Zamrzavanje racunara

1

Zamrzavanje racunara

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Primetio sam u poslednje vreme kada otvaran neki video na youtube desava mi se da se od jednom snimak,pesma,spot (bilo sta nema pravila) zakoci zamrze i tako stoji 5-10-15 sekundi sve zavisi kad se to desi sa racunarom se moze normalno raditi otvarati sta zelim.Kad prodje to bude zelen ekran na youtube samo i posle "refresha" opet sve radi.
Da naomenem da mi se to ne desava cesto nekad posle 7-8 sati rada nekad pre nema pravila.


https://www.mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by KRCO (administrator) on KRCO (21-01-2017 02:56:55)
Running from C:\Users\KRCO\Desktop
Loaded Profiles: KRCO (Available Profiles: KRCO)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\KMS-R@1n.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\KRCO\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Users\KRCO\AppData\Roaming\DarkSoulsIII\ISSCH\issch.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Windows\KMS-R@1nHook.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-19] (AVAST Software)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\...\Run: [Viber] => C:\Users\KRCO\AppData\Local\Viber\Viber.exe [41548368 2017-01-03] (Viber Media S.à r.l.)
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\...\Run: [ESL Wire] => C:\Program Files\EslWire\wire.exe [3495424 2016-09-13] (Turtle Entertainment GmbH)
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\...\MountPoints2: {df880ea7-2cfe-11e6-abda-408d5cc83ab0} - "E:\setup.exe"
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4243106807-3281007250-2583883116-1001] => 192.168.1.1:10880
Hosts: 127.0.0.1 cap.cyberlink.com
Tcpip\..\Interfaces\{d8301356-9fc0-40bc-a7ad-eb528f291851}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-4243106807-3281007250-2583883116-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BEA281932-FEFA-4748-8850-8A9EE44294ED%7D&gp=811014
BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\KRCO\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-08-19] (Mail.Ru)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWoW64\Macromed\Flash\pepflashplayer32_24_0_0_194.dll ()
CHR Profile: C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default [2017-01-21]
CHR Extension: (Google Drive) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-12]
CHR Extension: (YouTube) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-12]
CHR Extension: (Adblock Plus) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-04]
CHR Extension: (Steam Inventory Helper) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-01-20]
CHR Extension: (Slither.io) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmplapbomebhmdffmlhgbelgcnfajapj [2016-04-25]
CHR Extension: (CS:GO Lounge Bump Bot) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk [2016-04-13]
CHR Extension: (Refresh Monkey) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S2 debugregsvc; C:\WINDOWS\System32\debugregsvc.dll [29184 2016-07-15] (Microsoft Corporation)
S3 DeveloperToolsService; C:\WINDOWS\System32\DeveloperToolsSvc.exe [104448 2016-07-15] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2016-04-12] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-07-14] (Intel Corporation)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-04-12] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2017-01-12] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2017-01-12] (Electronic Arts)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-12-19] (Power Admin LLC)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-12-23] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R3 SshBroker; C:\WINDOWS\System32\SshBroker.dll [360960 2016-07-15] (Microsoft Corporation)
R3 SshProxy; C:\WINDOWS\System32\SshProxy.dll [275456 2016-07-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WebManagement; C:\WINDOWS\system32\WebManagement.exe [1000448 2016-07-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-07] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-07] (Disc Soft Ltd)
R0 ESLWireAC; C:\WINDOWS\System32\drivers\ESLWireACD.sys [108680 2017-01-06] (<Turtle Entertainment>)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [159800 2016-06-07] (Duplex Secure Ltd)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-19] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: debugregsvc -> C:\Windows\System32\debugregsvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-21 02:56 - 2017-01-21 02:57 - 00018251 _____ C:\Users\KRCO\Desktop\FRST.txt
2017-01-21 02:56 - 2017-01-21 02:56 - 00000000 ____D C:\FRST
2017-01-21 02:55 - 2017-01-21 02:55 - 02419712 _____ (Farbar) C:\Users\KRCO\Desktop\FRST64.exe
2017-01-21 02:42 - 2017-01-21 02:42 - 00003948 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-21 02:42 - 2017-01-21 02:42 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-21 02:42 - 2017-01-21 02:42 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-21 02:42 - 2017-01-21 02:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-19 17:35 - 2017-01-19 17:35 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2017-01-19 17:34 - 2017-01-19 17:34 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-01-19 14:16 - 2017-01-19 17:35 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-01-19 13:49 - 2017-01-19 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watch_Dogs 2
2017-01-19 13:45 - 2017-01-19 13:49 - 00000000 ____D C:\Program Files (x86)\Watch_Dogs 2
2017-01-18 18:17 - 2017-01-19 17:49 - 00000162 _____ C:\Users\KRCO\Desktop\torrentleech.org.txt
2017-01-18 18:12 - 2017-01-18 18:12 - 00000000 ____D C:\Users\KRCO\Documents\Usenet.nl
2017-01-18 18:10 - 2015-03-16 02:39 - 00000163 _____ C:\Users\KRCO\Desktop\New Text Document.txt
2017-01-18 18:09 - 2017-01-18 18:09 - 00000000 ____D C:\Users\KRCO\Desktop\user i pass sa sajtova
2017-01-18 00:34 - 2017-01-18 00:34 - 00000000 ____D C:\Users\KRCO\AppData\Local\TeamSpeak 3
2017-01-18 00:34 - 2017-01-18 00:34 - 00000000 ____D C:\Users\KRCO\.TeamSpeak 3
2017-01-17 16:32 - 2017-01-17 16:32 - 00000015 _____ C:\Users\KRCO\Desktop\(zabranjeno)watch.txt
2017-01-15 22:24 - 2017-01-15 22:24 - 00000000 ____D C:\Users\KRCO\Desktop\Paypal
2017-01-15 00:51 - 2017-01-15 17:38 - 00000000 ____D C:\Users\KRCO\Desktop\Muzika
2017-01-14 23:45 - 2017-01-14 23:46 - 00000000 ____D C:\Users\KRCO\Documents\Chameleon files
2017-01-14 23:45 - 2017-01-14 23:45 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chameleon Shutdown
2017-01-14 23:45 - 2017-01-14 23:45 - 00000000 ____D C:\Program Files (x86)\Chameleon Shutdown
2017-01-14 23:41 - 2017-01-15 12:57 - 00000000 ____D C:\Program Files (x86)\Chameleon Explorer
2017-01-14 23:10 - 2017-01-15 17:06 - 00000000 ____D C:\Users\KRCO\Documents\STAR WARS Battlefront
2017-01-13 13:41 - 2017-01-13 13:41 - 00000000 ____D C:\Users\KRCO\Documents\BioWare
2017-01-13 02:04 - 2017-01-13 02:04 - 00003276 _____ C:\WINDOWS\System32\Tasks\Gasenje
2017-01-13 02:00 - 2017-01-13 02:00 - 00003298 _____ C:\WINDOWS\System32\Tasks\Gasenje racunara
2017-01-13 01:27 - 2017-01-13 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2017-01-13 01:27 - 2017-01-13 01:27 - 00000000 ____D C:\Program Files (x86)\BRS
2017-01-13 01:27 - 2011-09-05 20:57 - 01306624 _____ (Blue Ripple Sound Limited) C:\WINDOWS\SysWOW64\rapture3d_oal.dll
2017-01-13 01:27 - 2010-09-22 14:12 - 19087360 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\WINDOWS\SysWOW64\mkl_blueripple.dll
2017-01-12 23:57 - 2017-01-12 23:57 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\SmartSteamEmu
2017-01-12 23:14 - 2017-01-15 01:55 - 00000140 _____ C:\Users\KRCO\Desktop\humblebundle.txt
2017-01-12 23:10 - 2017-01-12 23:23 - 00000000 ____D C:\Program Files (x86)\Batman Arkham Knight
2017-01-12 22:34 - 2017-01-12 22:34 - 00000000 ____D C:\Users\KRCO\Documents\WB Games
2017-01-10 17:20 - 2017-01-10 17:20 - 00000000 ____D C:\Users\KRCO\AppData\Local\Viber
2017-01-09 12:56 - 2017-01-19 14:06 - 00000000 ____D C:\Users\KRCO\Documents\My Games
2017-01-09 12:55 - 2017-01-09 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry Primal
2017-01-09 12:52 - 2017-01-09 12:55 - 00000000 ____D C:\Program Files (x86)\Far Cry Primal
2017-01-08 03:02 - 2017-01-18 16:54 - 00000059 _____ C:\Users\KRCO\Desktop\Denuvo izlasci igara.txt
2017-01-08 02:57 - 2017-01-08 02:57 - 00000029 _____ C:\Users\KRCO\Desktop\Sajtovi za izlaske.txt
2017-01-06 00:10 - 2017-01-06 00:10 - 00108680 _____ (<Turtle Entertainment>) C:\WINDOWS\system32\Drivers\ESLWireACD.sys
2017-01-06 00:10 - 2017-01-06 00:10 - 00000000 ____D C:\Users\KRCO\Documents\ESL Match Media
2017-01-05 23:56 - 2017-01-07 12:46 - 00000000 ____D C:\Users\KRCO\AppData\Local\ESL Wire Game Client
2017-01-05 23:56 - 2017-01-05 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2017-01-05 23:56 - 2017-01-05 23:56 - 00000000 ____D C:\ProgramData\ESL Wire
2017-01-05 23:56 - 2017-01-05 23:56 - 00000000 ____D C:\Program Files\EslWire
2017-01-05 23:53 - 2017-01-05 23:54 - 00000000 ____D C:\Program Files (x86)\CSGO Demos Manager
2017-01-05 23:53 - 2017-01-05 23:53 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\AkiVer
2017-01-05 23:53 - 2017-01-05 23:53 - 00000000 ____D C:\Users\KRCO\AppData\Local\AkiVer
2017-01-04 15:53 - 2017-01-19 19:07 - 00000000 ____D C:\Fraps
2017-01-04 15:53 - 2017-01-04 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-01-03 22:24 - 2017-01-03 22:24 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-01-03 22:09 - 2017-01-03 22:10 - 00000000 ____D C:\Users\KRCO\Desktop\Dokumenti i cv
2017-01-03 19:22 - 2017-01-03 19:22 - 00000000 ____D C:\ProgramData\RELOADED
2017-01-02 20:11 - 2017-01-02 20:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\HardDiskSentinel
2017-01-02 20:11 - 2017-01-02 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2017-01-02 11:55 - 2017-01-02 11:55 - 00000000 ____D C:\Users\KRCO\AppData\Local\BANDAI NAMCO GAMES
2017-01-02 00:04 - 2017-01-02 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2016-12-30 00:46 - 2016-12-30 00:46 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-12-29 20:00 - 2016-12-29 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2016-12-29 20:00 - 2016-12-29 20:00 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2016-12-26 15:39 - 2016-12-26 15:39 - 00003282 _____ C:\WINDOWS\System32\Tasks\{6C499E31-6F9F-4DC0-BA8F-83CC6507AA6D}
2016-12-24 10:22 - 2016-12-24 10:22 - 00000000 ____D C:\WINDOWS\Panther
2016-12-23 23:48 - 2016-12-23 23:48 - 00281392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2016-12-23 23:48 - 2016-12-23 23:48 - 00000000 ____D C:\Users\KRCO\AppData\Local\PunkBuster
2016-12-22 21:44 - 2017-01-13 01:27 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-12-22 21:44 - 2017-01-13 01:27 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-12-22 21:44 - 2017-01-13 01:27 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-12-22 21:44 - 2017-01-13 01:27 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-12-22 21:44 - 2017-01-13 01:27 - 00000000 ____D C:\Program Files (x86)\OpenAL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-21 02:43 - 2016-04-13 05:50 - 00000000 ____D C:\Users\KRCO\AppData\Local\Adobe
2017-01-21 02:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-21 02:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-21 01:30 - 2016-07-06 21:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-21 01:20 - 2016-09-18 14:39 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-21 01:13 - 2016-04-12 22:43 - 00001916 _____ C:\Users\KRCO\Desktop\This PC.lnk
2017-01-21 00:58 - 2016-10-15 15:00 - 00534264 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-01-21 00:58 - 2016-04-12 23:09 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-01-21 00:58 - 2016-04-12 23:08 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-01-20 13:27 - 2016-08-08 15:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 13:14 - 2016-12-19 13:07 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-20 13:14 - 2016-09-18 14:40 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-20 13:14 - 2016-04-12 22:53 - 00000000 __SHD C:\Users\KRCO\IntelGraphicsProfiles
2017-01-20 00:23 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-19 17:36 - 2016-04-12 23:06 - 00000000 ___RD C:\Users\KRCO\Desktop\Programi
2017-01-19 17:34 - 2016-04-12 23:27 - 00000000 ___RD C:\Users\KRCO\Desktop\Igre
2017-01-19 14:22 - 2016-09-18 14:49 - 01748534 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-19 14:16 - 2016-09-18 14:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-19 14:16 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-19 13:45 - 2016-04-14 19:21 - 00000000 ____D C:\Users\KRCO\AppData\Local\CrashDumps
2017-01-19 13:44 - 2016-04-12 22:58 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\uTorrent
2017-01-19 00:04 - 2016-04-15 03:39 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\TS3Client
2017-01-18 19:26 - 2016-09-01 14:14 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\Origin
2017-01-18 19:26 - 2016-06-04 11:16 - 00000000 ____D C:\Users\KRCO\AppData\Local\Ubisoft Game Launcher
2017-01-18 19:26 - 2016-05-30 11:42 - 00000000 ____D C:\ProgramData\Origin
2017-01-18 17:45 - 2016-12-21 15:03 - 00000000 ____D C:\Users\KRCO\Documents\Euro Truck Simulator 2
2017-01-18 00:34 - 2016-09-18 14:41 - 00000000 ____D C:\Users\KRCO
2017-01-18 00:34 - 2016-04-15 03:39 - 00000000 ____D C:\Users\KRCO\AppData\Local\TeamSpeak 3 Client
2017-01-17 17:23 - 2016-10-28 21:16 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\ViberPC
2017-01-14 21:35 - 2016-04-13 05:04 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\vlc
2017-01-14 01:23 - 2016-05-01 21:42 - 00000000 ____D C:\ProgramData\Skype
2017-01-13 22:12 - 2016-04-27 00:57 - 00007668 _____ C:\Users\KRCO\AppData\Local\Resmon.ResmonCfg
2017-01-13 13:41 - 2016-09-01 14:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-01-13 01:27 - 2016-08-21 16:08 - 00000000 ____D C:\ProgramData\Codemasters
2017-01-12 02:38 - 2016-09-01 14:12 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-10 23:26 - 2016-09-18 14:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-09 12:52 - 2016-04-14 19:19 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\DAEMON Tools Lite
2017-01-07 16:21 - 2016-10-31 10:20 - 00000000 ____D C:\Users\KRCO\Documents\ViberDownloads
2017-01-07 00:03 - 2016-09-18 14:43 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-04 17:32 - 2016-04-14 22:48 - 00000000 ____D C:\Users\KRCO\Documents\KONAMI
2017-01-04 15:46 - 2016-04-12 22:51 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-03 22:09 - 2016-12-19 15:10 - 00000000 ____D C:\Users\KRCO\Desktop\Slike
2017-01-02 20:11 - 2016-06-03 21:45 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2017-01-02 15:00 - 2016-09-18 13:13 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-01-02 15:00 - 2016-09-18 13:13 - 00000000 ____D C:\Windows10Upgrade
2017-01-02 00:05 - 2016-05-31 17:42 - 00000000 ____D C:\Users\KRCO\AppData\Local\SKIDROW
2016-12-30 00:48 - 2016-07-26 22:28 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\obs-studio
2016-12-29 21:39 - 2016-05-01 21:42 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\Skype
2016-12-27 10:23 - 2016-10-15 15:00 - 00395024 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2016-12-23 23:48 - 2016-05-25 23:56 - 00281392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-12-23 23:48 - 2016-05-25 23:56 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-12-22 22:16 - 2016-07-16 07:04 - 00000000 ____D C:\Program Files\Common Files
2016-12-22 22:11 - 2016-12-19 15:17 - 00000000 ____D C:\Users\KRCO\AppData\Roaming\NVIDIA
2016-12-22 18:55 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\debug

==================== Files in the root of some directories =======

2016-04-13 04:57 - 2016-04-13 04:56 - 0000013 _____ () C:\Program Files\Sistem podignut.txt
2016-04-27 00:57 - 2017-01-13 22:12 - 0007668 _____ () C:\Users\KRCO\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\KRCO\AppData\Local\Temp\EslWireSetup-1.19.0.8229-x64.exe
C:\Users\KRCO\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-11 15:36

==================== End of FRST.txt ============================

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pozdrav!


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4243106807-3281007250-2583883116-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BEA281932-FEFA-4748-8850-8A9EE44294ED%7D&gp=811014
BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\KRCO\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-08-19] (Mail.Ru)
C:\Users\KRCO\AppData\Local\Mail.Ru
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
ShortcutWithArgument: C:\Users\KRCO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Nakon toga,


Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by KRCO (22-01-2017 02:27:09) Run:1
Running from C:\Users\KRCO\Desktop
Loaded Profiles: KRCO (Available Profiles: KRCO)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4243106807-3281007250-2583883116-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BEA281932-FEFA-4748-8850-8A9EE44294ED%7D&gp=811014
BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\KRCO\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-08-19] (Mail.Ru)
C:\Users\KRCO\AppData\Local\Mail.Ru
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
ShortcutWithArgument: C:\Users\KRCO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
EmptyTemp:
*****************

Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key removed successfully
HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} => key removed successfully
HKCR\Wow6432Node\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} => key not found.
C:\Users\KRCO\AppData\Local\Mail.Ru => moved successfully
Chrome HomePage => removed successfully
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof => key removed successfully
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj => key removed successfully
HKU\S-1-5-21-4243106807-3281007250-2583883116-1001\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd => key removed successfully
C:\Users\KRCO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => Shortcut argument removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 849441 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50232418 B
Java, Flash, Steam htmlcache => 338126435 B
Windows/system/drivers => 44461097 B
Edge => 28336 B
Chrome => 778849969 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4922 B
NetworkService => 0 B
KRCO => 395816598 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 02:27:32 ====


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju .

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Evo izvestaja:


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Zamolicu te da ponovis proces i da pazljivo procitas uputstvo iz mog prethodnog posta.

Ovaj put ukljuci i rootkit skeniranje (koje je trebalo i prvi put da ukljucis), kao sto kaze uputstvo iz prethodnog posta:

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

https://www.mycity.rs/must-login.png

Evo i prvi put sam uradio isto kao sto si napisao ali program izgleda ima neki bag ili ne znam ni ja posto kad kliknem na to da stiklira vratim na skan stranicu i onda opet kliknem na settings opet je iskljuceno ali posle par pokusaja "ukapirao" je i kad sam skanirao pod opcijom "Scan for rootkits" je stajalo on, sto verovatno nije bio slucaj prvi put.

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

U redu.

Kakvo je sada stanje?

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Iskreno nisam nesto preterano vision na youtube ali za ovo vreme sto sam ovarao neke snimke nije bilo problema.
Mozes li mi reci sta je bio problem ?

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Sumnjam da je ovo resilo problem, jer ne vidim nista sto bi se kosilo sa gledanjem snimaka. Uglavnom, sada je tvoj racunar cist sto se tice malvera i, ako ponovo iskusis probleme sa gledanjem videa, obrati se u Windows delu, posto se mi u Ambulanti bavimo iskljucivo malverom Smile

Ovo sto smo pocistili su bili nezeljeni i malver programi.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 526 korisnika na forumu :: 7 registrovanih, 0 sakrivenih i 519 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ageofloneliness, bigfoot, esx66, miodrag, suton, uruk, zlatkoa987