Posle promene antivirusa usporen racunar

1

Posle promene antivirusa usporen racunar

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Pozdrav, do juce sam imao AVG 2015, pre mesec dana mi se pojavila opcija da izaberem trial verziju sa pojacanom zastitom nekom, i prihvatio sam, medjutim kad je istekla a istekla je juce, ja sam deinstalirao AVG 2015 i probao antivirus Microsoft Security Essential ali nije mi se dopao pa sam skinuo Eset NOD32 9, i onda sam primetio da mi npr tokom igranja igrice itd. racunar baguje, igrice baguju, sistem se po mom misljenju sporije pali. Evo da dam i konfiguraciju racunara da ne bude da je do slabe konfiguracije. Imam 4gb rama, AMD Radeon HD 6410D i 2.50ghz, mislim da nije slaba. Problem se znaci javio od juce.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Home (administrator) on HOME-PC (24-02-2016 15:26:35)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [9728 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe - prečica.lnk [2016-02-01]
ShortcutTarget: ctfmon.exe - prečica.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 mpa.one.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2EEAB71-9E59-4F0A-A90F-D432E29D2661}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051
FF NewTab: www.google.rs
FF DefaultSearchEngine: Google (Default)
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\google-default.xml [2016-01-05]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\Search Provided by Yahoo.xml [2016-02-18]
FF Extension: FlashGot - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-07-24]
FF Extension: Price Rocket - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\support@pricerocket.net.xpi [2015-11-01]
FF Extension: Charles Autoconfiguration - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2016-02-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Provided by Yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2014-10-14] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521080 2015-11-19] (ESET)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2004488 2015-07-22] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-10] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-19] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [170792 2015-11-16] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 15:26 - 2016-02-24 15:27 - 00019387 _____ C:\Users\Home\Desktop\FRST.txt
2016-02-24 15:26 - 2016-02-24 15:26 - 00000000 ____D C:\FRST
2016-02-24 15:25 - 2016-02-24 15:25 - 02371072 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2016-02-23 20:23 - 2016-02-23 20:23 - 00002012 _____ C:\Users\Home\Desktop\ESET NOD32 Antivirus.lnk
2016-02-23 20:18 - 2016-02-23 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-02-23 20:18 - 2016-02-23 20:18 - 00000000 ____D C:\ProgramData\ESET
2016-02-23 20:16 - 2016-02-23 20:16 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:22 - 2016-02-23 19:34 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-23 19:21 - 2016-02-23 19:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-23 19:21 - 2016-02-23 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-18 18:02 - 2016-02-18 18:02 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-02-18 17:46 - 2016-02-18 17:48 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-02-18 17:42 - 2016-02-18 20:21 - 00000000 ____D C:\Users\Home\AppData\LocalLow\uTorrent
2016-02-16 19:36 - 2016-02-19 20:40 - 00000151 _____ C:\Users\Home\Desktop\LAJSNE.txt
2016-02-15 19:55 - 2016-02-15 20:37 - 01353330 _____ C:\Users\Home\Desktop\MR - Internet bankarstvo u savremenom poslovanju prednosti i nedostaci.pdf
2016-02-15 13:24 - 2016-02-15 13:24 - 00000000 ____D C:\Users\Home\AppData\Local\Avg2015
2016-02-12 12:27 - 2016-02-12 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-08 20:18 - 2016-02-08 20:18 - 00000346 _____ C:\Windows\Tasks\0116pizUpdateInfo.job
2016-02-08 20:18 - 2016-02-08 20:18 - 00000000 ____D C:\ProgramData\Avg_Update_0116piz
2016-02-08 20:12 - 2016-02-23 18:52 - 00000000 ___HD C:\$AVG
2016-02-08 20:08 - 2016-02-24 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-04 12:40 - 2016-02-04 12:40 - 00000000 ____D C:\Users\Home\AppData\Roaming\Charles
2016-02-03 15:54 - 2016-02-03 15:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e92b88e8ff0.job
2016-02-02 18:07 - 2016-02-02 18:14 - 00000000 ____D C:\Users\Home\AppData\Roaming\8BallRuler1
2016-02-02 18:07 - 2016-02-02 18:07 - 00000715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8BallRuler.lnk
2016-02-02 18:07 - 2016-02-02 18:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-02 18:07 - 2016-02-02 18:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 14:47 - 2014-06-10 19:15 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2016-02-24 14:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-23 21:08 - 2013-07-30 18:46 - 00000000 ____D C:\Users\Home\AppData\Roaming\Disk Cleaner
2016-02-23 20:52 - 2015-10-09 16:27 - 00000544 _____ C:\DelFix.txt
2016-02-23 20:47 - 2015-02-26 15:44 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-23 20:47 - 2014-04-19 10:11 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-23 18:57 - 2015-05-30 10:11 - 00000000 ____D C:\Users\Home\AppData\Local\Avg
2016-02-23 18:57 - 2013-04-02 16:56 - 00000000 ____D C:\ProgramData\MFAData
2016-02-23 17:09 - 2015-12-21 20:34 - 00000000 ____D C:\Users\Home\AppData\Roaming\.minecraft
2016-02-21 10:45 - 2014-11-18 16:11 - 00000000 ____D C:\Users\Home\Documents\Euro Truck Simulator 2
2016-02-20 12:48 - 2014-05-17 20:14 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 17:49 - 2014-10-16 18:24 - 00000000 ____D C:\Users\Home\AppData\Local\Adobe
2016-02-19 17:49 - 2013-06-29 12:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-19 17:49 - 2013-04-01 16:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-19 17:49 - 2013-04-01 16:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-18 17:40 - 2014-05-29 16:04 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-18 16:11 - 2015-06-04 11:17 - 00000000 ___RD C:\Users\Home\Desktop\Ikonice
2016-02-15 13:25 - 2015-10-25 14:21 - 00000000 ____D C:\Users\Home\AppData\Local\AvgSetupLog
2016-02-15 12:33 - 2016-01-20 20:10 - 00000000 ____D C:\Users\Home\Desktop\Nova fascikla
2016-02-12 16:36 - 2015-07-27 11:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-11 14:10 - 2014-09-08 07:52 - 00000000 ____D C:\Users\Home\Documents\Bandicam
2016-02-08 20:12 - 2013-06-26 18:33 - 00000000 ____D C:\ProgramData\AVG
2016-02-08 20:00 - 2009-07-14 05:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-08 20:00 - 2009-07-14 05:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-08 10:57 - 2014-10-22 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-08 10:57 - 2013-06-21 13:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-08 10:56 - 2015-08-31 09:25 - 00000000 ____D C:\Users\Home\.oracle_jre_usage
2016-02-08 10:56 - 2014-10-22 13:42 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-04 12:45 - 2013-06-26 15:03 - 00000000 ____D C:\Users\Home\AppData\Local\Google
2016-02-03 15:54 - 2013-09-30 08:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 18:07 - 2015-07-13 13:31 - 00000000 ____D C:\ProgramData\Adobe
2016-02-02 18:07 - 2014-01-04 13:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-30 18:13 - 2016-01-05 11:16 - 00001322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-01-30 18:13 - 2016-01-05 11:16 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-01-30 18:13 - 2015-07-27 11:36 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-30 18:13 - 2013-04-01 23:06 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-30 18:13 - 2013-04-01 23:05 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-30 18:13 - 2009-07-14 05:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-30 18:13 - 2009-07-14 05:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-30 18:13 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-30 18:13 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-30 18:12 - 2015-07-27 11:36 - 00001510 _____ C:\Users\Home\Desktop\Mozilla Firefox.lnk
2016-01-30 18:12 - 2015-06-22 13:34 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
2016-01-30 18:12 - 2015-01-23 17:44 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-30 18:12 - 2014-01-01 13:56 - 00002104 _____ C:\Users\Home\Desktop\Google Earth.lnk
2016-01-30 18:12 - 2013-04-02 18:04 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-01-30 18:12 - 2013-04-01 14:11 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-30 18:12 - 2013-04-01 14:11 - 00000080 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-30 18:12 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-30 18:12 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-29 19:21 - 2013-05-30 14:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-29 16:13 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-04-22 20:43 - 2015-04-22 20:44 - 0027136 ___SH () C:\Users\Home\AppData\Roaming\Thumbs.db
2014-11-22 21:03 - 2014-11-22 21:03 - 0018363 _____ () C:\Users\Home\AppData\Roaming\UserTile.png
2014-08-26 18:05 - 2014-08-26 18:05 - 0004608 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-30 18:32 - 2013-07-30 18:32 - 0000017 _____ () C:\Users\Home\AppData\Local\resmon.resmoncfg
2014-08-17 15:35 - 2014-08-17 15:35 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-08-17 15:35 - 2015-04-23 16:43 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml
2015-02-22 19:06 - 2015-02-22 19:06 - 0000111 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 08:55

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pozdrav! Smile

Zamolio bih te da preuzmes AVG Uninstaller alat kako bi uklonili ostatke AVG-a: http://download.avg.com/filedir/util/AVG_Remover.exe

Nakon toga, restartuj racunar i postavi nove FRST izvestaje, isti princip kao i kada si otvorio ovu temu Smile

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Pozdrav return void, uradio sam to kako si mi rekao i pise da ne postoji ni jedan AVG program u mom kompjuteru, tj. da sam sve deinstalirao/ocistio

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Malo je nejasno da li ti je to program rekao pre ili posle ciscenja istim. Molio bih te da postavis nove FRST izvestaje Smile

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Pokrenuo sam ono kao skeniranje tj da on nadje i ukloni ako ima, i pisalo je da nema niceg. Evo postavicu sad, ako treba da skeniram opet?

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Ako nista nije pronadjeno, onda nema potrebe da ponovo skeniras, samo dostavi nove FRST izvestaje.

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Home (administrator) on HOME-PC (26-02-2016 15:57:21)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(2K Sports) D:\Game\NBA 2K13\nba2k13.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [9728 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe - prečica.lnk [2016-02-01]
ShortcutTarget: ctfmon.exe - prečica.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 mpa.one.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2EEAB71-9E59-4F0A-A90F-D432E29D2661}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051
FF NewTab: www.google.rs
FF DefaultSearchEngine: Google (Default)
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\google-default.xml [2016-01-05]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\Search Provided by Yahoo.xml [2016-02-18]
FF Extension: FlashGot - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-07-24]
FF Extension: Price Rocket - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\support@pricerocket.net.xpi [2015-11-01]
FF Extension: Charles Autoconfiguration - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2016-02-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-04]

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 26 Feb 2016 17:52

Nisi kopirao kompletan sadrzaj FRST.txt izvestaja u post. Addition.txt je u redu, ali FRST.txt nije.

Dopuna: 26 Feb 2016 17:57

Ne moras ponovo da skeniras, samo kopiraj lepo ceo sadrzaj FRST.txt izvestaja.
U slucaju da si ga obrisao, uradi opet skeniranje, pa postavi onda lepo oba izvestaja.

offline
  • Mare Ivanović
  • Bokser
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Napisano: 26 Feb 2016 18:50

Rado, ali sam imao neki windows update i sad kad pokrecem racunar stane mi na configuration updates na 12% i ne mrda nikako...

Dopuna: 26 Feb 2016 19:49

Sredio sam ovo da znas samo, evo radim FRST opet

Dopuna: 26 Feb 2016 21:22

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Home (administrator) on HOME-PC (26-02-2016 20:07:01)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotator.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [9728 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 mpa.one.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2EEAB71-9E59-4F0A-A90F-D432E29D2661}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051
FF NewTab: www.google.rs
FF DefaultSearchEngine: Google (Default)
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\google-default.xml [2016-01-05]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\searchplugins\Search Provided by Yahoo.xml [2016-02-18]
FF Extension: FlashGot - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-07-24]
FF Extension: Price Rocket - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\support@pricerocket.net.xpi [2015-11-01]
FF Extension: Charles Autoconfiguration - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qu0bovtz.default-1434458251051\Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2016-02-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldastr_16_07_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Drs%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEzz0D0Czy0CyEzy0EtCtN0D0Tzu0StCyDtDzytN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyByDtAtDyByDtCtGyBzy0C0AtGyC0C0DyEtGtCyE0BzztGtA0ByB0FtA0EyEtB0EyByB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtC0AyCtAzytAzztGzz0EtBtBtGyE0E0FyEtGzzyBtC0BtG0A0CtD0B0A0B0ByCyEyEyE0C2QtN0A0LzutB%26cr%3D1609881185%26a%3Dwny_dnldastr_16_07_newdop%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2014-10-14] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521080 2015-11-19] (ESET)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2004488 2015-07-22] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-10] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-19] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [170792 2015-11-16] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 20:05 - 2016-02-26 20:05 - 00000000 ____D C:\Program Files\KoshyJohn.com
2016-02-26 20:05 - 2016-02-26 20:05 - 00000000 ____D C:\Program Files (x86)\KoshyJohn.com
2016-02-26 18:29 - 2016-02-26 18:50 - 00434212 _____ C:\Windows\ntbtlog.txt
2016-02-25 18:43 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-02-25 18:43 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-02-25 18:43 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-02-25 18:42 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-25 18:41 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-02-25 18:41 - 2015-02-18 08:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-02-25 18:40 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-02-25 18:40 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2016-02-25 18:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-25 18:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-25 18:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-25 18:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-25 18:40 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-25 18:40 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-25 18:40 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-25 18:40 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-25 18:40 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-25 18:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-25 18:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-02-25 18:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-02-25 18:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-02-25 18:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-02-25 18:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-02-25 18:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-02-25 18:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-02-25 18:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-02-25 18:39 - 2012-06-16 06:16 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-25 18:39 - 2012-06-16 06:15 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-25 18:39 - 2012-06-16 05:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-25 18:39 - 2012-06-16 05:26 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-25 18:34 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-02-25 18:34 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-02-25 18:20 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-25 18:20 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-25 18:19 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-25 18:19 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-25 18:19 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-25 18:19 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-25 18:19 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-25 18:19 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-25 18:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-25 18:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-25 18:09 - 2015-09-02 04:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-02-25 18:09 - 2015-09-02 04:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-02-25 18:09 - 2015-09-02 04:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-02-25 18:09 - 2015-09-02 04:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-02-25 18:09 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-02-25 18:09 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-02-25 18:09 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-02-25 18:09 - 2015-09-02 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-02-25 18:09 - 2015-09-02 02:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-02-25 18:09 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-25 18:02 - 2015-02-04 04:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-02-25 18:02 - 2015-02-04 03:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-02-25 17:25 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-02-25 17:25 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-02-25 17:25 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-02-25 17:25 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-02-25 17:25 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-02-25 17:25 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-02-25 17:25 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-02-25 17:25 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-02-23 20:16 - 2016-02-23 20:16 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:22 - 2016-02-23 19:34 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-23 19:21 - 2016-02-23 19:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-23 19:21 - 2016-02-23 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-18 17:46 - 2016-02-18 17:48 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-02-12 12:27 - 2016-02-25 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-08 20:18 - 2016-02-08 20:18 - 00000346 _____ C:\Windows\Tasks\0116pizUpdateInfo.job
2016-02-08 20:12 - 2016-02-23 18:52 - 00000000 ___HD C:\$AVG
2016-02-03 15:54 - 2016-02-03 15:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e92b88e8ff0.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 20:00 - 2013-09-30 08:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-26 19:57 - 2015-10-09 16:27 - 00000644 _____ C:\DelFix.txt
2016-02-26 19:44 - 2013-09-30 08:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-26 19:43 - 2013-04-01 14:10 - 00000000 ____D C:\Users\Home
2016-02-26 19:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-26 19:41 - 2013-09-24 17:18 - 00407392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-26 19:15 - 2013-06-29 12:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-26 18:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-26 17:07 - 2013-12-03 12:21 - 00765280 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-26 17:07 - 2009-07-14 06:13 - 00765280 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-25 20:35 - 2015-07-27 11:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-24 16:20 - 2013-06-29 12:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-24 16:02 - 2009-07-14 05:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-24 16:02 - 2009-07-14 05:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-23 20:47 - 2015-02-26 15:44 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-23 20:47 - 2014-04-19 10:11 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-19 17:49 - 2013-04-01 16:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-19 17:49 - 2013-04-01 16:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-18 17:40 - 2014-05-29 16:04 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-08 10:57 - 2013-06-21 13:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-08 10:56 - 2014-10-22 13:42 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-02 18:07 - 2014-01-04 13:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-29 19:21 - 2013-05-30 14:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-04-22 20:43 - 2015-04-22 20:44 - 0027136 ___SH () C:\Users\Home\AppData\Roaming\Thumbs.db
2014-11-22 21:03 - 2014-11-22 21:03 - 0018363 _____ () C:\Users\Home\AppData\Roaming\UserTile.png
2014-08-26 18:05 - 2014-08-26 18:05 - 0004608 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-30 18:32 - 2013-07-30 18:32 - 0000017 _____ () C:\Users\Home\AppData\Local\resmon.resmoncfg
2014-08-17 15:35 - 2014-08-17 15:35 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-08-17 15:35 - 2015-04-23 16:43 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml
2015-02-22 19:06 - 2015-02-22 19:06 - 0000111 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 08:55

==================== End of FRST.txt ============================

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napominjem da cemo sada ukloniti ostatke AVG-a, posto ih zvanicni AVG Uninstaller nije pronasao/uklonio.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

BootExecute: autocheck autochk * sdnclean64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
Task: {45741D19-FFF5-4F5F-877D-1BE9DA20F9BA} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-10] ()
C:\Program Files (x86)\AVG Web TuneUp
Task: C:\Windows\Tasks\0116pizUpdateInfo.job => C:\ProgramData\Avg_Update_0116piz\0116piz_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
2015-02-26 15:44 - 2015-07-10 18:24 - 01195920 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0215tb
C:\Program Files (x86)\AVG Web TuneUp
2016-02-08 20:12 - 2016-02-23 18:52 - 00000000 ___HD C:\$AVG
2016-02-08 20:08 - 2016-02-24 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-15 13:24 - 2016-02-15 13:24 - 00000000 ____D C:\Users\Home\AppData\Local\Avg2015
2016-02-23 20:47 - 2015-02-26 15:44 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-23 20:47 - 2014-04-19 10:11 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-23 18:57 - 2015-05-30 10:11 - 00000000 ____D C:\Users\Home\AppData\Local\Avg


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.


Nakon toga,

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

Ko je trenutno na forumu
 

Ukupno su 488 korisnika na forumu :: 4 registrovanih, 1 sakriven i 483 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, Atomski čoban, blue, Boris902