Provera

Provera

offline
  • Pridružio: 04 Feb 2016
  • Poruke: 15

Osjecam na neki nacin kao da mi komp ne radi u punoj snazi pa eto cisto da vidim mozda se negdje zavukao neki malware ili sl.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by Radovan (administrator) on RADOVANBRO (17-06-2016 21:51:24)
Running from C:\Users\Radovan\Desktop\HIGH QUALITY TEAM\komp\ciscenje
Loaded Profiles: Radovan (Available Profiles: Radovan)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(juvlarN) C:\Users\Radovan\Desktop\CSGO COLORS\vibrance.GUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Valve Corporation) E:\chrome\Steam.exe
(Valve Corporation) E:\chrome\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\chrome\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() E:\chrome\steamapps\common\Counter-Strike Global Offensive\csgo.exe
(Valve Corporation) E:\chrome\GameOverlayUI.exe
(NVIDIA Corporation) C:\Users\Radovan\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Valve Corporation) E:\chrome\bin\steamwebhelper.exe
(Valve Corporation) E:\chrome\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7016520 2013-02-05] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BaiduAnTray] => "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnTray.exe" -stmd=3
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Tv-Plug-In] => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [Steam] => E:\chrome\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.exe [330088 2016-02-09] ( New Softwares.net)
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [FLBackup] => D:\NewSoftware's\Folder Lock\FLComServCtrl.exe
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-02-25] (Electronic Arts)
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [vibranceGUI] => C:\Users\Radovan\Desktop\CSGO COLORS\vibrance.GUI.exe [1072128 2015-05-26] (juvlarN)
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\Run: [Discord] => C:\Users\Radovan\AppData\Local\Discord\app-0.0.291\Discord.exe [57929912 2016-06-02] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\MountPoints2: {b753c4c5-b634-11e5-826d-d850e64f7229} - "G:\setup.exe"
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2016-02-06] (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2D294CE7-D102-49D4-81DC-CDE0E324DE82}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw5rzmNL8k9u9C8_SHRWUQqXT8tW5KzQBhcrUSztZY50NT6eMngMhH9gE1DyYmEOnlwIxbksOI6HtrYH9tjQ3f4kJvGaZBwK-eUwMxVY0Bj4y4rtKRAITip9NKObtRlVanf1XU3o-LwC3Zxt6ctsuHYjcs0ZhEPSbx3LwE1o5u3U,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1253670554-4095963223-1536109650-1001 -> DefaultScope {ielnksrch} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw5rzmNL8k9u9C8_SHRWUQqXT8tW5KzQBhcrUSztZY50NT6eMngMhH9gE1DyYmEOnlwIxbksOI6HtrY0Cs5fXBbeuTjIz46AkvANPxNoZbrKyPFz6lLbvKXJt555QeCPMea5BZkUu4hpnIqp5_ygdIl1ynZKsLbwrVFtCkkOGnro,
CHR StartupUrls: Default -> "hxxp://www.mysites123.com/?type=hp&ts=1454954223&z=7d4320b8deb9c72e6853f26gcz3w1z1tawbz2o0o3c&from=amt&uid=wdcxwd5000avvs-63zwb0_wd-wcasu466809068090"
CHR Profile: C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (FTP Free) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn [2016-02-09]
CHR Extension: (Slagalica fer igra - Ludara.com) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpifakoabdhigpeebhalfkjkoidenba [2016-03-03]
CHR Extension: (Google Sheets) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (LoungeDestroyer) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Infinite HD App) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laealigljflmglcgncipdbmbjgjdpiim [2016-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Radovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]

Opera:
=======
OPR Extension: (Constant Fun) - C:\Users\Radovan\AppData\Roaming\Opera Software\Opera Stable\Extensions\ppejokljgiolflklgihjmeokjmdhjnpj [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 FLService; C:\Windows\SysWow64\WinFLService.exe [93032 2016-02-09] (New Softwares.net)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-25] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 BDMRTP; "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnSvc.exe" -r [X]
S2 quridyvezbt; C:\Program Files (x86)\7EF77AAB-1454954108-001A-9256-D850E64F7229\knsu465E.tmp [X]
S2 vudiguhyzbt; C:\Program Files (x86)\7EF77AAB-1454954108-001A-9256-D850E64F7229\knsi4E94.tmp [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2016-01-08] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2016-02-09] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [214832 2015-12-08] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [36472 2016-02-09] ()
R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2016-02-09] (NewSoftwares.net, Inc.)
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S2 BDMNetMon; \??\C:\Windows\system32\DRIVERS\BDMNetMon.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 20:07 - 2016-06-17 20:52 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\vlc
2016-06-17 20:07 - 2016-06-17 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-06-17 20:07 - 2016-06-17 20:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-06-17 20:05 - 2016-06-17 20:06 - 30533688 _____ C:\Users\Radovan\Downloads\vlc-2.2.4-win32.exe
2016-06-17 16:36 - 2016-06-17 16:36 - 00000000 ____D C:\Users\Radovan\Downloads\New 7K PACK
2016-06-17 16:28 - 2016-06-17 16:33 - 126730939 _____ C:\Users\Radovan\Downloads\New 7K PACK.rar
2016-06-16 22:29 - 2016-06-17 20:07 - 00000000 ___RD C:\Users\Radovan\Desktop\STREAM
2016-06-16 22:03 - 2016-06-17 21:37 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\OBS
2016-06-16 22:03 - 2016-06-16 22:03 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-06-16 22:03 - 2016-06-16 22:03 - 00000000 ____D C:\Program Files\OBS
2016-06-16 22:03 - 2016-06-16 22:03 - 00000000 ____D C:\Program Files (x86)\OBS
2016-06-16 22:02 - 2016-06-16 22:03 - 07086848 _____ C:\Users\Radovan\Downloads\OBS_0_657b_Installer.exe
2016-06-15 15:40 - 2016-06-15 15:41 - 00000000 ____D C:\Users\Radovan\Downloads\Razer™
2016-06-15 15:39 - 2016-06-15 15:40 - 00595414 _____ C:\Users\Radovan\Downloads\Razer™.rar
2016-06-15 15:38 - 2016-06-15 15:38 - 00023493 _____ C:\Users\Radovan\Downloads\Green Shild Icons.zip
2016-06-15 15:15 - 2016-06-15 15:18 - 75805312 _____ C:\Users\Radovan\Downloads\DeskScapes8_cnet_setup.exe
2016-06-15 14:59 - 2016-06-15 14:59 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\BioniX Wallpaper Animator
2016-06-15 14:57 - 2016-06-15 14:57 - 05060096 _____ (CubicDesign) C:\Users\Radovan\Downloads\WallpaperAnimator.exe
2016-06-12 19:26 - 2016-06-12 19:26 - 00704742 _____ C:\Users\Radovan\Downloads\download (15).htm
2016-06-12 18:23 - 2016-06-12 18:23 - 00818539 _____ C:\Users\Radovan\Downloads\download (14).htm
2016-06-12 18:00 - 2016-06-12 18:00 - 00241052 _____ C:\Users\Radovan\Downloads\download (13).htm
2016-06-10 14:14 - 2016-06-10 14:14 - 00000000 ____D C:\Users\Radovan\Downloads\12755ce6-7ea9-45cc-b645-a5b2ca3399d0.dem
2016-06-10 14:11 - 2016-06-10 14:13 - 43990907 _____ C:\Users\Radovan\Downloads\12755ce6-7ea9-45cc-b645-a5b2ca3399d0.dem.gz
2016-06-10 01:12 - 2016-06-10 01:12 - 00067839 _____ C:\Users\Radovan\Documents\Untitled.wma
2016-06-07 21:02 - 2016-06-07 21:02 - 00005982 _____ C:\Users\Radovan\Downloads\mybets (1).htm
2016-06-07 21:01 - 2016-06-07 21:01 - 00098643 _____ C:\Users\Radovan\Downloads\match (2).htm
2016-06-07 20:42 - 2016-06-07 20:42 - 00708192 _____ C:\Users\Radovan\Downloads\download (12).htm
2016-06-07 20:33 - 2016-06-07 20:33 - 00167838 _____ C:\Users\Radovan\Downloads\2302978-clg-sk-eleague-season-1.htm
2016-06-07 16:45 - 2016-06-13 13:35 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\discord
2016-06-07 16:45 - 2016-06-07 16:45 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-06-07 16:45 - 2016-06-07 16:45 - 00000000 ____D C:\Users\Radovan\AppData\Local\Discord
2016-06-07 16:44 - 2016-06-07 16:45 - 00000000 ____D C:\Users\Radovan\AppData\Local\SquirrelTemp
2016-06-07 16:42 - 2016-06-07 16:44 - 48500408 _____ (Hammer & Chisel, Inc.) C:\Users\Radovan\Downloads\DiscordSetup.exe
2016-06-07 07:38 - 2016-06-07 07:39 - 00103078 _____ C:\Users\Radovan\Downloads\IV i V KORACI U PISANJU ESEJA.pptx
2016-06-06 15:46 - 2016-06-06 15:47 - 00000000 ____D C:\Users\Radovan\Downloads\demo
2016-06-06 15:43 - 2016-06-06 15:45 - 56648267 _____ C:\Users\Radovan\Downloads\c39beb7f-dcd7-4ebb-903b-6635a9ebf49c.dem.gz
2016-06-04 22:24 - 2016-06-04 22:27 - 00000000 ____D C:\Users\Radovan\AppData\Local\Celavimus
2016-06-04 22:23 - 2016-06-04 22:27 - 00000000 ____D C:\ProgramData\Celavimus
2016-06-04 22:23 - 2016-06-04 22:23 - 02020792 _____ ( ) C:\Users\Radovan\Downloads\CEVOClientSetup.exe
2016-06-04 22:23 - 2016-06-04 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEVO Client
2016-06-04 22:23 - 2016-06-04 22:23 - 00000000 ____D C:\Program Files (x86)\CEVO
2016-06-04 20:35 - 2016-06-04 20:35 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\Steam
2016-06-04 20:35 - 2016-06-04 20:35 - 00000000 ____D C:\Users\Radovan\AppData\LocalLow\Red Dot Games
2016-06-04 15:40 - 2016-06-04 15:40 - 00000000 ____D C:\Users\Radovan\Downloads\csp_font
2016-06-04 15:39 - 2016-06-04 15:40 - 07346720 _____ C:\Users\Radovan\Downloads\csp_font.zip
2016-06-03 14:16 - 2016-06-03 14:16 - 00017888 _____ C:\Users\Radovan\Downloads\red-triangles.zip
2016-06-03 14:16 - 2016-06-03 14:16 - 00000000 ____D C:\Users\Radovan\Downloads\red-triangles
2016-06-03 12:51 - 2016-06-03 12:51 - 00617564 _____ C:\Users\Radovan\Downloads\13374884_238169083230477_2000343800_n.mp4
2016-05-29 19:21 - 2016-05-29 19:21 - 00022153 _____ C:\Users\Radovan\Downloads\withdraw.php
2016-05-29 19:09 - 2016-05-29 19:09 - 00044847 _____ C:\Users\Radovan\Downloads\download (10).htm
2016-05-29 19:09 - 2016-05-29 19:09 - 00044842 _____ C:\Users\Radovan\Downloads\download (11).htm
2016-05-29 14:13 - 2016-05-29 14:13 - 00093922 _____ C:\Users\Radovan\Downloads\match (1).htm
2016-05-20 23:59 - 2016-05-21 00:01 - 47022450 _____ C:\Users\Radovan\Downloads\Sky.mp4
2016-05-20 22:52 - 2016-05-20 22:53 - 00607795 _____ C:\Users\Radovan\Downloads\brax logo.psd
2016-05-20 14:02 - 2016-05-20 14:03 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\vibranceGUI
2016-05-20 14:00 - 2016-06-15 15:23 - 00000000 ___RD C:\Users\Radovan\Desktop\CSGO COLORS
2016-05-20 14:00 - 2016-05-20 14:01 - 00000000 ____D C:\Users\Radovan\Downloads\vibranceGUI
2016-05-20 13:59 - 2016-05-20 13:59 - 00507503 _____ C:\Users\Radovan\Downloads\vibranceGUI.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 21:51 - 2016-03-18 17:33 - 00000000 ___RD C:\Users\Radovan\Desktop\HIGH QUALITY TEAM
2016-06-17 21:51 - 2016-02-12 18:31 - 00000000 ____D C:\FRST
2016-06-17 21:50 - 2016-01-29 17:30 - 00000000 ___RD C:\Users\Radovan\Desktop\OSTALO
2016-06-17 20:05 - 2016-01-04 17:49 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 19:32 - 2015-12-30 23:11 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D8C322E9-3D6B-4CA4-8CD5-053589E81E6A}
2016-06-17 17:31 - 2016-01-14 21:18 - 00000000 ____D C:\Users\Radovan\AppData\Local\Adobe
2016-06-17 14:34 - 2015-12-30 23:16 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1253670554-4095963223-1536109650-1001
2016-06-17 14:24 - 2016-01-04 17:49 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 13:08 - 2015-12-30 23:00 - 00000000 ____D C:\Users\Radovan
2016-06-17 13:01 - 2015-12-30 23:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-17 13:01 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-16 16:31 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-06-16 13:09 - 2016-01-07 02:41 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1452127306
2016-06-16 13:09 - 2016-01-07 02:41 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-06-16 13:09 - 2016-01-07 02:40 - 00000000 ____D C:\Program Files (x86)\Opera
2016-06-15 19:32 - 2015-12-31 09:14 - 00000000 ____D C:\Users\Radovan\AppData\Local\CrashDumps
2016-06-15 16:54 - 2016-01-04 15:48 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\uTorrent
2016-06-15 15:34 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-15 15:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-15 15:26 - 2015-12-30 23:49 - 00001453 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-15 15:23 - 2016-01-25 21:14 - 00000000 ___RD C:\Users\Radovan\Desktop\PROFESIONALIZM
2016-06-15 00:51 - 2016-01-01 08:19 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\TS3Client
2016-06-10 14:24 - 2016-02-09 21:03 - 00000000 ____D C:\Users\Radovan\Documents\Camtasia Studio
2016-06-09 00:07 - 2016-01-04 17:51 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-04 21:28 - 2016-01-07 00:35 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\.minecraft
2016-06-04 20:30 - 2016-01-08 23:54 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\DAEMON Tools Lite
2016-06-04 00:36 - 2016-01-06 23:58 - 00000000 ____D C:\Users\Radovan\AppData\Roaming\Skype
2016-06-03 23:51 - 2016-01-06 23:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-03 23:51 - 2016-01-06 23:58 - 00000000 ____D C:\ProgramData\Skype
2016-06-03 14:10 - 2016-01-01 08:19 - 00002165 _____ C:\Users\Radovan\Desktop\TeamSpeak 3 Client.lnk
2016-05-31 23:14 - 2016-04-17 11:33 - 00004608 _____ C:\Users\Radovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-30 13:22 - 2016-03-17 23:14 - 00000000 ____D C:\Users\Radovan\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2016-01-07 02:42 - 2016-01-08 15:37 - 0000353 _____ () C:\Users\Radovan\AppData\Roaming\imagetuner.ini
2016-04-17 11:33 - 2016-05-31 23:14 - 0004608 _____ () C:\Users\Radovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-10 15:17 - 2016-01-10 15:17 - 0000000 _____ () C:\Users\Radovan\AppData\Local\{197893C8-B979-416E-A997-6C3B81DECF3B}

Some files in TEMP:
====================
C:\Users\Radovan\AppData\Local\Temp\AdobeApplicationManager.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-13 01:08

==================== End of FRST.txt ============================


mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BaiduAnTray] => "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnTray.exe" -stmd=3
C:\Program Files (x86)\Baidu
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\MountPoints2: {b753c4c5-b634-11e5-826d-d850e64f7229} - "G:\setup.exe"
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw5rzmNL8k9u9C8_SHRWUQqXT8tW5KzQBhcrUSztZY50NT6eMngMhH9gE1DyYmEOnlwIxbksOI6HtrYH9tjQ3f4kJvGaZBwK-eUwMxVY0Bj4y4rtKRAITip9NKObtRlVanf1XU3o-LwC3Zxt6ctsuHYjcs0ZhEPSbx3LwE1o5u3U,
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw5rzmNL8k9u9C8_SHRWUQqXT8tW5KzQBhcrUSztZY50NT6eMngMhH9gE1DyYmEOnlwIxbksOI6HtrY0Cs5fXBbeuTjIz46AkvANPxNoZbrKyPFz6lLbvKXJt555QeCPMea5BZkUu4hpnIqp5_ygdIl1ynZKsLbwrVFtCkkOGnro,
CHR StartupUrls: Default -> "hxxp://www.mysites123.com/?type=hp&ts=1454954223&z=7d4320b8deb9c72e6853f26gcz3w1z1tawbz2o0o3c&from=amt&uid=wdcxwd5000avvs-63zwb0_wd-wcasu466809068090"
OPR Extension: (Constant Fun) - C:\Users\Radovan\AppData\Roaming\Opera Software\Opera Stable\Extensions\ppejokljgiolflklgihjmeokjmdhjnpj [2016-01-08]
S2 BDMRTP; "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnSvc.exe" -r [X]
S2 quridyvezbt; C:\Program Files (x86)\7EF77AAB-1454954108-001A-9256-D850E64F7229\knsu465E.tmp [X]
S2 vudiguhyzbt; C:\Program Files (x86)\7EF77AAB-1454954108-001A-9256-D850E64F7229\knsi4E94.tmp [X]
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S2 BDMNetMon; \??\C:\Windows\system32\DRIVERS\BDMNetMon.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
Task: {000E313F-C3B9-47E8-AF28-435883466BDD} - System32\Tasks\snp => C:\ProgramData\dlohn\dlohn.exe <==== ATTENTION
C:\ProgramData\dlohn
Task: {A517F937-C5A0-4D20-A16B-71E9CEF960C1} - \{12289780-D75F-406E-AD0A-C3F9D3C83877} -> No File <==== ATTENTION
Task: {B27201CF-69B9-4510-B21A-3E87829B5726} - System32\Tasks\snf => C:\ProgramData\dlohn\dlohn.exe <==== ATTENTION
Task: {EF79200F-AD1E-4084-8F31-919BD9CD616B} - \AutoPico Daily Restart -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
Hosts:
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 04 Feb 2016
  • Poruke: 15

Fix result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by Radovan (2016-06-18 12:30:55) Run:3
Running from C:\Users\Radovan\Desktop\HIGH QUALITY TEAM\komp\ciscenje
Loaded Profiles: Radovan (Available Profiles: Radovan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BaiduAnTray] => "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnTray.exe" -stmd=3
C:\Program Files (x86)\Baidu
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\...\MountPoints2: {b753c4c5-b634-11e5-826d-d850e64f7229} - "G:\setup.exe"
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw5rzmNL8k9u9C8_SHRWUQqXT8tW5KzQBhcrUSztZY50NT6eMngMhH9gE1DyYmEOnlwIxbksOI6HtrYH9tjQ3f4kJvGaZBwK-eUwMxVY0Bj4y4rtKRAITip9NKObtRlVanf1XU3o-LwC3Zxt6ctsuHYjcs0ZhEPSbx3LwE1o5u3U,
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw5rzmNL8k9u9C8_SHRWUQqXT8tW5KzQBhcrUSztZY50NT6eMngMhH9gE1DyYmEOnlwIxbksOI6HtrY0Cs5fXBbeuTjIz46AkvANPxNoZbrKyPFz6lLbvKXJt555QeCPMea5BZkUu4hpnIqp5_ygdIl1ynZKsLbwrVFtCkkOGnro,
CHR StartupUrls: Default -> "hxxp://www.mysites123.com/?type=hp&ts=1454954223&z=7d4320b8deb9c72e6853f26gcz3w1z1tawbz2o0o3c&from=amt&uid=wdcxwd5000avvs-63zwb0_wd-wcasu466809068090"
OPR Extension: (Constant Fun) - C:\Users\Radovan\AppData\Roaming\Opera Software\Opera Stable\Extensions\ppejokljgiolflklgihjmeokjmdhjnpj [2016-01-08]
S2 BDMRTP; "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnSvc.exe" -r [X]
S2 quridyvezbt; C:\Program Files (x86)\7EF77AAB-1454954108-001A-9256-D850E64F7229\knsu465E.tmp [X]
S2 vudiguhyzbt; C:\Program Files (x86)\7EF77AAB-1454954108-001A-9256-D850E64F7229\knsi4E94.tmp [X]
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S2 BDMNetMon; \??\C:\Windows\system32\DRIVERS\BDMNetMon.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
Task: {000E313F-C3B9-47E8-AF28-435883466BDD} - System32\Tasks\snp => C:\ProgramData\dlohn\dlohn.exe <==== ATTENTION
C:\ProgramData\dlohn
Task: {A517F937-C5A0-4D20-A16B-71E9CEF960C1} - \{12289780-D75F-406E-AD0A-C3F9D3C83877} -> No File <==== ATTENTION
Task: {B27201CF-69B9-4510-B21A-3E87829B5726} - System32\Tasks\snf => C:\ProgramData\dlohn\dlohn.exe <==== ATTENTION
Task: {EF79200F-AD1E-4084-8F31-919BD9CD616B} - \AutoPico Daily Restart -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BaiduAnTray => value removed successfully
"C:\Program Files (x86)\Baidu" => not found.
"HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b753c4c5-b634-11e5-826d-d850e64f7229}" => key removed successfully
HKCR\CLSID\{b753c4c5-b634-11e5-826d-d850e64f7229} => key not found.
HKU\S-1-5-21-1253670554-4095963223-1536109650-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Radovan\AppData\Roaming\Opera Software\Opera Stable\Extensions\ppejokljgiolflklgihjmeokjmdhjnpj => moved successfully
BDMRTP => service removed successfully
quridyvezbt => service removed successfully
vudiguhyzbt => service removed successfully
bd0001 => service removed successfully
bd0002 => service removed successfully
BDMNetMon => service removed successfully
ZAM_Guard => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{000E313F-C3B9-47E8-AF28-435883466BDD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{000E313F-C3B9-47E8-AF28-435883466BDD}" => key removed successfully
C:\Windows\System32\Tasks\snp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp" => key removed successfully
"C:\ProgramData\dlohn" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A517F937-C5A0-4D20-A16B-71E9CEF960C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A517F937-C5A0-4D20-A16B-71E9CEF960C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12289780-D75F-406E-AD0A-C3F9D3C83877}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B27201CF-69B9-4510-B21A-3E87829B5726}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B27201CF-69B9-4510-B21A-3E87829B5726}" => key removed successfully
C:\Windows\System32\Tasks\snf => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF79200F-AD1E-4084-8F31-919BD9CD616B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF79200F-AD1E-4084-8F31-919BD9CD616B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
C:\Users\Radovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Radovan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

DOMStore, BITS transfer queue, thumbcache, IE frameiconcache.dat => 11596578 bytes
Java, Opera, Flash, IE recovery, Steam htmlcache, Windows/system/drivers/LocalLow Temp => 318596734 bytes
Edge => 0 bytes
Chrome => 497619308 bytes
Firefox => 0 bytes

Temp, IE cache, history, cookies, recent:
Default => 0 bytes
ProgramData => 0 bytes
Public => 0 bytes
systemprofile => 128 bytes
systemprofile32 => 128 bytes
LocalService => 0 bytes
NetworkService => 2617676 bytes
Radovan => 216938513 bytes

RecycleBin => 189723676 bytes
EmptyTemp: => 1.2 GB temporary data Removed.
======================================


The system needed a reboot.

==== End of Fixlog 12:32:05 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

offline
  • Pridružio: 04 Feb 2016
  • Poruke: 15

Napisano: 19 Jun 2016 11:55

Cak je stanje sad i prilicno ok,kasnije cu preuzeti awpcleaner jer imam neke obaveze danas pa cim budem mogao postavicu ti ovo,hvala drugar Smile

Dopuna: 20 Jun 2016 22:43

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Stanje?

offline
  • Pridružio: 04 Feb 2016
  • Poruke: 15

Prilicno dobro,hvala puno brate Smile Smile Smile

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Odlicno.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 1048 korisnika na forumu :: 49 registrovanih, 7 sakrivenih i 992 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, Apok, arsa, BORUTUS, ccoogg123, celik, cvrle312, darkangel, deimos25, Dimitrije Paunovic, DPera, dushan, Faki-Valjevo, FileFinder, havoc995, ikan, ivan1973, ivica976, janbo, Još malo pa deda, Karla, Koridor, kybonacci, laurusri, Lieutenant, ljuba, Luka Blažević, mercedesamg, mikrimaus, milenko crazy north, milimoj, Milometer, Milos ZA, milos.cbr, milutin134, Mlav, Romibrat, royst33, sap, slonic_tonic, Stanlio, suton, Toper, Trpe Grozni, VJ, vukovi, W123, zixmix