Nemoguc rad na racunaru

Nemoguc rad na racunaru

offline
  • Pridružio: 20 Apr 2015
  • Poruke: 2

Ekran mi ledi, kursor skace sam od sebe po citavom ekranu. Skenirao sam avastom ali ni to nije pomoglo. Moguce je ntrenutak da se odledi kada pokrenem task manager, ali samo na par momenata.



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Marković (administrator) on MARKOVIC-PC on 20-04-2015 17:32:14
Running from C:\Users\Marković\Desktop
Loaded Profiles: Marković (Available profiles: Marković)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Marković\AppData\Local\Akamai\netsession_win.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(BitTorrent Inc.) C:\Users\Marković\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Marković\AppData\Local\Akamai\netsession_win.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lexmark) C:\Program Files\Lexmark Applications\QLink\QLINK.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\TOSHIBA Viewer V2\GDI&TWAIN\WILCAPV.EXE
() C:\Program Files (x86)\TOSHIBA Viewer V2\GDI&TWAIN\WILCAPV.EXE
(Autodesk Inc.) C:\Users\Marković\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Wordcraft International Limited) C:\Windows\System32\wilpmv64.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Wordcraft International Ltd. ) C:\Program Files (x86)\TOSHIBA Viewer V2\GDI&TWAIN\WIL32C2.EXE
(Wordcraft International Limited) C:\Program Files (x86)\TOSHIBA Viewer V2\GDI&TWAIN\WILHUB32.EXE
(Wordcraft International Limited) C:\Program Files (x86)\TOSHIBA Viewer V2\GDI&TWAIN\WSPROXY.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2013-06-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [286720 2007-10-19] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [WilPrintCapture] => C:\Program Files (x86)\TOSHIBA Viewer V2\GDI&TWAIN\WILCAPV.EXE [143360 2009-02-10] ()
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [Gadwin PrintScreen Pro] => C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [1869552 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Marković\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [BitTorrent] => C:\Users\Marković\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [GoogleChromeAutoLaunch_A99DA9BA3DF4CDB07F15301F92C3FECF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-05-15]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-03-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2013-06-10]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QLINK.lnk [2014-03-07]
ShortcutTarget: QLINK.lnk -> C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2012-10-31] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com/ie
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3894882649-3897490047-2492917224-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={sear
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-31] (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-15] (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-15] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-31] (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marković\AppData\Roaming\Mozilla\Firefox\Profiles\zcy4btvy.default
FF DefaultSearchEngine: Twitter
FF SelectedSearchEngine: Twitter
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-07-04] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-07-04] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-05-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-05-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-08-15] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Marković\AppData\Roaming\Mozilla\Firefox\Profiles\zcy4btvy.default\user.js [2014-03-31]
FF Extension: Fast Dial - C:\Users\Marković\AppData\Roaming\Mozilla\Firefox\Profiles\zcy4btvy.default\Extensions\fastdial@telega.phpnet.us [2014-09-23]
FF Extension: Gmail Notifier (restartless) - C:\Users\Marković\AppData\Roaming\Mozilla\Firefox\Profiles\zcy4btvy.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-04-17]
FF Extension: No Name - C:\Users\Marković\AppData\Roaming\Mozilla\Firefox\Profiles\zcy4btvy.default\Extensions\langpack-hr@firefox.mozilla.org.xpi [2014-08-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-07]
FF HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (YouTube) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (Fast Dial) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdnbdgmkhikelgaohpgdpcecklddmpaj [2014-07-21]
CHR Extension: (avast! WebRep) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2014-07-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]
CHR Extension: (Google Wallet) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]
CHR Extension: (Gmail) - C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-12-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-08-15] (Nitro PDF Software)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
R2 wilusbmonitor; C:\Windows\system32\wilpmv64.exe [155136 2009-07-31] (Wordcraft International Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-31] (AVAST Software)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [105160 2012-12-20] (WIBU-SYSTEMS AG)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 17:32 - 2015-04-20 17:32 - 00020674 _____ () C:\Users\Marković\Desktop\FRST.txt
2015-04-20 17:32 - 2015-04-20 17:32 - 00000000 ____D () C:\FRST
2015-04-20 17:28 - 2015-04-20 17:29 - 02098176 _____ (Farbar) C:\Users\Marković\Desktop\FRST64.exe
2015-04-20 15:48 - 2015-04-20 15:48 - 00065024 _____ () C:\Users\Marković\Downloads\ORTOPEDSKA HIRURGIJA SLATINA-MARKOVIC INVEST.xls
2015-04-20 15:48 - 2015-04-20 15:48 - 00055632 _____ () C:\Users\Marković\Downloads\ortopedija-markovic invest.xlsx
2015-04-20 15:38 - 2015-04-20 15:38 - 01538813 _____ () C:\Users\Marković\Desktop\UGOVOR MARKOVIC INVEST -RIGIPS SAVIĆ.rar
2015-04-20 15:30 - 2015-04-20 15:38 - 00000000 ____D () C:\Users\Marković\Desktop\UGOVOR MARKOVIC INVEST -RIGIPS SAVIĆ
2015-04-20 15:24 - 2015-04-20 16:39 - 00000000 ____D () C:\Users\Marković\Desktop\20.04.2015. ORTOPEDIJA
2015-04-20 15:21 - 2015-04-20 15:21 - 00000000 ____H () C:\ProgramData\cm-lock
2015-04-13 08:52 - 2015-04-13 08:52 - 00077182 _____ () C:\Users\Marković\Downloads\1. Gradjevinsko zanatski.xlsm
2015-04-13 07:57 - 2015-04-13 13:10 - 00000000 ____D () C:\Users\Marković\Desktop\ORTOPEDIJA - 13.04.2015
2015-04-05 11:30 - 2015-04-05 11:30 - 00835645 _____ () C:\Users\Marković\Downloads\2015-03-31 Gradjevinska knjiga SS - RM.xlsx
2015-04-05 11:29 - 2015-04-05 11:29 - 00206571 _____ () C:\Users\Marković\Downloads\2015-03-31 Gradjevinska knjiga MAS - RM.xlsx
2015-04-05 11:28 - 2015-04-05 11:29 - 05927188 _____ () C:\Users\Marković\Downloads\2015-03-31 Gradjevinska knjiga JS - RM.xlsx
2015-04-05 11:28 - 2015-04-05 11:28 - 00041040 _____ () C:\Users\Marković\Downloads\2015-03-31 Gradjevinska knjiga HIDRO - RM.xlsx
2015-04-05 11:28 - 2015-04-05 11:28 - 00032036 _____ () C:\Users\Marković\Downloads\2015-03-31 Gradjevinska knjiga GZ - RM.xlsx
2015-04-05 11:24 - 2015-04-05 11:24 - 00002218 _____ () C:\Users\Marković\Desktop\Google Chrome.lnk
2015-04-05 11:14 - 2015-04-05 11:14 - 00000000 ____D () C:\Users\Marković\Desktop\PREOSTALI RADOVI TESLIĆ
2015-04-05 09:39 - 2015-04-05 09:41 - 00000000 ____D () C:\Users\Marković\Desktop\PONUDA ORTOPEDIJA - 05.04.2015
2015-04-02 17:51 - 2015-04-02 17:52 - 05354400 _____ () C:\Users\Marković\Desktop\Markovic invest - LAKTASI.P.pln
2015-04-02 17:50 - 2015-04-02 17:50 - 11829984 _____ () C:\Users\Marković\Desktop\gornji sprat.pla

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 17:32 - 2014-04-08 13:42 - 00000000 ____D () C:\Users\Marković\AppData\Roaming\BitTorrent
2015-04-20 17:02 - 2014-07-16 17:39 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 15:28 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 15:28 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 15:27 - 2009-07-14 07:13 - 00783952 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 15:24 - 2012-12-26 20:06 - 01171119 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 15:23 - 2013-07-02 16:46 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0705F973-C131-416E-96F5-7D74E24A52E3}
2015-04-20 15:20 - 2014-09-17 14:20 - 00000000 ____D () C:\ProgramData\MCShield
2015-04-20 15:20 - 2014-07-16 17:39 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 15:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 15:19 - 2009-07-14 06:51 - 00080292 _____ () C:\Windows\setupact.log
2015-04-19 10:19 - 2013-04-16 11:39 - 00000000 ____D () C:\Users\Marković\AppData\Local\cache
2015-04-15 10:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-04-14 17:55 - 2014-11-22 16:15 - 00000000 ____D () C:\Users\Marković\Desktop\DISKF
2015-04-14 09:23 - 2012-12-26 22:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-03 07:25 - 2013-06-10 08:40 - 00000000 ____D () C:\Users\Marković\Graphisoft
2015-04-03 07:20 - 2013-03-29 16:14 - 00000000 ____D () C:\Users\Marković\AppData\Roaming\Nitro PDF
2015-04-03 07:01 - 2014-05-15 13:12 - 00000000 ____D () C:\Users\Marković\Documents\BIMx
2015-04-02 17:52 - 2014-10-27 10:22 - 00000000 ____D () C:\Users\Marković\Desktop\Vuksan

==================== Files in the root of some directories =======

2015-04-20 15:21 - 2015-04-20 15:21 - 0000000 ____H () C:\ProgramData\cm-lock
2014-03-07 12:27 - 2014-03-07 12:32 - 0000819 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Marković\AppData\Local\Temp\AcDeltree.exe
C:\Users\Marković\AppData\Local\Temp\bassmod.dll
C:\Users\Marković\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Marković\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marković\AppData\Local\Temp\libcurl-4.dll
C:\Users\Marković\AppData\Local\Temp\pthreadGC2.dll
C:\Users\Marković\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Marković\AppData\Local\Temp\zlib1.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-12-26 22:06

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Pozdrav,





1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
CloseProcesses:
REG: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
REG: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Hosts:
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1

Folder: C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

RemoveProxy:
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:rnd.dat
AlternateDataStreams: C:\Temp:srv

CreateRestorePoint:
CMD: Dir /b c:\*background.js* /s
CMD: Dir /b c:\*my-prefs.js* /s
CMD: Dir /b c:\*my.cfg* /s
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: bitsadmin /reset /allusers

EmptyTemp:
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 20 Apr 2015
  • Poruke: 2

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Marković at 2015-04-22 06:48:10 Run:1
Running from C:\Users\Marković\Desktop
Loaded Profiles: Marković (Available profiles: Marković)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
REG: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
REG: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Hosts:
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1

Folder: C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

RemoveProxy:
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:rnd.dat
AlternateDataStreams: C:\Temp:srv

CreateRestorePoint:
CMD: Dir /b c:\*background.js* /s
CMD: Dir /b c:\*my-prefs.js* /s
CMD: Dir /b c:\*my.cfg* /s
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: bitsadmin /reset /allusers

EmptyTemp:
End
*****************

Processes closed successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => value deleted successfully.
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => value deleted successfully.

========================= Folder: C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ========================

2015-04-06 09:07 - 2015-04-06 09:07 - 0000000 ____D () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0
2015-04-06 09:07 - 2015-02-27 15:33 - 0000237 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000243 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_de.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000252 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_en-au.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000252 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_en-gb.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000243 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_es.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000243 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_fr.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000243 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_it.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000243 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_ja.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000243 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_ko.nmf
2015-04-06 09:07 - 2015-02-27 15:33 - 0000252 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_pt-br.nmf
2015-04-06 09:07 - 2015-02-27 15:34 - 0000243 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\hotword_ru.nmf
2015-04-06 09:07 - 2015-04-06 09:07 - 0004698 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\manifest.json
2015-04-06 09:07 - 2015-04-06 09:07 - 0000000 ____D () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\_metadata
2015-04-06 09:07 - 2015-02-27 15:34 - 0003061 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\_metadata\verified_contents.json
2015-04-06 09:07 - 2015-04-06 09:07 - 0000000 ____D () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\_platform_specific
2015-04-06 09:07 - 2015-04-06 09:07 - 0000000 ____D () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\_platform_specific\x86-64_
2015-04-06 09:07 - 2015-02-27 15:33 - 0896550 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\_platform_specific\x86-64_\hotword.data
2015-04-06 09:07 - 2015-02-27 15:33 - 1181400 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\_platform_specific\x86-64_\hotword-x86-64.nexe
2015-04-06 09:07 - 2015-04-06 09:07 - 0000000 ____D () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\audio
2015-04-06 09:07 - 2015-02-27 15:34 - 0008918 _____ () C:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\audio\chime.wav

====== End of Folder: ======


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3894882649-3897490047-2492917224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

C:\Temp => ":pid1" ADS removed successfully.
C:\Temp => ":pid2" ADS removed successfully.
C:\Temp => ":rnd.dat" ADS removed successfully.
C:\Temp => ":srv" ADS removed successfully.
Restore point was successfully created.

========= Dir /b c:\*background.js* /s =========

c:\Users\Markovi�\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdnbdgmkhikelgaohpgdpcecklddmpaj\0.5.4_0\background.js
c:\Users\Markovi�\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\scripts\background.js
c:\Users\Markovi�\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\craw_background.js
The directory name c:\Users\Markovi�\Documents\xxx OBJEKTI xxx\2. SLO�ENI objekti\KCBL\JUG I\RM INVEST - formiranje ponude JUG I\PREDMJER RADOVA JUG I - FAZA II SA VANJSKIM UREDJENJEM EXCELL\GRADJEVINSKO ZANATSKI RADOVI\ZA SLANJE potencijalnim koop\Kerami�arski radovi i Hidroizolacija is too long.

========= End of CMD: =========


========= Dir /b c:\*my-prefs.js* /s =========

The directory name c:\Users\Markovi�\Documents\xxx OBJEKTI xxx\2. SLO�ENI objekti\KCBL\JUG I\RM INVEST - formiranje ponude JUG I\PREDMJER RADOVA JUG I - FAZA II SA VANJSKIM UREDJENJEM EXCELL\GRADJEVINSKO ZANATSKI RADOVI\ZA SLANJE potencijalnim koop\Kerami�arski radovi i Hidroizolacija is too long.
File Not Found

========= End of CMD: =========


========= Dir /b c:\*my.cfg* /s =========

The directory name c:\Users\Markovi�\Documents\xxx OBJEKTI xxx\2. SLO�ENI objekti\KCBL\JUG I\RM INVEST - formiranje ponude JUG I\PREDMJER RADOVA JUG I - FAZA II SA VANJSKIM UREDJENJEM EXCELL\GRADJEVINSKO ZANATSKI RADOVI\ZA SLANJE potencijalnim koop\Kerami�arski radovi i Hidroizolacija is too long.
File Not Found

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 3.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 07:00:16 ====

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

U redu, idemo dalje. Sledeca Zoek scripta ce odraditi neko dodatno istrazivanje kao i dodatno ciscenje ostataka ...

Ovaj izvestaj koji dobijes, prikaci uz poruku, ne da je kopiras jer ce izvestaj biti poduzi.


Preuzmi smeenk-ov zoek () sa BleepingComputer linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

EmptyFolderCheck;Delete
type "c:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdnbdgmkhikelgaohpgdpcecklddmpaj\0.5.4_0\background.js";b
type "c:\Users\Marković\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\scripts\background.js";b
AutoClean;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Sadrzaj tog prikaci uz poruku koristeci opciju Prikači fajl

Ko je trenutno na forumu
 

Ukupno su 816 korisnika na forumu :: 31 registrovanih, 8 sakrivenih i 777 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Apok, Botovac, branko7, croato, DJORDJE-NO-1, dragon986, GreenMan, GUARIN, HrcAk47, ivan979, kybonacci, MareRema, mercedesamg, milos.cbr, Mixelotti, mnn2, Nebo_M, Oscar2, Panter, sakota79, shone34, Singidunumac, Srki98, vlahale, voja64, wizzardone, wolf431, Yellow Pinky, |_MeD_|