-E27C384ED1B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-04-24]] (Microsoft Windows -> Microsoft Corporation)
Task: {43B013E0-3E9A-42F4-965B-08B2AF35CA0A} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4487904 2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
Task: {4CC0FE9B-D306-45D0-9DD8-B60996B2130C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4CC0FE9B-D306-45D0-9DD8-B60996B2130C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-04-24]] (Microsoft Windows -> Microsoft Corporation)
Task: {53D571FC-4707-4509-8C9D-91F5ED2E4F58} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-746845287-3329047123-463373260-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {53F76E91-273F-4859-B7B6-0DA2C1D2A7E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {67405E29-D725-4B58-8B5C-E8B3C8060CE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {70DAD081-C57D-4E83-A22B-E16572BE32E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd -> Piriform Ltd)
Task: {75B5A7BE-C187-40E0-A169-6E4959DCD090} - System32\Tasks\{E5139005-6F0E-485F-921E-74916B0B5751} => C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe [5485064 2013-12-17] (Nitro PDF Software -> Nitro PDF)
Task: {76293535-77B4-4982-BD49-706FA6DD3230} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [234448 2018-12-24] (Glarysoft LTD -> Glarysoft Ltd)
Task: {773DE983-0F5C-4943-B856-C9EB233B3AB6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-746845287-3329047123-463373260-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {79FC1C1C-5440-4B5E-B6F8-F28AAE044915} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {823AAA7B-318C-460C-922F-8BA51DE7A8F2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {86063FFB-370B-4B00-B28E-9E27AF992DA6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-746845287-3329047123-463373260-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2014-11-15] (Microsoft Windows -> Microsoft Corporation)
Task: {8DA7CF1C-3C00-4711-8666-88D92265DF26} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {953D1E24-A5CD-4974-8971-20FD8240C4CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {98EF2D8B-6030-4AA5-B30A-52F78BC5EF70} - System32\Tasks\{F980A2AA-0879-4540-8FE8-B57507D60191} => C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe [5485064 2013-12-17] (Nitro PDF Software -> Nitro PDF)
Task: {9B49AE81-C2C2-4776-B049-0019C691DCC0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-746845287-3329047123-463373260-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {C4D2A224-9EE3-4D0C-8186-C8EC24F95A37} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe [1455752 2018-11-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E4300030-83D1-498F-A8BF-102BA3EDDDD9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA32E743-0704-49E4-8E85-0E62043FB66F} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41C84ED3-C0DD-4CB2-8A18-D0BDF0E29827}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6678FE1E-5241-4B1B-93E9-044DB267A373}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B52A5556-1FFA-4B76-84FB-6EBE83B28CEE}: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{FBA819D8-C074-4A1F-A148-259DBF56E06A}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: 8j2bf1ih.default
FF ProfilePath: C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\8j2bf1ih.default [2021-02-19]
FF Homepage: Mozilla\Firefox\Profiles\8j2bf1ih.default -> [Link mogu videti samo ulogovani korisnici]
FF Extension: (Video DownloadHelper) - C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\8j2bf1ih.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-13] (Adobe Systems Incorporated -> )
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_91\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-17] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-746845287-3329047123-463373260-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR Profile: C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default [2021-02-19]
CHR Extension: (Презентације) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-26]
CHR Extension: (Документи) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-26]
CHR Extension: (Google диск) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-26]
CHR Extension: (Video Downloader professional) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-24]
CHR Extension: (Табеле) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-26]
CHR Extension: (Google документи офлајн) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-14]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR Extension: (Gmail) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-03]
CHR HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC -> Performix LLC)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137448 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
S3 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd -> Digital Wave Ltd.)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [887056 2014-07-10] (Disc Soft Ltd -> Disc Soft Ltd)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software -> Nitro PDF Software)
S3 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [69640 2013-12-17] (Nitro PDF Software -> Nalpeiron Ltd.)
S3 RalinkRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 RalinkRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [454208 2011-03-31] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files (x86)\Tenda\Common\RaMediaServer.exe [621632 2011-03-04] (Ralink Technology Corporation -> )
S3 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-15] (Microsoft Windows -> Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [X]
S3 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [62536 2016-07-21] (Performix LLC -> )
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2016-04-26] (Disc Soft Ltd -> Disc Soft Ltd)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (GFI Software (Florida) Inc. -> ThreatTrack Security)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2019-01-14] (Glarysoft LTD -> Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2018-02-25] (Martin Malik - REALiX -> REALiX(tm))
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (ManyCam LLC -> Visicom Media Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (ManyCam LLC -> Visicom Media Inc.)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567488 2016-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (Silicon Motion, Inc. -> SMI)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alatke za Microsoft Office "
2021-02-19 17:25 - 2021-02-19 17:26 - 000020849 _____ C:\Users\korisnik\Downloads\Various Artists - The Funky 60s (2021) Mp3 320kbps [PMEDIA] ⭐️.torrent
2021-02-19 17:25 - 2021-02-19 17:25 - 000028008 _____ C:\Users\korisnik\Downloads\Various Artists - The Funky 70s (2021) Mp3 320kbps [PMEDIA] ⭐️.torrent
2021-02-19 17:21 - 2021-02-19 17:21 - 000037464 _____ C:\Users\korisnik\Downloads\VA - Feel Good Songs (2021) Mp3 320kbps [PMEDIA] ⭐️.torrent
2021-02-19 17:19 - 2021-02-19 17:19 - 000055431 _____ C:\Users\korisnik\Downloads\VA - Twist Hot 100 25th January 1962 (2021) Mp3 320kbps [PMEDIA] ⭐️.torrent
2021-02-19 17:07 - 2021-02-19 17:07 - 000000000 ____D C:\Users\korisnik\AppData\LocalLow\uTorrent
2021-02-19 16:59 - 2021-02-19 16:59 - 000000000 ____D C:\Users\korisnik\Desktop\FRST-OlderVersion
2021-02-15 18:29 - 2021-02-15 18:29 - 000000000 ___HD C:\Users\korisnik\Desktop\[Originals]
2021-02-15 16:31 - 2021-02-19 17:36 - 000023791 _____ C:\Users\korisnik\Desktop\FRST.txt
2021-02-15 16:31 - 2021-02-19 17:35 - 000000000 ____D C:\FRST
2021-02-15 16:29 - 2021-02-19 16:59 - 002298368 _____ (Farbar) C:\Users\korisnik\Desktop\FRST64.exe
2021-02-15 15:16 - 2021-02-19 17:08 - 000000000 ____D C:\Users\korisnik\AppData\LocalLow\IGDump
2021-02-15 15:08 - 2021-02-15 15:08 - 000000000 ____D C:\Users\korisnik\AppData\Local\mbam
2021-02-15 15:06 - 2021-02-15 16:29 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-15 15:06 - 2021-02-15 15:06 - 000001968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-15 15:06 - 2021-02-15 15:06 - 000001956 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-15 15:05 - 2021-02-15 15:05 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-02-03 20:08 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\rc.dat
2021-02-03 20:07 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\lock.dat
2021-02-03 20:07 - 2021-02-15 15:06 - 000000072 _____ C:\ProgramData\lir.bats
2021-02-03 20:07 - 2021-02-03 20:07 - 000000008 _____ C:\ProgramData\ts.dat
2021-02-03 19:42 - 2021-02-15 16:24 - 000000000 ____D C:\ProgramData\TranslateService
2021-02-03 19:35 - 2021-02-03 19:35 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\Pecado
2021-02-03 19:34 - 2021-02-15 16:00 - 000000000 ____D C:\Users\korisnik\AppData\Local\Secure File Deleter 6
2021-02-03 19:34 - 2021-02-03 20:04 - 000000000 ____D C:\GX Action Backup
2021-02-03 19:34 - 2021-02-03 19:34 - 000000015 _____ C:\ProgramData\kaosdma.txt
2021-02-03 19:34 - 2014-04-03 20:22 - 000645592 _____ C:\Windows\SysWOW64\sqlite3.dll
2021-02-03 19:29 - 2021-02-03 19:30 - 011600667 _____ (AlcaTech ) C:\Users\korisnik\Downloads\file
2021-02-03 19:29 - 2021-02-03 19:29 - 040732864 _____ C:\Users\korisnik\Downloads\vlc-3.0.11-win32.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-19 17:35 - 2016-05-10 21:55 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\uTorrent
2021-02-19 17:29 - 2016-04-26 20:34 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\BSplayer PRO
2021-02-19 17:05 - 2019-06-18 14:48 - 000000000 ____D C:\Users\korisnik\AppData\Local\BitTorrentHelper
2021-02-19 16:47 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-02-19 16:47 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-02-19 16:42 - 2009-07-14 06:13 - 000006170 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-19 16:42 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-02-19 16:37 - 2016-04-28 10:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-19 16:37 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-15 20:09 - 2016-06-01 16:28 - 000002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-15 16:00 - 2016-05-21 16:09 - 000000000 ____D C:\Program Files (x86)\ManyCam
2021-02-15 16:00 - 2016-02-08 15:22 - 000000000 ___RD C:\Users\korisnik\Desktop\Nova fascikla
2021-02-15 15:59 - 2016-06-03 15:11 - 000000000 ____D C:\Users\korisnik\AppData\Roaming\Nitro PDF
2021-02-15 15:49 - 2018-12-22 10:20 - 000000000 ____D C:\Users\korisnik\AppData\Local\CrashDumps
2021-02-15 15:05 - 2016-05-03 11:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-14 16:04 - 2016-12-22 19:56 - 000000000 ____D C:\Program Files (x86)\Igra_ProfiPreferans_com
2021-02-14 16:03 - 2016-04-26 20:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-14 16:01 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-02-14 15:51 - 2016-04-26 20:47 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-14 15:50 - 2016-05-05 10:59 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2021-02-12 16:53 - 2016-06-01 16:29 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-02-03 20:05 - 2016-04-26 15:52 - 000000000 ____D C:\Users\korisnik
2021-02-03 20:04 - 2016-12-27 13:17 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2021-02-03 20:04 - 2016-05-02 11:13 - 000000000 ____D C:\Users\Administrator
2021-02-03 20:04 - 2016-04-26 20:50 - 000000000 ____D C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-02-03 20:04 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2021-02-02 19:15 - 2009-07-14 06:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-01-31 13:36 - 2019-10-26 21:27 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-31 13:33 - 2020-06-19 19:30 - 000000000 ____D C:\Users\korisnik\Desktop\tel

==================== Files in the root of some directories ========

2016-10-14 09:00 - 2016-10-14 09:00 - 000000256 _____ () C:\ProgramData\fontcacheev1.dat
2021-02-03 20:07 - 2021-02-15 16:23 - 000000004 _____ () C:\ProgramData\lock.dat
2021-02-03 20:08 - 2021-02-15 16:23 - 000000004 _____ () C:\ProgramData\rc.dat
2021-02-03 20:07 - 2021-02-03 20:07 - 000000008 _____ () C:\ProgramData\ts.dat
2016-10-31 22:48 - 2016-10-31 22:48 - 000000000 ____H () C:\Users\korisnik\AppData\Local\BITC4E7.tmp
2017-03-24 11:55 - 2017-03-24 11:55 - 000000000 _____ () C:\Users\korisnik\AppData\Local\{7F7CD0A6-B533-4443-9BB0-121CE3C83202}
2016-10-31 22:48 - 2016-10-31 22:48 - 000000000 _____ () C:\Users\korisnik\AppData\Local\{E0C944B0-EDBC-4913-A741-41E409FE0557}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-02-08 18:13
==================== End of FRST.txt ========================
[Link mogu videti samo ulogovani korisnici]

Dopuna: 21 Feb 2021 11:42

dodatna informacija; na svaki klik mi se otvaraju prozori sajtova koje nisam klikao, a inače mi za bilo koji pa i ovaj iskače blokiranje od strane malware zaštite , znači svaki klik iskače blokada

Dopuna: 23 Feb 2021 16:45

????????????????

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 23 Feb 2021 18:22

Sacekaj malo. Moram da se posavetujem sa kolegama pre nego sto ti napisem instrukcije.

Dopuna: 23 Feb 2021 23:08

Zdravo,

Ja cu ti pomagati sa resavanjem problema uzrokovanih malicioznim programima. Da napomenem da ne pokusavas nista na svoju ruku sto ti ja nisam rekao kako ne bi iskomplikovao slucaj.

Prvo, obrisi sledece programe iz Control Panel-a:
Glary Utilities PRO 5.112
Registry Repair 5.0.1.87

Dalje.
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:


CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {2b1d43f5-1c09-11e6-8ba0-90a4de6d68cc} - G:\USBAutoRun.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {3408e1f5-5588-11e7-b4f3-90a4de6d68cc} - G:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {38bbb30b-60bd-11e7-b1bc-90a4de6d68cc} - F:\Autorun.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {4228f246-f505-11e6-8a28-90a4de6d68cc} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {7ded094a-1c92-11e9-8249-90a4de6d68cc} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {8eafdc6a-12c0-11e7-b3c4-90a4de6d68cc} - G:\SetupWi-Fi.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {ea090054-0eac-11e6-8893-90a4de6d68cc} - F:\setup.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {ea09037c-0eac-11e6-8893-90a4de6d68cc} - G:\setup.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

2021-02-03 20:08 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\rc.dat
2021-02-03 20:07 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\lock.dat
2021-02-03 20:07 - 2021-02-15 15:06 - 000000072 _____ C:\ProgramData\lir.bats
2021-02-03 20:07 - 2021-02-03 20:07 - 000000008 _____ C:\ProgramData\ts.dat

AlternateDataStreams: C:\Windows:nlsPreferences [514]

EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.

Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Feb 2021 19:15

Izveštaj ispravaka od Farbar Recovery Scan Tool (x64) Verzija: 24-02-2021
Pokrenuo korisnik (26-02-2021 19:09:14) Run:1
Pokrenuto sa C:\Users\korisnik\Desktop
Učitani Profili: korisnik & Administrator
Režim pokretanja sistema: Normal
==============================================

fixlist sadržaj:
*****************
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {2b1d43f5-1c09-11e6-8ba0-90a4de6d68cc} - G:\USBAutoRun.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {3408e1f5-5588-11e7-b4f3-90a4de6d68cc} - G:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {38bbb30b-60bd-11e7-b1bc-90a4de6d68cc} - F:\Autorun.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {4228f246-f505-11e6-8a28-90a4de6d68cc} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {7ded094a-1c92-11e9-8249-90a4de6d68cc} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {8eafdc6a-12c0-11e7-b3c4-90a4de6d68cc} - G:\SetupWi-Fi.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {ea090054-0eac-11e6-8893-90a4de6d68cc} - F:\setup.exe
HKU\S-1-5-21-746845287-3329047123-463373260-1000\...\MountPoints2: {ea09037c-0eac-11e6-8893-90a4de6d68cc} - G:\setup.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

2021-02-03 20:08 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\rc.dat
2021-02-03 20:07 - 2021-02-15 16:23 - 000000004 _____ C:\ProgramData\lock.dat
2021-02-03 20:07 - 2021-02-15 15:06 - 000000072 _____ C:\ProgramData\lir.bats
2021-02-03 20:07 - 2021-02-03 20:07 - 000000008 _____ C:\ProgramData\ts.dat

AlternateDataStreams: C:\Windows:nlsPreferences [514]

EmptyTemp:
*****************

Tačka vraćanja je uspešno kreirana.
Procesi su zatvoreni uspešno.
HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b1d43f5-1c09-11e6-8ba0-90a4de6d68cc} => uspešno uklonjeno
HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3408e1f5-5588-11e7-b4f3-90a4de6d68cc} => uspešno uklonjeno
HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38bbb30b-60bd-11e7-b1bc-90a4de6d68cc} => uspešno uklonjeno
HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4228f246-f505-11e6-8a28-90a4de6d68cc} => uspešno uklonjeno
HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ded094a-1c92-11e9-8249-90a4de6d68cc} => uspešno uklonjeno
HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafdc6a-12c0-11e7-b3c4-90a4de6d68cc} => uspešno uklonjeno
HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea090054-0eac-11e6-8893-90a4de6d68cc} => uspešno uklonjeno
HKU\S-1-5-21-746845287-3329047123-463373260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea09037c-0eac-11e6-8893-90a4de6d68cc} => uspešno uklonjeno
C:\Windows\system32\GroupPolicy\Machine => uspešno premešteno
C:\Windows\system32\GroupPolicy\GPT.ini => uspešno premešteno
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => uspešno premešteno
C:\ProgramData\NTUSER.pol => uspešno premešteno
HKLM\SOFTWARE\Policies\Google => uspešno uklonjeno
HKLM\System\CurrentControlSet\Services\LiveUpdateSvc => uspešno uklonjeno
LiveUpdateSvc => servis uspešno uklonjeno
C:\ProgramData\rc.dat => uspešno premešteno
C:\ProgramData\lock.dat => uspešno premešteno
C:\ProgramData\lir.bats => uspešno premešteno
C:\ProgramData\ts.dat => uspešno premešteno
C:\Windows => ":nlsPreferences" ADS uspešno uklonjeno

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8661703 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1393141 B
Edge => 0 B
Chrome => 404695982 B
Firefox => 19684944 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 128 B
korisnik => 9290702 B
Administrator => 9764475 B

RecycleBin => 0 B
EmptyTemp: => 440.5 MB privremeni podaci Uklonjeni.

================================


Sistemu je potreban ponovno pokretanje.

==== Kraj od Fixlog 19:10:10 ====

Dopuna: 26 Feb 2021 20:01



i dalje mi iskače upozorenje šta god je

Dopuna: 26 Feb 2021 20:40

i to svaki čas iskače čak i kad ne otvaram stranice na internetu, već samo skrolujem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li si obrisao programe koje sam ti napisao gore da obrises?

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.

Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[S00].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

da, prvo sam obrisao te programe a onda ostalo uradio. ova stranica koju si mi poslao da skinem adwcleaner ne postoji, tako me obaveštava...

• 1Ovo se svidja korisniku: L3g1oN
  
  Registruj se da bi pohvalio/la poruku!

Preuzmi odavde: [Link mogu videti samo ulogovani korisnici]