MyCity » Ambulanta -> Arhiva Ambulante » chromesearch.today

chromesearch.today

Napisano na dan: 30.10.2017

chromesearch.today

Idi na vrh

Poslao: 30 Okt 2017 12:43
Idi na vrh
offline
  • coa93  Male
  • Zaslužni građanin
  • Pridružio: 31 Okt 2014
  • Poruke: 614

Izgleda da sam pokupio neki virus na netu.
Problem se desava kada kucam u pretrazivacu sta zelim da otvorim.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by coa (administrator) on DESKTOP-B575HEG (30-10-2017 12:41:06)
Running from C:\Users\coa\Desktop
Loaded Profiles: coa (Available Profiles: coa)
Platform: Windows 10 Enterprise Version 1703 15063.296 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(BitTorrent Inc.) C:\Users\coa\AppData\Roaming\BitTorrent\BitTorrent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
() C:\Program Files (x86)\Keepvid\KeepVid Pro (Desktop)\KeepVidProUpdateHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(BitTorrent Inc.) C:\Users\coa\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
(BitTorrent Inc.) C:\Users\coa\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\AMHelper.exe
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\Keepvid\KeepVid Pro (Desktop)\KeepVidProUpdateHelper.exe [33912 2017-09-06] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3614475087-424445266-3142295758-1003\...\Run: [BitTorrent] => C:\Users\coa\AppData\Roaming\BitTorrent\BitTorrent.exe [2150088 2017-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-3614475087-424445266-3142295758-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-3614475087-424445266-3142295758-1003\...\MountPoints2: {3c840e5d-3cd7-11e7-a91c-38d54715fb77} - "G:\stp-fifa18.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{faab609e-6583-4892-b175-285a87d1c7e8}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3614475087-424445266-3142295758-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-10-29] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2017-05-18] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2017-05-18] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-10-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2017-05-18] (Oracle Corporation)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-05-18] (Oracle Corporation)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\Program Files (x86)\Keepvid\KeepVid Pro (Desktop)\BrowserPlugin\KVBrowserAppMgr.dll [2017-09-06] ()
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File

FireFox:
========
FF HKU\S-1-5-21-3614475087-424445266-3142295758-1003\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Keepvid\KeepVid Pro (Desktop)\BrowserPlugin\kvallmytube@keepvid.com_xpi
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\Keepvid\KeepVid Pro (Desktop)\BrowserPlugin\kvallmytube@keepvid.com_xpi [2017-10-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-05-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2017-05-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2017-05-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)

Chrome:
=======
CHR NewTab: Default -> Not-active:"chrome-extension://mfgilljjaeapdagnljjmlihendmkbgho/stubby.html"
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
CHR Profile: C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default [2017-10-30]
CHR Extension: (Презентације) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Документи) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google диск) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-16]
CHR Extension: (YouTube) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-16]
CHR Extension: (Табеле) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google документи офлајн) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-16]
CHR Extension: (Ask Web Search) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgadloddempmemeinnpmhfopklhiaedh [2017-10-15]
CHR Extension: (Easy Timer) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljlcojjbmffoecdmhomhgfjhkllhknp [2017-10-29]
CHR Extension: (PConverter) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgilljjaeapdagnljjmlihendmkbgho [2017-06-16]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-29]
CHR HKU\S-1-5-21-3614475087-424445266-3142295758-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923880 2017-10-23] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [439800 2016-06-03] (Intel Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365048 2016-06-03] (Intel Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 WsDrvInst; "C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-05-18] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-05-18] (Disc Soft Ltd)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-30 12:41 - 2017-10-30 12:41 - 000017363 _____ C:\Users\coa\Desktop\FRST.txt
2017-10-30 12:40 - 2017-10-30 12:41 - 000000000 ____D C:\FRST
2017-10-30 12:40 - 2017-10-30 12:40 - 002403328 _____ (Farbar) C:\Users\coa\Desktop\FRST64.exe
2017-10-30 12:13 - 2017-10-30 12:13 - 000000000 ____D C:\Users\coa\AppData\LocalLow\BitTorrent
2017-10-29 20:16 - 2017-10-29 20:16 - 000000000 _____ C:\autoexec.bat
2017-10-29 20:15 - 2017-10-29 21:33 - 000000000 ____D C:\Users\coa\AppData\Roaming\Enigma Software Group
2017-10-29 20:10 - 2017-10-29 20:10 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\coa\Desktop\SpyHunter-Installer.exe
2017-10-29 20:08 - 2017-10-29 20:08 - 000000549 _____ C:\Users\coa\Desktop\delete_chrome_policies.bat
2017-10-29 18:06 - 2017-10-29 18:06 - 000001439 _____ C:\Users\Public\Desktop\KeepVid Pro.lnk
2017-10-29 18:06 - 2017-10-29 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
2017-10-29 18:05 - 2017-10-29 18:05 - 000000000 ____D C:\Program Files (x86)\Keepvid
2017-10-29 18:00 - 2017-10-29 18:00 - 000988352 _____ C:\Users\coa\Desktop\keepvid-pro-desktop_setup_full2957.exe
2017-10-29 17:57 - 2017-10-29 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-10-29 17:57 - 2017-10-29 17:57 - 000000000 ____D C:\Program Files (x86)\4KDownload
2017-10-29 17:53 - 2017-10-29 17:55 - 036022613 _____ C:\Users\coa\Desktop\4k Video Downloader V 4.2.rar
2017-10-29 17:51 - 2017-10-29 17:51 - 000002905 _____ C:\Users\coa\Desktop\4k_Video_Downloader_4322215_(zabranjeno).xht
2017-10-29 17:39 - 2017-10-29 17:57 - 000001333 _____ C:\Users\coa\Desktop\4K Video Downloader.lnk
2017-10-29 17:39 - 2017-10-29 17:39 - 000000000 ____D C:\Users\coa\AppData\Local\4kdownload.com
2017-10-26 10:35 - 2017-10-26 10:35 - 000000000 ____D C:\Users\coa\Desktop\stadiumpackV2.2_www.peslover.com
2017-10-26 10:05 - 2017-10-26 10:19 - 178377980 _____ C:\Users\coa\Desktop\stadiumpackV2.2_www.peslover.com.rar
2017-10-21 17:55 - 2017-10-21 17:55 - 000001248 _____ C:\Users\coa\Desktop\PES2017 - Shortcut.lnk
2017-10-21 17:03 - 2017-10-21 17:03 - 000000000 ____D C:\Users\coa\Desktop\DpFileListGeneratorData
2017-10-21 16:51 - 2016-09-17 07:00 - 000190464 _____ C:\Users\coa\Desktop\PES 2017 - DpFileList Generator by Baris.exe
2017-10-21 16:48 - 2017-10-21 16:48 - 000000000 ____D C:\Users\coa\Documents\KONAMI
2017-10-21 15:24 - 2017-10-21 15:24 - 000000617 _____ C:\Users\Public\Desktop\PES 2017 Settings.lnk
2017-10-21 15:24 - 2017-10-21 15:24 - 000000611 _____ C:\Users\Public\Desktop\Pro Evolution Soccer 2017.lnk
2017-10-20 20:54 - 2017-10-30 12:40 - 000000000 ____D C:\Users\coa\Downloads\era
2017-10-19 22:17 - 2017-10-19 22:17 - 000000000 ____D C:\Users\coa\Documents\FLiNGTrainer
2017-10-19 20:21 - 2017-10-19 20:53 - 000000000 ____D C:\Users\coa\Documents\My Cheat Tables
2017-10-19 20:21 - 2017-10-19 20:21 - 000001154 _____ C:\Users\coa\Desktop\Cheat Engine.lnk
2017-10-19 20:21 - 2017-10-19 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7
2017-10-19 20:21 - 2017-10-19 20:21 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2017-10-16 16:58 - 2017-10-19 22:50 - 000000553 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESTN 2017 SELECTOR.lnk
2017-10-15 18:41 - 2017-10-15 18:49 - 000424097 _____ C:\Users\coa\Desktop\vig.pdf
2017-10-15 18:13 - 2017-10-15 18:14 - 000000000 ____D C:\Users\coa\Desktop\c++
2017-10-15 18:10 - 2017-10-15 18:10 - 000001065 _____ C:\Users\coa\Desktop\Dev-C++.lnk
2017-10-15 18:10 - 2017-10-15 18:10 - 000000000 ____D C:\Users\coa\AppData\Roaming\Dev-Cpp
2017-10-15 18:10 - 2017-10-15 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2017-10-15 18:10 - 2017-10-15 18:10 - 000000000 ____D C:\Program Files (x86)\Dev-Cpp
2017-10-14 13:03 - 2017-10-20 16:50 - 000000000 ____D C:\Users\coa\Downloads\classic patch
2017-10-14 12:51 - 2017-10-14 12:56 - 066390755 _____ C:\Users\coa\Downloads\PES Professionals Patch 2017 V3.4.rar
2017-10-13 21:05 - 2017-10-13 21:05 - 003276557 _____ C:\Users\coa\Downloads\Windows_Activator.zip
2017-10-08 11:38 - 2017-10-08 11:38 - 000000717 _____ C:\Users\Public\Desktop\FIFA18.lnk
2017-10-08 11:38 - 2017-10-08 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA18
2017-10-07 21:25 - 2017-10-07 21:25 - 000023022 _____ C:\Users\coa\Downloads\FIFA.18.Update.2.and.(zabranjeno).Only-STEAMPUNKS.torrent
2017-10-06 21:05 - 2017-10-06 21:05 - 000165373 _____ C:\Users\coa\Downloads\WWE.2k16.MULTi6-REPACK.torrent
2017-10-05 21:48 - 2017-10-05 21:59 - 000000000 ____D C:\Users\coa\Documents\FIFA 18
2017-10-05 19:29 - 2017-10-05 19:29 - 008706355 _____ C:\Users\coa\Downloads\santaclausintroubleni.zip
2017-10-05 16:41 - 2017-10-05 16:41 - 000000000 ____D C:\ProgramData\Steam
2017-10-05 16:38 - 2017-10-05 16:45 - 226828288 _____ C:\Users\coa\Downloads\NBA.2K15.Update.2-BAT.iso
2017-10-05 16:35 - 2017-10-05 16:40 - 201822208 _____ C:\Users\coa\Downloads\NBA.2K15.Update.1-BAT.iso
2017-10-05 16:07 - 2017-10-05 16:07 - 000000503 _____ C:\Users\Public\Desktop\NBA 2K15.lnk
2017-10-05 16:07 - 2017-10-05 16:07 - 000000503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K15.lnk
2017-10-03 21:16 - 2017-10-03 21:16 - 000096181 _____ C:\Users\coa\Downloads\NBA.2K15-RELOADED-[rarbg.com].torrent
2017-10-03 12:11 - 2017-10-03 12:11 - 000000998 _____ C:\Users\Public\Desktop\Pro Evolution Soccer 2018 - Settings.lnk
2017-10-03 12:11 - 2017-10-03 12:11 - 000000991 _____ C:\Users\Public\Desktop\Pro Evolution Soccer 2018.lnk
2017-10-03 12:11 - 2017-10-03 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2018
2017-10-03 05:49 - 2017-10-03 05:49 - 000000000 ____D C:\Users\coa\AppData\Local\FortniteGame
2017-10-02 22:53 - 2017-10-02 22:53 - 000000000 ____D C:\Program Files\Epic Games
2017-10-02 22:42 - 2017-10-03 05:49 - 000000000 ____D C:\Users\coa\AppData\Local\UnrealEngine
2017-10-02 22:42 - 2017-10-02 22:42 - 000000000 ____D C:\Users\coa\AppData\Local\UnrealEngineLauncher
2017-10-02 22:42 - 2017-10-02 22:42 - 000000000 ____D C:\Users\coa\AppData\Local\EpicGamesLauncher
2017-10-02 22:41 - 2017-10-02 22:48 - 000000000 ____D C:\ProgramData\Epic
2017-10-02 22:41 - 2017-10-02 22:41 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-10-02 22:41 - 2017-10-02 22:41 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-10-02 22:41 - 2017-10-02 22:41 - 000000000 ____D C:\Program Files (x86)\Epic Games
2017-10-02 22:39 - 2017-10-02 22:41 - 031653888 _____ C:\Users\coa\Downloads\EpicInstaller-6.5.0.msi
2017-10-02 17:17 - 2017-10-02 17:17 - 000063477 _____ C:\Users\coa\Downloads\Pro.Evolution.Soccer.2018-CPY.torrent
2017-10-02 17:17 - 2017-10-02 17:17 - 000039944 _____ C:\Users\coa\Downloads\FIFA.18-STEAMPUNKS.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-30 12:38 - 2017-05-18 14:31 - 000000000 ____D C:\Users\coa\AppData\Roaming\BitTorrent
2017-10-30 12:14 - 2017-05-16 16:41 - 000000000 ____D C:\Users\coa
2017-10-30 12:13 - 2017-05-16 16:41 - 000000000 __SHD C:\Users\coa\IntelGraphicsProfiles
2017-10-30 12:13 - 2017-05-12 20:48 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-30 12:07 - 2017-05-13 05:29 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-10-29 18:06 - 2017-05-14 13:02 - 000000000 ____D C:\Users\Public\Documents\Keepvid
2017-10-29 17:42 - 2017-05-13 12:28 - 000001854 __RSH C:\ProgramData\ntuser.pol
2017-10-29 17:42 - 2017-03-18 22:03 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-10-29 13:00 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-29 12:59 - 2017-05-21 14:01 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-10-29 12:59 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-29 12:58 - 2017-05-21 14:00 - 000000000 ____D C:\Program Files\Microsoft Office
2017-10-28 12:58 - 2017-05-12 20:39 - 001497502 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-28 12:52 - 2017-05-13 05:29 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-25 16:53 - 2017-03-18 22:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-25 16:53 - 2017-03-18 22:03 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-23 20:45 - 2017-07-27 18:43 - 000003372 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3614475087-424445266-3142295758-1003
2017-10-23 20:45 - 2017-05-16 16:44 - 000002357 _____ C:\Users\coa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-23 20:45 - 2017-05-16 16:44 - 000000000 ___RD C:\Users\coa\OneDrive
2017-10-21 16:53 - 2017-09-22 00:25 - 000000793 _____ C:\Users\coa\Desktop\PTE Patch Selector.lnk
2017-10-21 16:48 - 2017-05-18 20:07 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-10-21 14:54 - 2017-03-18 12:40 - 000786432 _____ C:\Windows\system32\config\BBI
2017-10-15 17:38 - 2017-05-16 16:41 - 000000000 ____D C:\Users\coa\AppData\Local\Packages
2017-10-14 20:04 - 2017-03-18 22:03 - 000000000 ____D C:\Windows\LiveKernelReports
2017-10-13 21:44 - 2017-05-16 16:41 - 000000000 ____D C:\Users\coa\AppData\Local\VirtualStore
2017-10-13 21:38 - 2017-05-13 12:54 - 000003324 _____ C:\Windows\System32\Tasks\UpdateService
2017-10-10 16:25 - 2017-05-13 12:57 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-10-05 21:48 - 2017-05-18 18:56 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-05 16:44 - 2017-06-19 09:56 - 000000000 ____D C:\Users\coa\AppData\Roaming\2K Sports
2017-10-03 12:15 - 2017-09-21 10:16 - 000000000 ____D C:\ProgramData\KONAMI

==================== Files in the root of some directories =======

2017-10-13 21:06 - 2017-10-13 21:06 - 001379328 ___SH () C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe
2017-05-24 17:44 - 2017-05-24 17:44 - 000000003 _____ () C:\Users\coa\AppData\Local\updater.log
2017-05-24 17:44 - 2017-05-24 17:44 - 000000425 _____ () C:\Users\coa\AppData\Local\UserProducts.xml
2017-05-12 20:41 - 2017-05-12 20:41 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\coa\AppData\Roaming\Origin\update.vbe


Some files in TEMP:
====================
2017-06-19 10:44 - 2017-06-19 10:44 - 007850088 _____ (Microsoft Corporation) C:\Users\coa\AppData\Local\Temp\BingBarSetup-Partner.exe
2017-05-21 13:43 - 2017-05-21 13:43 - 001196392 _____ ( ) C:\Users\coa\AppData\Local\Temp\ICReinstall_microsoft-powerpoint-2010_0165483719.exe
2017-07-24 17:05 - 2017-07-24 17:05 - 000740416 _____ (Oracle Corporation) C:\Users\coa\AppData\Local\Temp\jre-8u144-windows-au.exe
2013-07-28 20:01 - 2013-07-28 20:01 - 000486806 _____ () C:\Users\coa\AppData\Local\Temp\update.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-29 18:13

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

Poslao: 30 Okt 2017 16:02
Idi na vrh
offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Pozdrav, zamolio bih te da ukloniš Popcorn Time preko Control Panela.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
() C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3614475087-424445266-3142295758-1003\...\MountPoints2: {3c840e5d-3cd7-11e7-a91c-38d54715fb77} - "G:\stp-fifa18.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3614475087-424445266-3142295758-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
CHR NewTab: Default -> Not-active:"chrome-extension://mfgilljjaeapdagnljjmlihendmkbgho/stubby.html"
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms} CHR Extension: (Ask Web Search) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgadloddempmemeinnpmhfopklhiaedh [2017-10-15]
CHR Extension: (Ask Web Search) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgadloddempmemeinnpmhfopklhiaedh [2017-10-15]
CHR Extension: (Easy Timer) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljlcojjbmffoecdmhomhgfjhkllhknp [2017-10-29]
CHR Extension: (PConverter) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgilljjaeapdagnljjmlihendmkbgho [2017-06-16]
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
C:\Users\coa\AppData\Roaming\Origin\update.vbe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0774F41A-5F22-4278-B05D-B0EC8016B23F} - System32\Tasks\UpdateService => C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe [2017-10-13] () <==== ATTENTION
Task: {5AEA8B20-6496-40BD-9BA5-2C7133F79FE2} - System32\Tasks\Origin => C:\Users\coa\AppData\Roaming\Origin\update.vbe [2017-05-20] () <==== ATTENTION
C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe
FirewallRules: [{9C53585D-05D2-42A1-B5B4-215E590896C5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DD6BEAC3-5CB4-448D-A1AE-1C7B1B289599}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{1B7054D4-9639-4295-A801-2625FF27BB4A}C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe
FirewallRules: [UDP Query User{D5AA2686-3E49-4D32-B0C6-0E3846CEB02B}C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Poslao: 30 Okt 2017 20:44
Idi na vrh
offline
  • coa93  Male
  • Zaslužni građanin
  • Pridružio: 31 Okt 2014
  • Poruke: 614

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by coa (30-10-2017 20:40:13) Run:1
Running from C:\Users\coa\Desktop
Loaded Profiles: coa (Available Profiles: coa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
() C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3614475087-424445266-3142295758-1003\...\MountPoints2: {3c840e5d-3cd7-11e7-a91c-38d54715fb77} - "G:\stp-fifa18.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3614475087-424445266-3142295758-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
CHR NewTab: Default -> Not-active:"chrome-extension://mfgilljjaeapdagnljjmlihendmkbgho/stubby.html"
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms} CHR Extension: (Ask Web Search) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgadloddempmemeinnpmhfopklhiaedh [2017-10-15]
CHR Extension: (Ask Web Search) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgadloddempmemeinnpmhfopklhiaedh [2017-10-15]
CHR Extension: (Easy Timer) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljlcojjbmffoecdmhomhgfjhkllhknp [2017-10-29]
CHR Extension: (PConverter) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgilljjaeapdagnljjmlihendmkbgho [2017-06-16]
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
C:\Users\coa\AppData\Roaming\Origin\update.vbe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0774F41A-5F22-4278-B05D-B0EC8016B23F} - System32\Tasks\UpdateService => C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe [2017-10-13] () <==== ATTENTION
Task: {5AEA8B20-6496-40BD-9BA5-2C7133F79FE2} - System32\Tasks\Origin => C:\Users\coa\AppData\Roaming\Origin\update.vbe [2017-05-20] () <==== ATTENTION
C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe
FirewallRules: [{9C53585D-05D2-42A1-B5B4-215E590896C5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DD6BEAC3-5CB4-448D-A1AE-1C7B1B289599}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{1B7054D4-9639-4295-A801-2625FF27BB4A}C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe
FirewallRules: [UDP Query User{D5AA2686-3E49-4D32-B0C6-0E3846CEB02B}C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe
EmptyTemp:
*****************

Restore point was successfully created.
[7264] C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe => process closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-3614475087-424445266-3142295758-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c840e5d-3cd7-11e7-a91c-38d54715fb77} => key removed successfully
HKLM\Software\Classes\CLSID\{3c840e5d-3cd7-11e7-a91c-38d54715fb77} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-3614475087-424445266-3142295758-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome => key removed successfully
Chrome NewTab => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => not found.
CHR Extension: (Ask Web Search) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgadloddempmemeinnpmhfopklhiaedh [2017-10-15] => Error: No automatic fix found for this entry.
CHR Extension: (Easy Timer) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljlcojjbmffoecdmhomhgfjhkllhknp [2017-10-29] => Error: No automatic fix found for this entry.
CHR Extension: (PConverter) - C:\Users\coa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgilljjaeapdagnljjmlihendmkbgho [2017-06-16] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik => key removed successfully
C:\Users\coa\AppData\Roaming\Origin\update.vbe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0774F41A-5F22-4278-B05D-B0EC8016B23F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0774F41A-5F22-4278-B05D-B0EC8016B23F} => key removed successfully
C:\Windows\System32\Tasks\UpdateService => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateService => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AEA8B20-6496-40BD-9BA5-2C7133F79FE2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AEA8B20-6496-40BD-9BA5-2C7133F79FE2} => key removed successfully
C:\Windows\System32\Tasks\Origin => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin => key removed successfully
C:\Users\coa\AppData\Roaming\Microsoft\taskhw.exe => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C53585D-05D2-42A1-B5B4-215E590896C5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD6BEAC3-5CB4-448D-A1AE-1C7B1B289599} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1B7054D4-9639-4295-A801-2625FF27BB4A}C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D5AA2686-3E49-4D32-B0C6-0E3846CEB02B}C:\users\coa\appdata\local\popcorn-time\popcorn-time.exe => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36125299 B
Java, Flash, Steam htmlcache => 82585219 B
Windows/system/drivers => 55502831 B
Edge => 15641 B
Chrome => 221661179 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile32 => 18110 B
LocalService => 26242 B
NetworkService => 1654 B
coa => 6696450510 B

RecycleBin => 103741298 B
EmptyTemp: => 6.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:41:12 ====

Poslao: 31 Okt 2017 18:21
Idi na vrh
offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.


Zatim:


Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.

Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Javi kakvo je stanje nakon ovoga.


Na kraju:

Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga.

Uđi u folder C:\FRST
Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici



Kao Archive format izaberi RAR5 ili RAR
Za Compression method odaberi Best
U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona)
Na desnoj strani označi opciju Create Solid Archive (pogledaj sliku dole)



Klikni na OK
Kada WinRAR završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na:
https://www.mycity.rs/ambulanta-upload.php

MyCity » Ambulanta -> Arhiva Ambulante » chromesearch.today

Ko je trenutno na forumu
 

Ukupno su 1109 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 1062 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Andrija357, Apok, babaroga, bobomicek, bojcistv, cemix, darcaud, darios, debeli, DeerHunter, dekir, DENIRO, DPera, draggan, Frunze, Hans Gajger, havoc995, ivan979, Klecaviks, kokodakalo, ladro, Lidija, madza, Mercury, Milan A. Nikolic, mile23, milenko crazy north, Motocar, nenad81, okopanja, procesor, raketaš, sasa87, savaskytec, shaja1, Trpe Grozni, tubular, vranjanac29, wizzardone, wolverined4, zdrebac