Posle promene antivirusa usporen racunar

1

Posle promene antivirusa usporen racunar

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Pozdrav, do juce sam imao AVG 2015, pre mesec dana mi se pojavila opcija da izaberem trial verziju sa pojacanom zastitom nekom, i prihvatio sam, medjutim kad je istekla a istekla je juce, ja sam deinstalirao AVG 2015 i probao antivirus Microsoft Security Essential ali nije mi se dopao pa sam skinuo Eset NOD32 9, i onda sam primetio da mi npr tokom igranja igrice itd. racunar baguje, igrice baguju, sistem se po mom misljenju sporije pali. Evo da dam i konfiguraciju racunara da ne bude da je do slabe konfiguracije. Imam 4gb rama, AMD Radeon HD 6410D i 2.50ghz, mislim da nije slaba. Problem se znaci javio od juce.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Home (administrator) on HOME-PC (24-02-2016 15:26:35)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [9728 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe - prečica.lnk [2016-02-01]
ShortcutTarget: ctfmon.exe - prečica.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 mpa.one.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2EEAB71-9E59-4F0A-A90F-D432E29D2661}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051
FF NewTab: www.google.rs
FF DefaultSearchEngine: Google (Default)
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\google-default.xml [2016-01-05]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\Search Provided by Yahoo.xml [2016-02-18]
FF Extension: FlashGot - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-07-24]
FF Extension: Price Rocket - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\support@pricerocket.net.xpi [2015-11-01]
FF Extension: Charles Autoconfiguration - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2016-02-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Provided by Yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2014-10-14] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521080 2015-11-19] (ESET)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2004488 2015-07-22] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-10] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-19] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [170792 2015-11-16] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 15:26 - 2016-02-24 15:27 - 00019387 _____ C:\Users\Home\Desktop\FRST.txt
2016-02-24 15:26 - 2016-02-24 15:26 - 00000000 ____D C:\FRST
2016-02-24 15:25 - 2016-02-24 15:25 - 02371072 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2016-02-23 20:23 - 2016-02-23 20:23 - 00002012 _____ C:\Users\Home\Desktop\ESET NOD32 Antivirus.lnk
2016-02-23 20:18 - 2016-02-23 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-02-23 20:18 - 2016-02-23 20:18 - 00000000 ____D C:\ProgramData\ESET
2016-02-23 20:16 - 2016-02-23 20:16 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:22 - 2016-02-23 19:34 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-23 19:21 - 2016-02-23 19:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-23 19:21 - 2016-02-23 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-18 18:02 - 2016-02-18 18:02 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-02-18 17:46 - 2016-02-18 17:48 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-02-18 17:42 - 2016-02-18 20:21 - 00000000 ____D C:\Users\Home\AppData\LocalLow\uTorrent
2016-02-16 19:36 - 2016-02-19 20:40 - 00000151 _____ C:\Users\Home\Desktop\LAJSNE.txt
2016-02-15 19:55 - 2016-02-15 20:37 - 01353330 _____ C:\Users\Home\Desktop\MR - Internet bankarstvo u savremenom poslovanju prednosti i nedostaci.pdf
2016-02-15 13:24 - 2016-02-15 13:24 - 00000000 ____D C:\Users\Home\AppData\Local\Avg2015
2016-02-12 12:27 - 2016-02-12 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-08 20:18 - 2016-02-08 20:18 - 00000346 _____ C:\Windows\Tasks\0116pizUpdateInfo.job
2016-02-08 20:18 - 2016-02-08 20:18 - 00000000 ____D C:\ProgramData\Avg_Update_0116piz
2016-02-08 20:12 - 2016-02-23 18:52 - 00000000 ___HD C:\$AVG
2016-02-08 20:08 - 2016-02-24 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-04 12:40 - 2016-02-04 12:40 - 00000000 ____D C:\Users\Home\AppData\Roaming\Charles
2016-02-03 15:54 - 2016-02-03 15:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e92b88e8ff0.job
2016-02-02 18:07 - 2016-02-02 18:14 - 00000000 ____D C:\Users\Home\AppData\Roaming\8BallRuler1
2016-02-02 18:07 - 2016-02-02 18:07 - 00000715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8BallRuler.lnk
2016-02-02 18:07 - 2016-02-02 18:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-02 18:07 - 2016-02-02 18:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 14:47 - 2014-06-10 19:15 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2016-02-24 14:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-23 21:08 - 2013-07-30 18:46 - 00000000 ____D C:\Users\Home\AppData\Roaming\Disk Cleaner
2016-02-23 20:52 - 2015-10-09 16:27 - 00000544 _____ C:\DelFix.txt
2016-02-23 20:47 - 2015-02-26 15:44 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-23 20:47 - 2014-04-19 10:11 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-23 18:57 - 2015-05-30 10:11 - 00000000 ____D C:\Users\Home\AppData\Local\Avg
2016-02-23 18:57 - 2013-04-02 16:56 - 00000000 ____D C:\ProgramData\MFAData
2016-02-23 17:09 - 2015-12-21 20:34 - 00000000 ____D C:\Users\Home\AppData\Roaming\.minecraft
2016-02-21 10:45 - 2014-11-18 16:11 - 00000000 ____D C:\Users\Home\Documents\Euro Truck Simulator 2
2016-02-20 12:48 - 2014-05-17 20:14 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 17:49 - 2014-10-16 18:24 - 00000000 ____D C:\Users\Home\AppData\Local\Adobe
2016-02-19 17:49 - 2013-06-29 12:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-19 17:49 - 2013-04-01 16:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-19 17:49 - 2013-04-01 16:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-18 17:40 - 2014-05-29 16:04 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-18 16:11 - 2015-06-04 11:17 - 00000000 ___RD C:\Users\Home\Desktop\Ikonice
2016-02-15 13:25 - 2015-10-25 14:21 - 00000000 ____D C:\Users\Home\AppData\Local\AvgSetupLog
2016-02-15 12:33 - 2016-01-20 20:10 - 00000000 ____D C:\Users\Home\Desktop\Nova fascikla
2016-02-12 16:36 - 2015-07-27 11:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-11 14:10 - 2014-09-08 07:52 - 00000000 ____D C:\Users\Home\Documents\Bandicam
2016-02-08 20:12 - 2013-06-26 18:33 - 00000000 ____D C:\ProgramData\AVG
2016-02-08 20:00 - 2009-07-14 05:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-08 20:00 - 2009-07-14 05:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-08 10:57 - 2014-10-22 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-08 10:57 - 2013-06-21 13:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-08 10:56 - 2015-08-31 09:25 - 00000000 ____D C:\Users\Home\.oracle_jre_usage
2016-02-08 10:56 - 2014-10-22 13:42 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-04 12:45 - 2013-06-26 15:03 - 00000000 ____D C:\Users\Home\AppData\Local\Google
2016-02-03 15:54 - 2013-09-30 08:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 18:07 - 2015-07-13 13:31 - 00000000 ____D C:\ProgramData\Adobe
2016-02-02 18:07 - 2014-01-04 13:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-30 18:13 - 2016-01-05 11:16 - 00001322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-01-30 18:13 - 2016-01-05 11:16 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-01-30 18:13 - 2015-07-27 11:36 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-30 18:13 - 2013-04-01 23:06 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-30 18:13 - 2013-04-01 23:05 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-30 18:13 - 2009-07-14 05:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-30 18:13 - 2009-07-14 05:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-30 18:13 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-30 18:13 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-30 18:12 - 2015-07-27 11:36 - 00001510 _____ C:\Users\Home\Desktop\Mozilla Firefox.lnk
2016-01-30 18:12 - 2015-06-22 13:34 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
2016-01-30 18:12 - 2015-01-23 17:44 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-30 18:12 - 2014-01-01 13:56 - 00002104 _____ C:\Users\Home\Desktop\Google Earth.lnk
2016-01-30 18:12 - 2013-04-02 18:04 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-01-30 18:12 - 2013-04-01 14:11 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-30 18:12 - 2013-04-01 14:11 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-30 18:12 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-30 18:12 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-29 19:21 - 2013-05-30 14:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-29 16:13 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-04-22 20:43 - 2015-04-22 20:44 - 0027136 ___SH () C:\Users\Home\AppData\Roaming\Thumbs.db
2014-11-22 21:03 - 2014-11-22 21:03 - 0018363 _____ () C:\Users\Home\AppData\Roaming\UserTile.png
2014-08-26 18:05 - 2014-08-26 18:05 - 0004608 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-30 18:32 - 2013-07-30 18:32 - 0000017 _____ () C:\Users\Home\AppData\Local\resmon.resmoncfg
2014-08-17 15:35 - 2014-08-17 15:35 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-08-17 15:35 - 2015-04-23 16:43 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml
2015-02-22 19:06 - 2015-02-22 19:06 - 0000111 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 08:55

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pozdrav! Smile

Zamolio bih te da preuzmes AVG Uninstaller alat kako bi uklonili ostatke AVG-a: http://download.avg.com/filedir/util/AVG_Remover.exe

Nakon toga, restartuj racunar i postavi nove FRST izvestaje, isti princip kao i kada si otvorio ovu temu Smile

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Pozdrav return void, uradio sam to kako si mi rekao i pise da ne postoji ni jedan AVG program u mom kompjuteru, tj. da sam sve deinstalirao/ocistio

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Malo je nejasno da li ti je to program rekao pre ili posle ciscenja istim. Molio bih te da postavis nove FRST izvestaje Smile

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Pokrenuo sam ono kao skeniranje tj da on nadje i ukloni ako ima, i pisalo je da nema niceg. Evo postavicu sad, ako treba da skeniram opet?

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Ako nista nije pronadjeno, onda nema potrebe da ponovo skeniras, samo dostavi nove FRST izvestaje.

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Home (administrator) on HOME-PC (26-02-2016 15:57:21)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(2K Sports) D:\Game\NBA 2K13\nba2k13.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [9728 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe - prečica.lnk [2016-02-01]
ShortcutTarget: ctfmon.exe - prečica.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 mpa.one.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2EEAB71-9E59-4F0A-A90F-D432E29D2661}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051
FF NewTab: www.google.rs
FF DefaultSearchEngine: Google (Default)
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\google-default.xml [2016-01-05]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\Search Provided by Yahoo.xml [2016-02-18]
FF Extension: FlashGot - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-07-24]
FF Extension: Price Rocket - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\support@pricerocket.net.xpi [2015-11-01]
FF Extension: Charles Autoconfiguration - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2016-02-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-04]

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 26 Feb 2016 17:52

Nisi kopirao kompletan sadrzaj FRST.txt izvestaja u post. Addition.txt je u redu, ali FRST.txt nije.

Dopuna: 26 Feb 2016 17:57

Ne moras ponovo da skeniras, samo kopiraj lepo ceo sadrzaj FRST.txt izvestaja.
U slucaju da si ga obrisao, uradi opet skeniranje, pa postavi onda lepo oba izvestaja.

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Napisano: 26 Feb 2016 18:50

Rado, ali sam imao neki windows update i sad kad pokrecem racunar stane mi na configuration updates na 12% i ne mrda nikako...

Dopuna: 26 Feb 2016 19:49

Sredio sam ovo da znas samo, evo radim FRST opet

Dopuna: 26 Feb 2016 21:22

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Home (administrator) on HOME-PC (26-02-2016 20:07:01)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotator.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [9728 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 mpa.one.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2EEAB71-9E59-4F0A-A90F-D432E29D2661}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051
FF NewTab: www.google.rs
FF DefaultSearchEngine: Google (Default)
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\google-default.xml [2016-01-05]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\Search Provided by Yahoo.xml [2016-02-18]
FF Extension: FlashGot - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-07-24]
FF Extension: Price Rocket - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\support@pricerocket.net.xpi [2015-11-01]
FF Extension: Charles Autoconfiguration - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2016-02-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2014-10-14] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521080 2015-11-19] (ESET)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2004488 2015-07-22] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-10] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-19] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [170792 2015-11-16] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 20:05 - 2016-02-26 20:05 - 00000000 ____D C:\Program Files\KoshyJohn.com
2016-02-26 20:05 - 2016-02-26 20:05 - 00000000 ____D C:\Program Files (x86)\KoshyJohn.com
2016-02-26 18:29 - 2016-02-26 18:50 - 00434212 _____ C:\Windows\ntbtlog.txt
2016-02-25 18:43 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-02-25 18:43 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-02-25 18:43 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-02-25 18:42 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-25 18:41 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-02-25 18:41 - 2015-02-18 08:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-02-25 18:40 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-02-25 18:40 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2016-02-25 18:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-25 18:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-25 18:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-25 18:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-25 18:40 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-25 18:40 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-25 18:40 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-25 18:40 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-25 18:40 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-25 18:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-25 18:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-02-25 18:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-02-25 18:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-02-25 18:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-02-25 18:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-02-25 18:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-02-25 18:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-02-25 18:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-02-25 18:39 - 2012-06-16 06:16 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-25 18:39 - 2012-06-16 06:15 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-25 18:39 - 2012-06-16 05:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-25 18:39 - 2012-06-16 05:26 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-25 18:34 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-02-25 18:34 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-02-25 18:20 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-25 18:20 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-25 18:19 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-25 18:19 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-25 18:19 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-25 18:19 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-25 18:19 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-25 18:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-25 18:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-25 18:09 - 2015-09-02 04:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-02-25 18:09 - 2015-09-02 04:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-02-25 18:09 - 2015-09-02 04:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-02-25 18:09 - 2015-09-02 04:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-02-25 18:09 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-02-25 18:09 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-02-25 18:09 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-02-25 18:09 - 2015-09-02 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-02-25 18:09 - 2015-09-02 02:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-02-25 18:09 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-25 18:02 - 2015-02-04 04:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-02-25 18:02 - 2015-02-04 03:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-02-25 17:25 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-02-25 17:25 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-02-25 17:25 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-02-25 17:25 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-02-25 17:25 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-02-25 17:25 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-02-25 17:25 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-02-25 17:25 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-02-23 20:16 - 2016-02-23 20:16 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:22 - 2016-02-23 19:34 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-23 19:21 - 2016-02-23 19:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-23 19:21 - 2016-02-23 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-18 17:46 - 2016-02-18 17:48 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-02-12 12:27 - 2016-02-25 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-08 20:18 - 2016-02-08 20:18 - 00000346 _____ C:\Windows\Tasks\0116pizUpdateInfo.job
2016-02-08 20:12 - 2016-02-23 18:52 - 00000000 ___HD C:\$AVG
2016-02-03 15:54 - 2016-02-03 15:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e92b88e8ff0.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 20:00 - 2013-09-30 08:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-26 19:57 - 2015-10-09 16:27 - 00000644 _____ C:\DelFix.txt
2016-02-26 19:44 - 2013-09-30 08:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-26 19:43 - 2013-04-01 14:10 - 00000000 ____D C:\Users\Home
2016-02-26 19:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-26 19:41 - 2013-09-24 17:18 - 00407392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-26 19:15 - 2013-06-29 12:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-26 18:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-26 17:07 - 2013-12-03 12:21 - 00765280 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-26 17:07 - 2009-07-14 06:13 - 00765280 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-25 20:35 - 2015-07-27 11:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-24 16:20 - 2013-06-29 12:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-24 16:02 - 2009-07-14 05:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-24 16:02 - 2009-07-14 05:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-23 20:47 - 2015-02-26 15:44 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-23 20:47 - 2014-04-19 10:11 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-19 17:49 - 2013-04-01 16:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-19 17:49 - 2013-04-01 16:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-18 17:40 - 2014-05-29 16:04 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-08 10:57 - 2013-06-21 13:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-08 10:56 - 2014-10-22 13:42 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-02 18:07 - 2014-01-04 13:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-29 19:21 - 2013-05-30 14:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-04-22 20:43 - 2015-04-22 20:44 - 0027136 ___SH () C:\Users\Home\AppData\Roaming\Thumbs.db
2014-11-22 21:03 - 2014-11-22 21:03 - 0018363 _____ () C:\Users\Home\AppData\Roaming\UserTile.png
2014-08-26 18:05 - 2014-08-26 18:05 - 0004608 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-30 18:32 - 2013-07-30 18:32 - 0000017 _____ () C:\Users\Home\AppData\Local\resmon.resmoncfg
2014-08-17 15:35 - 2014-08-17 15:35 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-08-17 15:35 - 2015-04-23 16:43 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml
2015-02-22 19:06 - 2015-02-22 19:06 - 0000111 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 08:55

==================== End of FRST.txt ============================

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napominjem da cemo sada ukloniti ostatke AVG-a, posto ih zvanicni AVG Uninstaller nije pronasao/uklonio.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

BootExecute: autocheck autochk * sdnclean64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
Task: {45741D19-FFF5-4F5F-877D-1BE9DA20F9BA} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-10] ()
C:\Program Files (x86)\AVG Web TuneUp
Task: C:\Windows\Tasks\0116pizUpdateInfo.job => C:\ProgramData\Avg_Update_0116piz\0116piz_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
2015-02-26 15:44 - 2015-07-10 18:24 - 01195920 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0215tb
C:\Program Files (x86)\AVG Web TuneUp
2016-02-08 20:12 - 2016-02-23 18:52 - 00000000 ___HD C:\$AVG
2016-02-08 20:08 - 2016-02-24 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-15 13:24 - 2016-02-15 13:24 - 00000000 ____D C:\Users\Home\AppData\Local\Avg2015
2016-02-23 20:47 - 2015-02-26 15:44 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-23 20:47 - 2014-04-19 10:11 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-23 18:57 - 2015-05-30 10:11 - 00000000 ____D C:\Users\Home\AppData\Local\Avg


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.


Nakon toga,

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

Ko je trenutno na forumu
 

Ukupno su 708 korisnika na forumu :: 45 registrovanih, 8 sakrivenih i 655 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2413 - dana 03 Okt 2019 05:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., aljosa7, Apok, Atomski čoban, Bane san, bato3, bojank2, celik, dino.usa, FOX, gorozup, hyla, ILGromovnik, Iwo Jima, janezek67, jovan.simovic97, Kubovac, mandicdamir245, maximumspid, MB120mm, mgaji21, Milan A. Nikolic, miodrag2, NenadG, nuke92, Oscar2, pajkan, proleter373, repac, riva2, S-lash, sale755, Sall, stalker, t84dar, todmio, Trpe Grozni, vasa.93, Vezista2, vlad the impaler, W123, wizzardone, yrraf, YU-UKI