Poslao: 19 Maj 2018 15:14
Dobar dan dobri ljudi.
Imam problem sa Chrome brauzerom. Prvo, na nekim sajtovima kad kliknem bilo gde na prozor (cak i na ocigled prazan prostor gde nema linkova) ucitava mi neke spam stranice koje nisam ni trazio. Drugo nekako su mi se pormetili "search engine-i" u Chrome-u, postavio sam da bude google al'i nije svuda tako. Samo je tako kad startujem brazuer, recimo posle kad otvorim novi tab i kucam u google bar otvori mi neki drugi "engine" (nadam se da me razumete).
Molio bih nekog ako ima slobodnog vremena da mi pomogne, Hvala unapred.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by belphegor (administrator) on BELPHEGOR-PC (19-05-2018 16:05:40)
Running from C:\Users\belphegor\Desktop
Loaded Profiles: belphegor (Available Profiles: belphegor)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
() C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\belphegor\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Greenshot)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-06] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-25] (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-3730584544-3141434021-1804594971-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-05-16] (Valve Corporation)
Startup: C:\Users\belphegor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk [2017-07-17]
ShortcutTarget: Omnimo.lnk -> C:\Users\belphegor\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe ()
Startup: C:\Users\belphegor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-07-11]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{6F0A77D3-26B0-4F87-92F3-A1487E69DEC7}: [DhcpNameServer]
Internet Explorer:
SearchScopes: HKU\S-1-5-21-3730584544-3141434021-1804594971-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=020D42C6-6423-4C5D-B805-1552C459B57A&doi=2016-09-01&gct=sb&qsrc=2869
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\\coIEPlg.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\\coIEPlg.dll No File
FF DefaultProfile: nzlhn5ep.default
FF ProfilePath: C:\Users\belphegor\AppData\Roaming\Mozilla\Firefox\Profiles\nzlhn5ep.default [2018-01-29]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @real.com/nppl3260;version= -> C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version= -> C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
CHR HomePage: Default -> hxxps://www.youtube.com/
CHR StartupUrls: Default -> "hxxps://www.google.rs/?gws_rd=cr&ei=6UMkWLDCAYH_sAH0moyADA"
CHR NewTab: Default -> Not-active:"chrome-extension://clgckgfbhciacomhlchmgdnplmdiadbj/newtab.html"
CHR Profile: C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default [2018-05-19]
CHR Extension: (Slides) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-07]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-05-14]
CHR Extension: (YouTube) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-07]
CHR Extension: (Adblock Plus) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17]
CHR Extension: (Handy Tab) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgckgfbhciacomhlchmgdnplmdiadbj [2018-03-17]
CHR Extension: (Google Search) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-04-07]
CHR Extension: (Save Tabs) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-10-06]
CHR Extension: (Sheets) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-07]
CHR Extension: (Substital) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkbiiikppgjdiebcabomlbidfodipjg [2017-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\belphegor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dgjepfldodmdfmdidhhgamnklbdibndi] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2017-06-10] (Autodesk) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-05-20] (EasyAntiCheat Ltd)
S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [735528 2018-05-15] (Reto-Moto ApS)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-06] (Logitech Inc.)
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
R2 mi-raysat_3dsmax9_32; C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31728 2015-11-12] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\\Definitions\SDSDefs\20170416.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\\Definitions\SDSDefs\20170416.007\NAVEX15.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-19 16:05 - 2018-05-19 16:05 - 000015131 _____ C:\Users\belphegor\Desktop\FRST.txt
2018-05-19 16:05 - 2018-05-19 16:05 - 000000000 ____D C:\FRST
2018-05-19 16:03 - 2018-05-19 16:03 - 002413056 _____ (Farbar) C:\Users\belphegor\Desktop\FRST64.exe
2018-05-18 21:36 - 2018-05-18 23:12 - 000000000 ____D C:\Users\belphegor\Desktop\CoD4_Export
2018-05-17 13:53 - 2018-05-17 21:28 - 000000000 ____D C:\Users\belphegor\Desktop\STALKER_ANIMS
2018-05-16 22:21 - 2018-05-16 22:21 - 000000931 _____ C:\Users\belphegor\Desktop\ConverterGUI.lnk
2018-04-30 14:21 - 2018-04-30 14:21 - 000001727 _____ C:\Users\belphegor\Desktop\PSx64.lnk
2018-04-25 18:36 - 2018-04-27 18:25 - 000000000 ____D C:\Users\belphegor\Documents\The Witcher 3
2018-04-25 18:36 - 2018-04-25 18:36 - 000000000 ____D C:\Users\belphegor\ansel
2018-04-25 18:29 - 2018-04-25 18:29 - 000001933 _____ C:\Users\Public\Desktop\The Witcher 3 - Wild Hunt.lnk
2018-04-25 18:29 - 2018-04-25 18:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-19 16:00 - 2017-06-13 09:39 - 000000000 ____D C:\Users\belphegor\AppData\Roaming\foobar2000
2018-05-19 15:30 - 2017-04-13 13:13 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-19 14:42 - 2017-04-07 00:31 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-19 13:42 - 2017-07-31 13:55 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-05-19 12:10 - 2009-07-14 06:45 - 000019888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-19 12:10 - 2009-07-14 06:45 - 000019888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-19 12:08 - 2009-07-14 07:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-19 12:08 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-05-19 12:02 - 2017-04-07 00:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-19 12:02 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-18 22:02 - 2017-04-09 19:11 - 000000000 ____D C:\Users\belphegor\AppData\Local\CrashDumps
2018-05-18 22:01 - 2017-08-20 22:47 - 000000000 ____D C:\Users\belphegor\AppData\Local\Compressonator
2018-05-18 21:33 - 2017-09-16 18:06 - 000000000 ____D C:\Users\belphegor\Documents\3DRipper
2018-05-18 19:52 - 2017-06-09 13:36 - 000000000 ____D C:\Users\belphegor\Documents\Visual Studio 2013
2018-05-17 19:47 - 2017-04-06 23:56 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 19:47 - 2017-04-06 23:56 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-17 19:21 - 2017-06-11 15:49 - 000000000 ____D C:\Users\belphegor\Documents\Visual Studio 2010
2018-05-17 17:26 - 2017-07-17 17:06 - 000000132 _____ C:\Users\belphegor\AppData\Roaming\Adobe Targa Format CS5 Prefs
2018-05-16 22:05 - 2017-06-10 13:11 - 000000000 ____D C:\Program Files (x86)\Autodesk
2018-05-16 16:32 - 2018-04-13 12:32 - 000000000 ____D C:\Users\belphegor\Desktop\My Project
2018-05-16 16:31 - 2017-09-11 17:05 - 000000000 ____D C:\Users\belphegor\Desktop\MetroLL
2018-05-16 14:09 - 2017-09-03 20:06 - 000000000 ____D C:\Users\belphegor\Desktop\Substance Materials
2018-05-15 20:47 - 2017-04-06 23:56 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-15 13:11 - 2017-09-21 07:56 - 000000000 ____D C:\Users\belphegor\Documents\Unreal Projects
2018-05-13 13:01 - 2018-03-24 15:18 - 000000000 ____D C:\Users\belphegor\AppData\Local\New Technology Studio
2018-05-13 09:25 - 2017-04-13 13:13 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-13 09:25 - 2017-04-13 13:13 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-13 09:25 - 2017-04-13 13:13 - 000004490 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-13 09:25 - 2017-04-13 13:13 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-13 09:25 - 2017-04-13 13:13 - 000000000 ____D C:\Users\belphegor\AppData\Local\Adobe
2018-05-11 11:31 - 2017-04-11 13:22 - 000000000 ____D C:\Users\belphegor\AppData\Local\Greenshot
2018-05-06 15:06 - 2017-10-04 13:50 - 000000000 ____D C:\Users\belphegor\AppData\Roaming\BitTorrent
2018-05-05 21:59 - 2017-09-20 20:21 - 000000000 ____D C:\ProgramData\Epic
2018-05-04 19:47 - 2017-04-08 11:05 - 000000000 ____D C:\Users\belphegor\AppData\Roaming\TS3Client
2018-05-04 19:47 - 2017-04-06 23:48 - 000000000 ____D C:\Users\belphegor
2018-05-03 21:15 - 2017-04-06 13:56 - 000000000 ____D C:\Users\belphegor\AppData\LocalLow\Heroes and Generals
2018-05-02 09:09 - 2017-09-20 20:26 - 000000000 ____D C:\Program Files\Epic Games
2018-05-01 01:43 - 2017-09-20 20:22 - 000000000 ____D C:\Users\belphegor\AppData\Local\UnrealEngine
2018-04-25 18:30 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-04-25 18:19 - 2017-05-11 20:55 - 000000000 ____D C:\games
2018-04-25 18:17 - 2018-03-22 13:38 - 000000000 ____D C:\Program Files\Rockstar Games
2018-04-25 18:17 - 2018-03-22 13:38 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
==================== Files in the root of some directories =======
2017-07-17 17:06 - 2018-05-17 17:26 - 000000132 _____ () C:\Users\belphegor\AppData\Roaming\Adobe Targa Format CS5 Prefs
2017-09-14 19:07 - 2017-09-14 19:40 - 000000582 _____ () C:\Users\belphegor\AppData\Local\Log.txt
Some files in TEMP:
2017-07-16 15:52 - 2017-07-16 15:52 - 000027136 _____ () C:\Users\belphegor\AppData\Local\Temp\5nxheqho.dll
2017-07-24 19:19 - 2012-01-23 20:49 - 000039336 _____ (Autodesk, Inc.) C:\Users\belphegor\AppData\Local\Temp\AcDeltree.exe
2017-08-02 17:47 - 2017-08-02 17:47 - 000161400 _____ () C:\Users\belphegor\AppData\Local\Temp\ce-swap.exe
2017-08-08 20:17 - 2017-08-08 20:17 - 000027136 _____ () C:\Users\belphegor\AppData\Local\Temp\fd5d0q5d.dll
2017-07-31 13:52 - 2017-07-31 15:47 - 001433424 _____ (Flexera Software, Inc.) C:\Users\belphegor\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-09-11 17:49 - 2009-04-30 04:04 - 000626688 ____R (Microsoft Corporation) C:\Users\belphegor\AppData\Local\Temp\msvcr80.dll
2017-07-17 14:25 - 2017-05-01 22:14 - 000367552 _____ (NVIDIA Corporation) C:\Users\belphegor\AppData\Local\Temp\nvStInst.exe
2018-05-13 12:57 - 2018-05-13 12:57 - 004559872 _____ (New Technology Studio) C:\Users\belphegor\AppData\Local\Temp\oivsetup-13052018125700.exe
2018-05-01 20:07 - 2018-05-13 13:01 - 004559872 _____ (New Technology Studio) C:\Users\belphegor\AppData\Local\Temp\ovi-uninstall.exe
2017-10-09 17:53 - 2017-10-09 17:53 - 013489912 _____ (Reimage) C:\Users\belphegor\AppData\Local\Temp\ReimagePackage.exe
2009-04-30 04:04 - 2009-04-30 04:04 - 000081408 ____R () C:\Users\belphegor\AppData\Local\Temp\SimPack.exe
2017-09-11 17:49 - 2009-04-30 04:04 - 000075264 ____R (Zlib) C:\Users\belphegor\AppData\Local\Temp\zlib1.dll
2017-08-28 15:58 - 2017-08-28 15:58 - 000027136 _____ () C:\Users\belphegor\AppData\Local\Temp\zsnr3twh.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-08 16:47
==================== End of FRST.txt ============================
Poslao: 19 Maj 2018 22:07
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by belphegor (19-05-2018 23:00:44) Run:1
Running from C:\Users\belphegor\Desktop
Loaded Profiles: belphegor (Available Profiles: belphegor)
Boot Mode: Normal
fixlist content:
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR NewTab: Default -> Not-active:"chrome-extension://clgckgfbhciacomhlchmgdnplmdiadbj/newtab.html"
CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dgjepfldodmdfmdidhhgamnklbdibndi] - hxxps://clients2.google.com/service/update2/crx
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"Chrome NewTab" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clgckgfbhciacomhlchmgdnplmdiadbj" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi" => removed successfully
The system needed a reboot.
==== End of Fixlog 23:00:44 ====
Citat:Idi na
i ukloni
Save Tabs
Ne mogu da nadjem te "ekstenzije", samo ovo ima:
Poslao: 20 Maj 2018 00:40
Nema veze. Sad odradi ovo:
Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish
Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.
• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.
Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.
Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.
• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.
Poslao: 20 Maj 2018 09:22
Reci mi kakvo je sad stanje.
Poslao: 20 Maj 2018 11:01
Sad radi kako treba. Da li mi treba jos FRST64 ili mogu da brisem ?
Hvala veliko.
Poslao: 20 Maj 2018 13:45
Preimenuj FRST64 u uninstall i pokreni ga. nakon pokretanja FRST će obrisati sebe i fajlove koje je kreirao.