Nesto zeza net

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav drugari....
Poslednjih dana me nesto zeza net ,malo mi usporio i ping skace kao lud.Ne pamtim kada sam imao neki problem sa nekom stetocinom ,ali poceo sam da sumnjam.Prosto neko vreme radi net safrseno ,pa malo zeza ,nekad i malo vise.

Skenirano sa MBM i nista nije prijavio.Od ostalih softera nista nisam skenirao ,niti nesto koristim.

Win 7 64bit je naravno u pitanju.

+ FRST.txt[citat][Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by kuureee (administrator) on KUUREEE-PC (12-04-2016 17:20:38)
Running from G:\Users\kuureee\Desktop
Loaded Profiles: kuureee (Available Profiles: kuureee)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) G:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) G:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) G:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() G:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
(Popcorn Time) G:\Program Files (x86)\Popcorn Time\Updater.exe
(VMware, Inc.) G:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) G:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) G:\Program Files\Windows Sidebar\sidebar.exe
() F:\New folder\Viber.exe
() G:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(VMware, Inc.) F:\New folder (2)\vmware-authd.exe
(Microsoft Corporation) G:\Windows\System32\alg.exe
(Microsoft Corporation) G:\Windows\System32\GWX\GWX.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera_crashreporter.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Piotr Pawlowski) G:\Program Files (x86)\foobar2000\foobar2000.exe
(TeamSpeak Systems GmbH) G:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
() G:\Program Files (x86)\CCP\EVE\launcher\launcher.exe
() G:\Program Files (x86)\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.2.999545.win32\launcher.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe
(Opera Software) G:\Program Files (x86)\Opera\36.0.2130.46\opera.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [jswtrayutil] => G:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe [36949 2008-05-12] (TP-LINK TECHNOLOGIES CO., LTD.)
HKLM-x32\...\Run: [Adobe ARM] => G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\...\Run: [Viber] => F:\New folder\Viber.exe [51512528 2015-09-27] ()
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\...\Run: [uTorrent] => G:\Users\kuureee\AppData\Roaming\uTorrent\uTorrent.exe [1976320 2016-03-26] (BitTorrent Inc.)
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\...\Run: [SUPERAntiSpyware] => G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-05] (SUPERAntiSpyware)
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\...\Run: [CCleaner Monitoring] => G:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
Startup: G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-01-17]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> G:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0221840B-C6DA-4CA9-82D3-3E647A66EDBC}: [DhcpNameServer] 192.168.44.2
Tcpip\..\Interfaces\{4701C615-2985-432E-87D9-498FF9DAB727}: [DhcpNameServer] 192.168.187.1
Tcpip\..\Interfaces\{48E1F1AB-C469-4D86-B8E3-E9BD89394F82}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{80B82E65-B0D1-4E76-A07F-6259AD41CD27}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ihotsee.com/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> G:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-05] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> G:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> G:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> G:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> G:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> G:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> G:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> G:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> G:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> G:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> G:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4139358893-2112486851-1280740277-1000: @my.com/Games -> G:\Users\kuureee\AppData\Local\MyComGames\NPMyComDetector.dll [2015-11-05] (My.com, Inc)

Chrome:
=======
CHR Profile: G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-14]
CHR Extension: (Google Drive) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14]
CHR Extension: (YouTube) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-14]
CHR Extension: (Google Search) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Google Sheets) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-14]
CHR Extension: (Google Docs Offline) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - G:\Users\kuureee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-14]

Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Violent monkey) - G:\Users\kuureee\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2016-04-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; G:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 JSWHwBtn; G:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe [16384 2008-02-29] () [File not signed]
S3 jswpsapi; G:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 Update service; G:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 VMAuthdService; F:\New folder (2)\vmware-authd.exe [87768 2014-07-02] (VMware, Inc.)
R2 WinDefend; G:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; G:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 dtsoftbus01; G:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-11-26] (Disc Soft Ltd)
S3 ebdrv; G:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 SASDIFSV; G:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; G:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; G:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R2 VMparport; G:\Windows\system32\drivers\VMparport.sys [32472 2014-07-02] (VMware, Inc.)
R0 vsock; G:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 catchme; \??\G:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 17:20 - 2016-04-12 17:20 - 02375168 _____ (Farbar) G:\Users\kuureee\Desktop\FRST64.exe
2016-04-12 17:20 - 2016-04-12 17:20 - 00011837 _____ G:\Users\kuureee\Desktop\FRST.txt
2016-04-12 17:20 - 2016-04-12 17:20 - 00000000 ____D G:\FRST
2016-04-10 01:46 - 2016-04-10 01:46 - 00003886 _____ G:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-04-10 01:12 - 2016-04-10 01:12 - 11626172 _____ G:\Users\kuureee\Desktop\Bog_i_rokenrol.pdf
2016-04-05 19:25 - 2016-04-05 19:25 - 00000000 ____D G:\AMD
2016-04-03 23:07 - 2016-04-03 23:07 - 00001945 _____ G:\Users\kuureee\Downloads\gkplugins-helper.user.js
2016-04-01 23:40 - 2016-04-01 23:40 - 00001080 _____ G:\Users\Public\Desktop\VLC media player.lnk
2016-04-01 23:40 - 2016-04-01 23:40 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-01 23:40 - 2016-04-01 23:40 - 00000000 ____D G:\Program Files (x86)\VideoLAN
2016-03-28 06:40 - 2016-04-12 16:30 - 00000000 ____D G:\Users\kuureee\AppData\LocalLow\uTorrent
2016-03-19 01:36 - 2016-03-19 02:50 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\Wise Auto Shutdown
2016-03-19 01:36 - 2016-03-19 01:36 - 00001230 _____ G:\Users\Public\Desktop\Wise Auto Shutdown.lnk
2016-03-19 01:36 - 2016-03-19 01:36 - 00000000 ____D G:\Windows\System32\Tasks\WiseCleaner
2016-03-19 01:36 - 2016-03-19 01:36 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Auto Shutdown
2016-03-19 01:36 - 2016-03-19 01:36 - 00000000 ____D G:\Program Files (x86)\Wise
2016-03-19 01:32 - 2016-03-19 01:32 - 00000000 ____D G:\Users\kuureee\Desktop\Brzi_shutdown
2016-03-19 01:31 - 2016-03-19 10:12 - 00000308 _____ G:\Windows\Tasks\At1.job
2016-03-19 01:31 - 2016-03-19 01:31 - 00001288 _____ G:\Windows\System32\Tasks\At1
2016-03-18 19:52 - 2016-03-18 19:52 - 00000533 _____ G:\Users\kuureee\Desktop\rtv1.asx
2016-03-18 18:11 - 2016-04-02 00:11 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\vlc
2016-03-18 18:11 - 2016-03-18 18:11 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeZ Online TV
2016-03-18 18:11 - 2016-03-18 18:11 - 00000000 ____D G:\Program Files (x86)\FreeZ Online TV
2016-03-18 18:06 - 2016-03-18 18:06 - 00000000 ____D G:\ProgramData\Readon
2016-03-18 18:01 - 2016-03-21 19:50 - 00000000 ____D G:\Users\kuureee\Documents\Readon Player
2016-03-18 18:01 - 2016-03-18 18:01 - 00003127 _____ G:\Users\kuureee\Desktop\Readon TV Movie Radio Player.lnk
2016-03-18 18:01 - 2016-03-18 18:01 - 00003087 _____ G:\Users\kuureee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Readon TV Movie Radio Player.lnk
2016-03-18 18:01 - 2016-03-18 18:01 - 00000000 ____D G:\Users\kuureee\AppData\Local\Readon_Technology
2016-03-18 18:01 - 2016-03-18 18:01 - 00000000 ____D G:\Program Files (x86)\Readon Technology
2016-03-13 11:30 - 2016-03-13 11:30 - 00000000 ____D G:\ProgramData\Steam
2016-03-13 10:26 - 2016-03-13 10:26 - 00000693 _____ G:\Users\Public\Desktop\Hitman Absolution - Professional Edition.lnk
2016-03-13 10:26 - 2016-03-13 10:26 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 17:02 - 2015-11-05 00:58 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\TS3Client
2016-04-12 16:50 - 2015-11-05 00:48 - 00192216 _____ (Malwarebytes) G:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-12 16:39 - 2009-07-14 06:45 - 00021072 ____H G:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-12 16:39 - 2009-07-14 06:45 - 00021072 ____H G:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-12 16:36 - 2015-11-07 17:53 - 00000000 ____D G:\Users\kuureee\Documents\ViberDownloads
2016-04-12 16:36 - 2009-07-14 07:13 - 00785510 _____ G:\Windows\system32\PerfStringBackup.INI
2016-04-12 16:36 - 2009-07-14 05:20 - 00000000 ____D G:\Windows\inf
2016-04-12 16:32 - 2015-11-29 18:46 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\foobar2000
2016-04-12 16:30 - 2016-01-17 11:35 - 00000374 _____ G:\Windows\system32\Drivers\etc\hosts.ics
2016-04-12 16:30 - 2016-01-13 09:12 - 00000000 ____D G:\ProgramData\VMware
2016-04-12 16:30 - 2015-11-05 01:01 - 00000894 _____ G:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-12 16:30 - 2015-11-05 00:37 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\uTorrent
2016-04-12 16:30 - 2015-11-05 00:02 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\ViberPC
2016-04-12 16:30 - 2009-07-14 07:08 - 00000006 ____H G:\Windows\Tasks\SA.DAT
2016-04-12 01:27 - 2015-11-05 01:01 - 00000898 _____ G:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 22:41 - 2015-11-05 01:01 - 00002217 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 22:41 - 2015-11-05 01:01 - 00002205 _____ G:\Users\Public\Desktop\Google Chrome.lnk
2016-04-10 15:22 - 2016-02-13 17:05 - 00000000 ____D G:\Users\kuureee\Desktop\SLIKE
2016-04-10 03:00 - 2015-11-04 23:54 - 00000000 ____D G:\Users\kuureee\AppData\Local\ElevatedDiagnostics
2016-04-10 01:46 - 2015-11-05 00:39 - 00002441 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-10 01:13 - 2015-11-05 00:37 - 00000000 ____D G:\ProgramData\Adobe
2016-04-09 21:07 - 2016-01-10 19:37 - 00000000 ____D G:\Program Files\SUPERAntiSpyware
2016-04-06 21:58 - 2016-01-07 23:40 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\TeamViewer
2016-04-06 17:01 - 2015-11-05 00:57 - 00000000 ____D G:\Program Files\TeamSpeak 3 Client
2016-04-04 20:46 - 2015-11-05 01:43 - 00000000 ____D G:\Users\kuureee\AppData\Local\MyComGames
2016-04-03 22:56 - 2015-11-22 23:31 - 00000000 ____D G:\Users\kuureee\Downloads\PopcornTime
2016-03-31 23:15 - 2009-07-14 05:20 - 00000000 ____D G:\Windows\system32\NDF
2016-03-30 18:25 - 2015-11-05 00:14 - 00003850 _____ G:\Windows\System32\Tasks\Opera scheduled Autoupdate 1446675288
2016-03-30 18:25 - 2015-11-05 00:13 - 00000000 ____D G:\Program Files (x86)\Opera
2016-03-28 23:24 - 2016-03-06 21:48 - 00000000 ____D G:\Users\kuureee\Desktop\New folder
2016-03-26 18:42 - 2015-11-05 00:47 - 00001116 _____ G:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-26 18:42 - 2015-11-05 00:47 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-26 18:42 - 2015-11-05 00:47 - 00000000 ____D G:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-20 16:59 - 2015-11-13 21:31 - 00000000 ____D G:\ProgramData\ProductData
2016-03-16 19:10 - 2016-03-05 01:14 - 00001862 _____ G:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-03-13 09:58 - 2015-11-26 19:41 - 00000000 ____D G:\Users\kuureee\AppData\Roaming\DAEMON Tools Lite

==================== Files in the root of some directories =======

2016-02-11 23:48 - 2016-02-11 23:48 - 7767040 _____ () G:\Users\kuureee\AppData\Roaming\agent.dat
2016-02-11 23:48 - 2016-02-11 23:48 - 0126976 _____ () G:\Users\kuureee\AppData\Roaming\Installer.dat
2016-02-11 23:48 - 2016-02-11 23:48 - 1826477 _____ () G:\Users\kuureee\AppData\Roaming\Lam-Zap.tst
2016-02-11 23:48 - 2016-02-11 23:48 - 0018432 _____ () G:\Users\kuureee\AppData\Roaming\Main.dat
2015-11-08 11:34 - 2016-03-05 12:40 - 0007612 _____ () G:\Users\kuureee\AppData\Local\resmon.resmoncfg
2015-11-14 21:32 - 2015-11-14 21:32 - 0000098 _____ () G:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
G:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
G:\Windows\Tasks\At1.job


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

G:\Windows\system32\winlogon.exe => File is digitally signed
G:\Windows\system32\wininit.exe => File is digitally signed
G:\Windows\SysWOW64\wininit.exe => File is digitally signed
G:\Windows\explorer.exe => File is digitally signed
G:\Windows\SysWOW64\explorer.exe => File is digitally signed
G:\Windows\system32\svchost.exe => File is digitally signed
G:\Windows\SysWOW64\svchost.exe => File is digitally signed
G:\Windows\system32\services.exe => File is digitally signed
G:\Windows\system32\User32.dll => File is digitally signed
G:\Windows\SysWOW64\User32.dll => File is digitally signed
G:\Windows\system32\userinit.exe => File is digitally signed
G:\Windows\SysWOW64\userinit.exe => File is digitally signed
G:\Windows\system32\rpcss.dll => File is digitally signed
G:\Windows\system32\dnsapi.dll => File is digitally signed
G:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
G:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-10 02:52

==================== End of FRST.txt ============================/citat]






mycity.rs/must-login.png

Hvala u napred.....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Task: {778EBD63-7DD0-46CD-A61C-1EF530FEC7B6} - System32\Tasks\At1 => shutdown <==== ATTENTION
Task: G:\Windows\Tasks\At1.job => shutdown SYSTEM Created by NetScheduleJobAdd
hosts:
ShortcutWithArgument: G:\Users\kuureee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> G:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: G:\Users\kuureee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: G:\Users\kuureee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> G:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: G:\Users\kuureee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: G:\Users\kuureee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> G:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: G:\Users\Public\Desktop\Google Chrome.lnk -> G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ATTENTION: System Restore is disabled
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4139358893-2112486851-1280740277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\G:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-11-14 21:32 - 2015-11-14 21:32 - 0000098 _____ () G:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
G:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-02-11 23:48 - 2016-02-11 23:48 - 7767040 _____ () G:\Users\kuureee\AppData\Roaming\agent.dat
2016-02-11 23:48 - 2016-02-11 23:48 - 0126976 _____ () G:\Users\kuureee\AppData\Roaming\Installer.dat
2016-02-11 23:48 - 2016-02-11 23:48 - 1826477 _____ () G:\Users\kuureee\AppData\Roaming\Lam-Zap.tst
2016-02-11 23:48 - 2016-02-11 23:48 - 0018432 _____ () G:\Users\kuureee\AppData\Roaming\Main.dat
2015-11-08 11:34 - 2016-03-05 12:40 - 0007612 _____ () G:\Users\kuureee\AppData\Local\resmon.resmoncfg
2015-11-14 21:32 - 2015-11-14 21:32 - 0000098 _____ () G:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
cmd: ipconfig /flushdns

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Hvala


mycity.rs/must-login.png



mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To bi bilo to, bilo je nekog malware-a na racunaru ali nista strasno.

Ukljuci System Restore prema ovom uputstu i to bi bilo to ukoliko nemas jos neki problem.

http://www.mycity.rs/MyCity-Laboratorija/Kako-iskl.....a-7-8.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nista vise.

Hvala najlepse....