Provera

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 03 Dec 2016 19:09

Kompijuter koci haos.svaki program kad udjem i ako udjem u jos nesto osim toga pise not responding taj program sto sam u prvi usao,npr dok sam radio sad ovaj izvestaj frst i krenuo da udjem u net frst je zakocio,mozzila koci haos,izbacuje mi uvek nesto da stopiram neki crash,nzm ima problema sto nzm ni odakle poceti vise ,nisam davno radio proveru

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2016
Ran by Dezika (administrator) on DEZIKA-PC (03-12-2016 18:56:12)
Running from C:\Users\Dezika\Desktop
Loaded Profiles: Dezika (Available Profiles: Dezika)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Windows\System32\UMonit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Skillbrains) C:\Program Files\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12336856 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [UMonit] => C:\Windows\System32\UMonit.exe [53832 2015-07-09] ()
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\MountPoints2: {030dcc60-bb49-11e4-a925-0015831080cf} - G:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BlueSoleil.lnk [2015-02-09]
ShortcutTarget: BlueSoleil.lnk -> C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe (IVT Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{2CD06948-3AC5-400C-A27A-D1047A13D5B0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2CD06948-3AC5-400C-A27A-D1047A13D5B0}: [DhcpNameServer] 89.216.1.40 89.216.1.50

Internet Explorer:
==================
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={DC92F805-B8EF-4B93-81C9-970BC98338CE}&i=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {56A6675A-C3F1-4164-AF06-9EAA6D899E7E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {5DC635CC-4FDE-4734-AC25-263D8C50AA34} URL = hxxp://search.eshield.com/serp?guid={DC92F805-B8EF-4B93-81C9-970BC98338CE}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {76AE1CD4-CDB9-4134-9DAE-BCED78D31B50} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Handler: WSISVCUchrome - No CLSID Value -

FireFox:
========
FF ProfilePath: C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\q95f7bis.default-1478891569126 [2016-12-03]
FF Extension: (Adblock Plus) - C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\q95f7bis.default-1478891569126\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3609390036-2450797130-3040472919-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dezika\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
S4 BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [166520 2007-12-27] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-10-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-10-13] (NVIDIA Corporation)
S4 Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [51816 2007-12-27] ()
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-08] (TeamViewer GmbH)
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-09] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2015-02-12] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34312 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27656 2007-06-24] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [38920 2007-06-24] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-02-23] (Disc Soft Ltd)
R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [105392 2015-07-09] (GenesysLogic)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2015-10-13] (NVIDIA Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-03 18:56 - 2016-12-03 18:59 - 00011799 _____ C:\Users\Dezika\Desktop\FRST.txt
2016-12-03 18:56 - 2016-12-03 18:56 - 00000000 ____D C:\FRST
2016-12-03 18:54 - 2016-12-03 18:54 - 01761280 _____ (Farbar) C:\Users\Dezika\Desktop\FRST.exe
2016-12-03 17:06 - 2014-02-20 02:15 - 00000000 ____D C:\Users\Dezika\Desktop\CoreParkingManager
2016-12-03 00:01 - 2016-12-03 00:35 - 00000000 ____D C:\Program Files\ReviverSoft
2016-12-02 23:59 - 2016-12-03 00:00 - 38018056 _____ (ReviverSoft) C:\Users\Dezika\Downloads\PCReviverSetup.exe
2016-12-02 17:40 - 2016-12-02 17:40 - 00001503 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-12-02 17:40 - 2016-12-02 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-12-02 17:33 - 2016-12-02 17:33 - 32529256 _____ (Riot Games) C:\Users\Dezika\Downloads\LeagueofLegends_EUNE_Installer_2016_11_10.exe
2016-12-02 12:39 - 2016-12-02 12:39 - 00000000 ____D C:\ProgramData\Riot Games
2016-12-02 12:27 - 2016-12-02 12:27 - 00614520 _____ C:\Users\Dezika\Downloads\PBE_Client_Shell.zip
2016-12-01 23:52 - 2016-12-02 12:33 - 00000000 __SHD C:\AI_RecycleBin
2016-11-23 16:26 - 2016-12-03 19:00 - 00000000 ____D C:\Users\Dezika\AppData\LocalLow\Mozilla
2016-11-23 14:58 - 2016-12-02 10:32 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-03 18:53 - 2016-03-13 00:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-03 18:35 - 2016-08-19 22:26 - 00000000 ____D C:\Program Files\Steam
2016-12-03 18:19 - 2009-07-14 05:34 - 00028704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-03 18:19 - 2009-07-14 05:34 - 00028704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-03 18:11 - 2015-02-06 17:15 - 00000000 ____D C:\ProgramData\MCShield
2016-12-03 18:11 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-03 18:05 - 2015-02-04 02:37 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\Winamp
2016-12-02 22:50 - 2015-08-15 18:04 - 00000000 ____D C:\Users\Dezika\Downloads\PopcornTime
2016-12-02 22:37 - 2015-05-15 21:28 - 00663768 _____ C:\Windows\system32\perfh01D.dat
2016-12-02 22:37 - 2015-05-15 21:28 - 00142582 _____ C:\Windows\system32\perfc01D.dat
2016-12-02 22:37 - 2015-05-15 21:10 - 00428472 _____ C:\Windows\system32\perfh012.dat
2016-12-02 22:37 - 2015-05-15 21:10 - 00120492 _____ C:\Windows\system32\perfc012.dat
2016-12-02 22:37 - 2015-05-15 18:05 - 00416826 _____ C:\Windows\system32\perfh011.dat
2016-12-02 22:37 - 2015-05-15 18:05 - 00122208 _____ C:\Windows\system32\perfc011.dat
2016-12-02 22:37 - 2015-05-15 17:29 - 00481550 _____ C:\Windows\system32\perfh00B.dat
2016-12-02 22:37 - 2015-05-15 17:29 - 00101628 _____ C:\Windows\system32\perfc00B.dat
2016-12-02 22:37 - 2015-05-15 16:58 - 00743546 _____ C:\Windows\system32\perfh013.dat
2016-12-02 22:37 - 2015-05-15 16:58 - 00153210 _____ C:\Windows\system32\perfc013.dat
2016-12-02 22:37 - 2015-05-15 16:46 - 00494562 _____ C:\Windows\system32\perfh014.dat
2016-12-02 22:37 - 2015-05-15 16:46 - 00095512 _____ C:\Windows\system32\perfc014.dat
2016-12-02 22:37 - 2015-05-15 16:17 - 00607036 _____ C:\Windows\system32\perfh008.dat
2016-12-02 22:37 - 2015-05-15 16:17 - 00111236 _____ C:\Windows\system32\perfc008.dat
2016-12-02 22:37 - 2015-05-15 15:59 - 00740094 _____ C:\Windows\system32\perfh010.dat
2016-12-02 22:37 - 2015-05-15 15:59 - 00146954 _____ C:\Windows\system32\perfc010.dat
2016-12-02 22:37 - 2015-05-15 15:49 - 00668888 _____ C:\Windows\system32\perfh005.dat
2016-12-02 22:37 - 2015-05-15 15:49 - 00141534 _____ C:\Windows\system32\perfc005.dat
2016-12-02 22:37 - 2015-05-15 15:40 - 00479062 _____ C:\Windows\system32\perfh001.dat
2016-12-02 22:37 - 2015-05-15 15:40 - 00094880 _____ C:\Windows\system32\perfc001.dat
2016-12-02 22:37 - 2015-05-15 15:26 - 00745764 _____ C:\Windows\system32\perfh00C.dat
2016-12-02 22:37 - 2015-05-15 15:26 - 00149688 _____ C:\Windows\system32\perfc00C.dat
2016-12-02 22:37 - 2015-05-15 15:14 - 00729066 _____ C:\Windows\system32\prfh0816.dat
2016-12-02 22:37 - 2015-05-15 15:14 - 00153014 _____ C:\Windows\system32\prfc0816.dat
2016-12-02 22:37 - 2015-05-15 15:03 - 00521844 _____ C:\Windows\system32\perfh006.dat
2016-12-02 22:37 - 2015-05-15 15:03 - 00102952 _____ C:\Windows\system32\perfc006.dat
2016-12-02 22:37 - 2015-05-15 14:52 - 00745504 _____ C:\Windows\system32\perfh00A.dat
2016-12-02 22:37 - 2015-05-15 14:52 - 00158582 _____ C:\Windows\system32\perfc00A.dat
2016-12-02 22:37 - 2015-05-15 14:39 - 00398390 _____ C:\Windows\system32\prfh0404.dat
2016-12-02 22:37 - 2015-05-15 14:39 - 00115198 _____ C:\Windows\system32\prfc0404.dat
2016-12-02 22:37 - 2015-05-15 14:30 - 00740406 _____ C:\Windows\system32\perfh015.dat
2016-12-02 22:37 - 2015-05-15 14:30 - 00155980 _____ C:\Windows\system32\perfc015.dat
2016-12-02 22:37 - 2015-04-22 12:34 - 00713928 _____ C:\Windows\system32\prfh0416.dat
2016-12-02 22:37 - 2015-04-22 12:34 - 00147764 _____ C:\Windows\system32\prfc0416.dat
2016-12-02 22:37 - 2015-04-22 12:22 - 00709638 _____ C:\Windows\system32\perfh007.dat
2016-12-02 22:37 - 2015-04-22 12:22 - 00153410 _____ C:\Windows\system32\perfc007.dat
2016-12-02 22:37 - 2015-04-22 12:09 - 00656730 _____ C:\Windows\system32\perfh01F.dat
2016-12-02 22:37 - 2015-04-22 12:09 - 00140108 _____ C:\Windows\system32\perfc01F.dat
2016-12-02 22:37 - 2010-11-20 22:01 - 14822088 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-02 22:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-12-02 17:45 - 2015-02-04 03:27 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\Riot Games
2016-12-02 10:32 - 2016-03-17 20:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-23 13:25 - 2015-02-04 02:06 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\Skype
2016-11-23 12:46 - 2015-02-04 00:29 - 00000000 ____D C:\ProgramData\Skype
2016-11-23 12:45 - 2016-04-22 23:22 - 00000000 ___RD C:\Program Files\Skype
2016-11-18 17:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-17 12:43 - 2009-07-14 05:53 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-08 19:53 - 2016-03-13 00:17 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 19:53 - 2016-03-13 00:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-08 19:53 - 2015-02-05 23:27 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-03 18:47 - 2015-08-22 12:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-07-01 20:20 - 2016-07-01 20:25 - 50063360 _____ () C:\Program Files\GUT7233.tmp
2015-08-07 21:16 - 2015-08-07 21:16 - 13545694 _____ () C:\Users\Dezika\AppData\Local\package.nw.new
2015-03-29 13:10 - 2015-03-29 13:10 - 0000017 _____ () C:\Users\Dezika\AppData\Local\resmon.resmoncfg
2016-05-17 22:21 - 2016-05-17 22:21 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-25 18:23

==================== End of FRST.txt ============================

https://www.mycity.rs/must-login.png

Dopuna: 03 Dec 2016 19:14

zaboravio sam da dodam da nece da updatuje windows kada krenem cekam dugo i od jednom greska nece da izvrsi update

Dopuna: 03 Dec 2016 19:16

ovo mi se desilo dok sam ulazio

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav!

Dostavi screenshoot don't send prozora, ako mozes.
Takodje, pokusaj da oslobodis jos prostora na particijama, pa Windows update mozda prodje.



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
File: C:\Windows\System32\UMonit.exe
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\MountPoints2: {030dcc60-bb49-11e4-a925-0015831080cf} - G:\setup.exe
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={DC92F805-B8EF-4B93-81C9-970BC98338CE}&i=
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {5DC635CC-4FDE-4734-AC25-263D8C50AA34} URL = hxxp://search.eshield.com/serp?guid={DC92F805-B8EF-4B93-81C9-970BC98338CE}&action=default_search&k={searchTerms}
Handler: WSISVCUchrome - No CLSID Value -
CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
C:\Program Files\IObit
2016-05-17 22:21 - 2016-05-17 22:21 - 0000016 _____ () C:\ProgramData\mntemp
Task: {74112E3F-9E06-4A06-9A94-9EF5B8FD883E} - System32\Tasks\UpdateAdmin => C:\Users\Dezika\AppData\Local\UpdateAdmin\UpdateAdmin.exe <==== ATTENTION
C:\Users\Dezika\AppData\Local\UpdateAdmin
FirewallRules: [{421C9A00-EBC2-4536-8992-7EC4AF984D2E}] => C:\Users\Dezika\AppData\Local\TNT2\2.0.0.2065\TNT2User.exe
C:\Users\Dezika\AppData\Local\TNT2
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Nakon toga,

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 03 Dec 2016 23:28

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-12-2016
Ran by Dezika (03-12-2016 22:51:38) Run:1
Running from C:\Users\Dezika\Desktop
Loaded Profiles: Dezika (Available Profiles: Dezika)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
File: C:\Windows\System32\UMonit.exe
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\MountPoints2: {030dcc60-bb49-11e4-a925-0015831080cf} - G:\setup.exe
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={DC92F805-B8EF-4B93-81C9-970BC98338CE}&i=
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {5DC635CC-4FDE-4734-AC25-263D8C50AA34} URL = hxxp://search.eshield.com/serp?guid={DC92F805-B8EF-4B93-81C9-970BC98338CE}&action=default_search&k={searchTerms}
Handler: WSISVCUchrome - No CLSID Value -
CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
C:\Program Files\IObit
2016-05-17 22:21 - 2016-05-17 22:21 - 0000016 _____ () C:\ProgramData\mntemp
Task: {74112E3F-9E06-4A06-9A94-9EF5B8FD883E} - System32\Tasks\UpdateAdmin => C:\Users\Dezika\AppData\Local\UpdateAdmin\UpdateAdmin.exe <==== ATTENTION
C:\Users\Dezika\AppData\Local\UpdateAdmin
FirewallRules: [{421C9A00-EBC2-4536-8992-7EC4AF984D2E}] => C:\Users\Dezika\AppData\Local\TNT2\2.0.0.2065\TNT2User.exe
C:\Users\Dezika\AppData\Local\TNT2
EmptyTemp:
*****************

Restore point was successfully created.

========================= File: C:\Windows\System32\UMonit.exe ========================

File is digitally signed
MD5: 632BD1A526DE8FFF86619ACBA8C92E75
Creation and modification date: 2015-08-12 21:34 - 2015-07-09 07:47
Size: 0053832
Attributes: ----A
Company Name:
Internal Name: ChangeIcon
Original Name: ChangeIcon.EXE
Product: ChangeIcon Application
Description: ChangeIcon MFC Application
File Version: 15, 0, 0, 2
Product Version: 15, 0, 0, 2
Copyright: Copyright (C) 2008

====== End of File: ======

"HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030dcc60-bb49-11e4-a925-0015831080cf}" => key removed successfully.
HKCR\CLSID\{030dcc60-bb49-11e4-a925-0015831080cf} => key not found.
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5DC635CC-4FDE-4734-AC25-263D8C50AA34}" => key removed successfully.
HKCR\CLSID\{5DC635CC-4FDE-4734-AC25-263D8C50AA34} => key not found.
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp" => key removed successfully.
LiveUpdateSvc => service removed successfully.
"C:\Program Files\IObit" => not found.
C:\ProgramData\mntemp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74112E3F-9E06-4A06-9A94-9EF5B8FD883E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74112E3F-9E06-4A06-9A94-9EF5B8FD883E}" => key removed successfully.
C:\Windows\System32\Tasks\UpdateAdmin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateAdmin" => key removed successfully.
"C:\Users\Dezika\AppData\Local\UpdateAdmin" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{421C9A00-EBC2-4536-8992-7EC4AF984D2E} => value removed successfully.
"C:\Users\Dezika\AppData\Local\TNT2" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17359621 B
Java, Flash, Steam htmlcache => 36396617 B
Windows/system/drivers => 66501335 B
Edge => 0 B
Chrome => 0 B
Firefox => 393246769 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 640 B
Dezika => 504161555 B

RecycleBin => 0 B
EmptyTemp: => 978.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:04:14 ====

Dopuna: 03 Dec 2016 23:36

https://www.mycity.rs/must-login.png

Dopuna: 03 Dec 2016 23:39

nasao je 40 komada.a kao imam zastite zasta onda one sluze za ukras

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 04 Dec 2016 11:35

Ovako pise ne mogu da slikam posto u tom trenutku nece da mi otvori sniping niti jedan program zablokira trenutno ,desilo mi se 3 puta dok sam pokusavao da udjem u program sad


Dopuna: 04 Dec 2016 11:36

I nema odredjeno koji je program u pitanju bilo sta sto radim

Dopuna: 04 Dec 2016 12:35

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.12.04.03
rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18499
Dezika :: DEZIKA-PC [administrator]

12/4/2016 11:22:35 AM
mbar-log-2016-12-04 (11-22-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 251279
Time elapsed: 55 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U redu.
Mozes li mi reci kakvo je sada stanje? Da li i dalje imas istih problema?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pa mnogo bolje radi sad nego sto je bilo

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odlicno. Onda smo ovde zavrsili.
Sto se tice problema koje imas sa programima, najbolje bi bilo da problem izneses u Windows forumu i tamo potrazis pomoc, posto se ovde iskljucivo bavimo malverom.

• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

# DelFix v1.013 - Logfile created 04/12/2016 at 17:26:45
# Updated 17/04/2016 by Xplode
# Username : Dezika - DEZIKA-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Dezika\Desktop\mbar
Deleted : C:\Users\Dezika\Desktop\Addition.txt
Deleted : C:\Users\Dezika\Desktop\AdwCleaner.exe
Deleted : C:\Users\Dezika\Desktop\Fixlog.txt
Deleted : C:\Users\Dezika\Desktop\FRST.exe
Deleted : C:\Users\Dezika\Desktop\FRST.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########