Virus na fejsbuku

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imam virus na fejsbuk profilu, kliknuo sam na neki link i sada mi samo izbacuje kao da ja objavljujem te neke linkove i salje mojim prijateljima u porukama. Pritom sa strane mi stoji kao da sam lajkovao neke stranice a u stvari su to ti virusi, inace stoje kao slike golih zena. Molim vas da mi objasnite kako da obrisem to sa fejsbuka ako je ikako moguce. Pokusao sam promenom lozinke ali uspeo sam samo da obrisem te objave ali i dalje mi stoje te stranice na mom profilu. Ako mozete da mi pomognete bio bih vam zahvalan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Postavi logove, pa cemo videti dalje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kako da postavim logove? Na sta konkretno mislite?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak #2:




 

Preuzmite Farbar-ov alat Farbar Recovery Scan Tool (FRST) i sačuvajte ga na radnu površinu (Desktop):
Možete koristiti i sledeće direktne linkove: FRST 32bit. verzija, download link | FRST 64bit. verzija, download link

- Alternativni Farbar Recovery Scan Tool (FRST) download link:


Obaveštenje: Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa vašim sistemom.
Ako niste sigurni koja verzija se odnosi na vaš sistem, preuzmite ih obe i pokrenite. Samo jedan od njih će raditi na vašem sistemu, to će biti prava verzija.


dvoklikom pokrenite program, kada se alat pokrene kliknite Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
Kada alat ispiše "The tool is ready to use." poruku, FRST je spreman za upotrebu.
kliknite na dugme Scan;
.
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum/lokacija gde je FRST alat sačuvan;
iskopirajte sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okačite Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

Napomena: u slučaju da zaštitni softver omete FRST u radu, privremeno deaktivirajte isti u većini slučajeva preko desnog klika na ikonu programa u system tray (uputstvo) i ponovo pokrenite FRST.








* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 20 Dec 2015 23:11

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Sale (administrator) on SALE-PC (20-12-2015 23:01:42)
Running from C:\Users\Sale\Downloads
Loaded Profiles: Sale (Available Profiles: Sale)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(© 2015 Microsoft Corporation) C:\Users\Sale\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\...\Run: [BingSvc] => C:\Users\Sale\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-20] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F61D1A1F-70DD-49DF-9D73-DB8CA89AF730}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-20] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-20] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3565084443-3045908503-3846572112-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sale\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-20]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.videosearchtoolsplus.com/suggest/CSuggestJson.ashx?prefix={searchTerms}&PCSF=SU_SUGGEST
CHR Profile: C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Avast SafePrice) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (plusnetwork) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijigdpcnkmgciealfpeophgocfpghhb [2015-10-09]
CHR Extension: (Avast Online Security) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Metacritic) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingjlcgfdiaihjljfbljpdgabjoohoif [2015-12-19]
CHR Extension: (Skype) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Profile: C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google документи) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (YouTube) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Avast Online Security) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-14]
CHR Extension: (Skype Click to Call) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-18]
CHR Extension: (iLivid) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-05-07]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-20] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-20] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-20] ()
R3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdm64.sys [543744 2009-06-10] (Agere Systems)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-20 23:01 - 2015-12-20 23:02 - 00012102 _____ C:\Users\Sale\Downloads\FRST.txt
2015-12-20 23:00 - 2015-12-20 23:01 - 00000000 ____D C:\FRST
2015-12-20 23:00 - 2015-12-20 23:00 - 02370560 _____ (Farbar) C:\Users\Sale\Downloads\FRST64.exe
2015-12-20 20:54 - 2015-12-20 20:54 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-20 12:41 - 2015-12-20 12:41 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-20 12:41 - 2015-12-20 12:41 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-15 00:20 - 2015-12-15 00:20 - 00358088 _____ C:\Windows\Minidump\121515-15724-01.dmp
2015-12-14 11:06 - 2015-12-14 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-07 13:16 - 2015-12-07 13:16 - 00358272 _____ C:\Windows\Minidump\120715-16317-01.dmp
2015-12-03 18:45 - 2015-12-03 18:45 - 00000000 ____D C:\Users\Sale\Desktop\Sale KOLOKVIJUMI
2015-12-03 17:22 - 2015-12-03 17:22 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 17:22 - 2015-12-03 17:22 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 22:33 - 2015-12-01 22:33 - 00358088 _____ C:\Windows\Minidump\120115-17440-01.dmp
2015-11-24 18:16 - 2015-11-24 18:16 - 00358088 _____ C:\Windows\Minidump\112415-16910-01.dmp
2015-11-23 11:54 - 2015-11-23 11:54 - 00358088 _____ C:\Windows\Minidump\112315-18735-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-20 23:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-20 22:42 - 2015-07-27 22:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-20 22:18 - 2014-12-27 03:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-20 21:28 - 2009-07-14 06:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-20 21:28 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-20 21:28 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-20 21:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-20 21:24 - 2014-12-27 03:50 - 00000000 ____D C:\Users\Sale\AppData\Roaming\Skype
2015-12-20 21:23 - 2014-12-27 03:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-20 21:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-20 20:05 - 2015-09-19 17:43 - 00000000 ____D C:\Users\Sale\AppData\Roaming\uTorrent
2015-12-20 12:42 - 2014-12-27 03:41 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-20 12:42 - 2014-12-27 03:41 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-20 12:42 - 2014-12-27 03:41 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-20 12:41 - 2014-12-27 03:41 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-20 12:41 - 2014-12-27 03:41 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-20 12:41 - 2014-12-27 03:41 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-20 12:41 - 2014-12-27 03:41 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-20 12:41 - 2014-12-27 03:41 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-20 12:41 - 2014-12-27 03:41 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-17 10:03 - 2014-12-27 06:33 - 00000000 ____D C:\Users\Sale
2015-12-17 09:20 - 2014-12-27 03:38 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 22:06 - 2015-02-27 18:59 - 00000000 ____D C:\Users\Sale\AppData\Roaming\BSplayer PRO
2015-12-16 15:10 - 2009-07-14 06:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-15 00:20 - 2015-07-19 20:56 - 00000000 ____D C:\Windows\Minidump
2015-12-14 11:06 - 2014-12-27 03:50 - 00000000 ____D C:\Users\Sale\AppData\Local\Skype
2015-12-14 11:06 - 2014-12-27 03:49 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-14 11:06 - 2014-12-27 03:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-14 11:06 - 2014-12-27 03:49 - 00000000 ____D C:\ProgramData\Skype
2015-12-10 00:42 - 2015-04-21 07:49 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 00:37 - 2015-04-21 07:49 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 16:42 - 2015-07-27 22:05 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 16:42 - 2015-07-27 22:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 16:42 - 2015-07-27 22:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-02 13:18 - 2014-12-27 03:52 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 08:13 - 2014-12-27 03:37 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 08:13 - 2014-12-27 03:37 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some files in TEMP:
====================
C:\Users\Sale\AppData\Local\Temp\APNSetup.exe
C:\Users\Sale\AppData\Local\Temp\BingSvc.exe
C:\Users\Sale\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Sale\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Sale\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx5h9ix.dll
C:\Users\Sale\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Sale\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Sale\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Sale\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Sale\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Sale\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Sale\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Sale\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sale\AppData\Local\Temp\Uninstall.exe
C:\Users\Sale\AppData\Local\Temp\utt3857.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 11:52

==================== End of FRST.txt ============================

Dopuna: 20 Dec 2015 23:12

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Sale (2015-12-20 23:02:31)
Running from C:\Users\Sale\Downloads
Windows 7 Ultimate (X64) (2014-12-27 05:32:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3565084443-3045908503-3846572112-500 - Administrator - Disabled)
Guest (S-1-5-21-3565084443-3045908503-3846572112-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3565084443-3045908503-3846572112-1002 - Limited - Enabled)
Sale (S-1-5-21-3565084443-3045908503-3846572112-1001 - Administrator - Enabled) => C:\Users\Sale

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.68.1077 - AB Team, d.o.o.)
Dropbox (HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Popcorn Time (HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\...\Popcorn Time) (Version: - Popcorn Official)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Unity Web Player (HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3565084443-3045908503-3846572112-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3565084443-3045908503-3846572112-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3565084443-3045908503-3846572112-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3565084443-3045908503-3846572112-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3565084443-3045908503-3846572112-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3565084443-3045908503-3846572112-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3565084443-3045908503-3846572112-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3565084443-3045908503-3846572112-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-12-2015 22:41:25 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3538564A-11F8-4044-98FA-304BD7FD614C} - System32\Tasks\{25519D67-C48B-47CE-A93D-42C305C5EBE3} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.85.102/sr/abandoninstall?page=tsProgressBar
Task: {48980F9E-3498-4AC9-860A-A47AF5455948} - System32\Tasks\{561987D7-554A-439B-8E8D-CC437516FC54} => pcalua.exe -a C:\Users\Sale\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-3.exe -d C:\Users\Sale\Downloads <==== ATTENTION
Task: {553A01F9-8FA8-461B-B5C6-DFA4547252FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {79D13D92-93EE-49CB-8984-4BBB1D61FC30} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {99E77278-37F1-4152-9CCA-40B6875A5895} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-20] (AVAST Software)
Task: {A9B07935-1DA0-4EEB-8B51-9C262B938537} - System32\Tasks\{1DA29D16-DF03-4F4C-B932-EC4DB37E6EEC} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.85.105/en/abandoninstall?page=tsProgressBar
Task: {AB37902D-E7B3-4A1A-8957-DCA4B4F93FCD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {D1EFEF5D-C185-4EF6-BFB3-BE0355F2EA17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DC0109F9-8495-4F95-A9B3-74DF5A5C88E4} - System32\Tasks\{C97D5F6E-91C2-49EC-B3D0-1D641A0A8D4B} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {F0227E38-50E4-4590-A26B-6A11885729AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-20 12:41 - 2015-12-20 12:41 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-20 12:41 - 2015-12-20 12:41 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-20 12:42 - 2015-12-20 12:42 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15122000\algo.dll
2015-12-20 12:41 - 2015-12-20 12:41 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-20 12:41 - 2015-12-20 12:41 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-17 09:20 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 09:20 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E18071A5-21DF-4D79-8509-420296140975}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6DD09208-7AB3-4C1E-9418-DDC7E3DF46B8}] => (Allow) C:\Users\Sale\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{483EB831-C8F9-423C-A9CD-4F0F3637BDCD}] => (Allow) C:\Users\Sale\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE7F86B4-43D1-48CF-A748-51DAABC31D5F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{EE119E37-D8B3-4C68-B44D-EB1D6CDE66F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{D26B4338-333E-4C92-96BE-9517B3EF3922}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9963D52B-0C76-444D-99F3-46ACD0094928}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [TCP Query User{06C95F2D-7B4D-4D37-B43A-A7BB4B490B20}C:\program files (x86)\Java\jre1.8.0_40\bin\jp2launcher.exe] => (Block) C:\program files (x86)\Java\jre1.8.0_40\bin\jp2launcher.exe
FirewallRules: [UDP Query User{958F307C-FE98-4227-91FA-6421C8163F3E}C:\program files (x86)\Java\jre1.8.0_40\bin\jp2launcher.exe] => (Block) C:\program files (x86)\Java\jre1.8.0_40\bin\jp2launcher.exe
FirewallRules: [TCP Query User{766793E5-D39C-4011-B9F5-12270C56BA93}C:\program files (x86)\valve\hl.exe] => (Block) C:\program files (x86)\valve\hl.exe
FirewallRules: [UDP Query User{0FBB3FC9-00B4-4AC4-BDDF-FA5012B6DD6D}C:\program files (x86)\valve\hl.exe] => (Block) C:\program files (x86)\valve\hl.exe
FirewallRules: [TCP Query User{FFF10788-CC45-4A0E-B109-A2C2F88C43A4}C:\program files\strogino cs portal\day of defeat source\hl2.exe] => (Allow) C:\program files\strogino cs portal\day of defeat source\hl2.exe
FirewallRules: [UDP Query User{45727B9A-3CA4-4E02-A2F1-AAFAC0FAEBBC}C:\program files\strogino cs portal\day of defeat source\hl2.exe] => (Allow) C:\program files\strogino cs portal\day of defeat source\hl2.exe
FirewallRules: [TCP Query User{A7F08E34-51BB-4724-85D4-2806AD97C40D}C:\games\cs 1.6 original\hl.exe] => (Allow) C:\games\cs 1.6 original\hl.exe
FirewallRules: [UDP Query User{92FF5D49-FAF8-4F85-A138-5F5FB1DF1A18}C:\games\cs 1.6 original\hl.exe] => (Allow) C:\games\cs 1.6 original\hl.exe
FirewallRules: [{DB6B3960-5727-4FF6-986B-B9095CCF0DC1}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [TCP Query User{3330A549-1E78-4C06-AD25-C5B71AA020F9}C:\users\sale\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\sale\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{F74B9D87-1DBF-4F99-8786-A31413571DFE}C:\users\sale\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\sale\appdata\local\popcorn time\nw.exe
FirewallRules: [{1199E290-CAE8-415D-9BE6-7172F62EBA73}] => (Allow) C:\Users\Sale\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3CD971AB-1270-44EB-87B7-0CC18B7CD5D8}] => (Allow) C:\Users\Sale\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7132281E-C5D9-4938-8868-2E3D3DC4764F}] => (Allow) C:\Users\Sale\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CEC284FE-C13D-4C9E-8DD2-8520DA44D20A}] => (Allow) C:\Users\Sale\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{234EBD41-8214-438C-83C3-366EE3C228ED}] => (Allow) C:\Users\Sale\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9FD8FB83-B063-4D3D-BE4F-99243FB5A784}] => (Allow) C:\Users\Sale\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6218D78-7624-4EC6-ABCC-AE373FD5BD07}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2015 09:23:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/20/2015 06:05:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/20/2015 12:44:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/19/2015 01:27:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/19/2015 01:25:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/19/2015 08:59:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/18/2015 09:08:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/18/2015 08:54:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/17/2015 10:03:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/16/2015 03:27:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (12/20/2015 10:57:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/20/2015 10:47:12 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (12/20/2015 07:58:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/20/2015 06:47:05 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (12/20/2015 12:05:26 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (12/19/2015 03:17:16 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (12/19/2015 01:27:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:25:34 on ‎19.‎12.‎2015 was unexpected.

Error: (12/19/2015 09:27:22 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/18/2015 11:43:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (12/18/2015 10:39:06 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 55%
Total physical RAM: 2046.49 MB
Available physical RAM: 914.38 MB
Total Virtual: 4092.98 MB
Available Virtual: 2596.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.18 GB) (Free:12.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:198.7 GB) (Free:73.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 794E794E)
Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=198.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Dopuna: 21 Dec 2015 18:37

Jel sam dobro poslao to sto treba i jel to dovoljno da me uputite da otklonim problem? Evo sad i sinu na profilu se pojavilo a niko mu nista nije poslao, tako da pretpostavljam da je taj virus sada u kompjuteru

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
CHR DefaultSuggestURL: Default -> hxxp://www.videosearchtoolsplus.com/suggest/CSuggestJson.ashx?prefix={searchTerms}&PCSF=SU_SUGGEST
CHR Extension: (plusnetwork) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijigdpcnkmgciealfpeophgocfpghhb [2015-10-09]
CHR Extension: (iLivid) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-05-07]
CHR HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Metacritic) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingjlcgfdiaihjljfbljpdgabjoohoif [2015-12-19]
C:\Users\Sale\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-3.exe -d C:\Users\Sale\Downloads <==== ATTENTION
C:\Users\Sale\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-3.exe
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Sale (2015-12-21 19:36:40) Run:1
Running from C:\Users\Sale\Desktop
Loaded Profiles: Sale (Available Profiles: Sale)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CHR DefaultSuggestURL: Default -> hxxp://www.videosearchtoolsplus.com/suggest/CSuggestJson.ashx?prefix={searchTerms}&PCSF=SU_SUGGEST
CHR Extension: (plusnetwork) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijigdpcnkmgciealfpeophgocfpghhb [2015-10-09]
CHR Extension: (iLivid) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-05-07]
CHR HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Metacritic) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingjlcgfdiaihjljfbljpdgabjoohoif [2015-12-19]
C:\Users\Sale\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-3.exe -d C:\Users\Sale\Downloads <==== ATTENTION
C:\Users\Sale\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-3.exe
EmptyTemp:
*****************

Restore point was successfully created.
Chrome DefaultSuggestURL => removed successfully
C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijigdpcnkmgciealfpeophgocfpghhb => moved successfully
C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nafaimnnclfjfedmmabolbppcngeolgf => moved successfully
"HKU\S-1-5-21-3565084443-3045908503-3846572112-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => key removed successfully
C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingjlcgfdiaihjljfbljpdgabjoohoif => moved successfully
"C:\Users\Sale\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-3.exe -d C:\Users\Sale\Downloads <==== ATTENTION" => not found.
"C:\Users\Sale\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-3.exe" => not found.
EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:38:35 ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt
------

Preuzmi Junkware Removal Tool ( JRT ) i sacuvaj ga na desktop.

zatvori browser i ostale pokrenute programe;

Privremeno deaktiviraj zastitni softver (Uputstvo);

dvoklikom na ikonicu pokreni program JRT;

Kod obavestenja "press any key" pritisnuti bilo koji taster i alat ce zapoceti skeniranje.
Napomena: u zavisnosti od sistemske specifikacije vreme skeniranja u nekim slucajevima moze da potraje.

Kada zavrsi otvorice se log sa izvestajem koji ce biti sacuvan na desktopu pod nazivom JRT.txt

Kopiraj sadrzaj tog loga u temu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x64
Ran by Sale (Administrator) on pon 21.12.2015 at 21:23:58,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pon 21.12.2015 at 21:27:07,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ponovo pokreni AdwCleaner i izaberi opciju Clean kad se skeniranje zavrsi.