Sporiji rad računara i generalna provera stanja

Sporiji rad računara i generalna provera stanja

offline
  • Kule  Male
  • Elitni građanin
  • Aleksandar
  • student
  • Pridružio: 25 Maj 2012
  • Poruke: 2398
  • Gde živiš: Beograd

Poštovanje.

Elem, instalirao sam trenutnu verziju windows 8.1 Pro 64-bitni sa pratećim programima pre skoro tačno godinu dana. U međuvremenu sam koristio free verziju Avast Antivirusa, koju sam apdejtovao redovno, msm da mi je firewall bio sam ovaj windows-ov, a nisam imao programe ranga Malwarebytes anti malware, prema tome, Avast mi je bio jedina zaštita. GUZ - Glavom U Zid

E sada, računar kao računar, radio je, imao sam par puta probleme ranga BSOD mada je to nakon nekih stvari ranga , refresh PC, rešeno.

E sada, pošto sam povremeno pri instaliranju malih programčića tipa skype i kmplayer nekada instalirao neke neželjene toolbar-ove i programe na računar, mahinalno klićući next next next, pitam se da li je ostalo nešto od tih programa u mom računaru što pravi negde u pozadini nekakvu štetu?

Najveći primer nekog usporavanja je kada recimo ostavim računar "neaktivan" neko vreme, pojavi se skrin sejver, a nakon možda pola sata nekorišćenja, računar treba da pređe u sleep režim. E sada, pri prelasku u taj režim, dešava se da je on zamrznut neko vreme, kao da kreće da prelazu u sleep ali mu treba dugo vremena, pa recimo mrdnem miša ili pritisnem nešto na tastaturi a on ne reaguje u opšte, samo crni ekran i čuje se sve normalno a onda nakon, recimo 10 minuta, pređe u sleep i onda ga pritiskom na miša ili tastaturu probudim.
Takođe imam utisak da se sporije diže, i da mu treba dosta vremena da nakon dizanja sistema prvi put pokrene firefox ili maxhon brauzer.

Juče sam instalirao KIS 2015 trial 30 dana pre toga odstranivši Avast, a KIS je nakon skeniranja celog sistema našao neke probleme koje je rešio:











E sada, primetio sam nešto brži rad nakon ove dezinfekcije, a Malwarebytes, koji sam takođe juče prvi put instalirao, ne prijavljuje trenutno nikakve probleme.
Tokom vremena, za optimizaciju sam obavljao radeći deframgentaciju particija hard diska, koristeći Ccleaner i Iobit unninstaler pri čemu sam brisao iz registra sve ostatke programa koje sam uklanjao, mada ne garantujem da sam za svaki program sve odstranio iz registra. Naravno, update redovno radio, čim ima nešto novo, instalirao bih... i eto.

Dakle meni treba da mi pogledate stanje i vidite da li mogu nešto da uradim da popravim stanje, da li imaneki ostatak programa, malware, spyware, virus i ostala gamad, što šteti sistemu, neki zastereli drajv, šta ja znam, "fragmentisan program" itd.

Da se razumemo, računar radi, ali je usporen, tako da nije da mi je baš stala krava na rep.

Internet je kablovski, SBB , download 10 Mbps, upload 1 Mbps.

Izveštaj:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by Aleksandar (administrator) on ALEKSANDAR on 26-04-2015 19:54:26
Running from C:\Users\Aleksandar\Desktop
Loaded Profiles: Aleksandar (Available profiles: Aleksandar)
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Dropbox, Inc.) C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\Run: [BitTorrent] => C:\Users\Aleksandar\AppData\Roaming\BitTorrent\BitTorrent.exe [1442904 2015-02-08] (BitTorrent Inc.)
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\MountPoints2: {1fa018e4-d30c-11e3-8257-c86000ee0fe1} - "F:\SISetup.exe"
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\MountPoints2: {d0762c35-3ff5-11e4-83cd-c86000ee0fe1} - "F:\Setup.exe"
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
Startup: C:\Users\Aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-05-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar940.lnk [2015-04-26]
ShortcutTarget: Sidebar940.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aleksandar\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\589uucij.default
FF NewTab: https://www.google.rs/
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: webssearches
FF Homepage: https://www.google.rs/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-25] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-25] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF user.js: detected! => C:\Users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\589uucij.default\user.js [2015-04-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pogodakyu.xml [2015-01-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vokabular.xml [2015-01-09]
FF Extension: Private Tab - C:\Users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\589uucij.default\Extensions\privateTab@infocatcher.xpi [2014-05-03]
FF Extension: Adblock Plus - C:\Users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\589uucij.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-25]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422099921&from=kmp&uid=ST1000DM005XHD103SJ_S246J90C400139"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
CHR Profile: C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Docs) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (YouTube) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (avast! SafePrice) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-31]
CHR Extension: (Google Sheets) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-31]
CHR Extension: (Skype Click to Call) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Gmail) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-02-21] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2014-05-03] (VIA Technologies, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 SkypeUpdate; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-09-19] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [56008 2015-04-25] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247496 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [824008 2015-04-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [31432 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [69320 2014-11-20] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-05-03] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 19:54 - 2015-04-26 19:54 - 00023579 _____ () C:\Users\Aleksandar\Desktop\FRST.txt
2015-04-26 19:53 - 2015-04-26 19:54 - 00000000 ____D () C:\FRST
2015-04-26 19:51 - 2015-04-26 19:51 - 02101248 _____ (Farbar) C:\Users\Aleksandar\Desktop\FRST64.exe
2015-04-25 21:06 - 2015-04-25 21:06 - 00001284 _____ () C:\Users\Aleksandar\Desktop\Revo Uninstaller.lnk
2015-04-25 21:06 - 2015-04-25 21:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-25 21:03 - 2015-04-26 18:41 - 00000580 _____ () C:\Windows\setupact.log
2015-04-25 21:03 - 2015-04-25 21:03 - 00000628 _____ () C:\Windows\PFRO.log
2015-04-25 21:03 - 2015-04-25 21:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-25 21:01 - 2015-04-25 21:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Aleksandar\Downloads\revosetup.exe
2015-04-25 20:54 - 2015-04-25 20:54 - 00000017 _____ () C:\Users\Aleksandar\AppData\Local\resmon.resmoncfg
2015-04-25 16:47 - 2015-04-25 16:48 - 00000000 ____D () C:\Users\Aleksandar\Desktop\Parking tužba
2015-04-25 15:40 - 2015-04-25 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-04-25 15:40 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-04-25 15:39 - 2015-04-26 19:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-25 15:39 - 2015-04-25 15:43 - 00824008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-04-25 15:39 - 2015-04-25 15:39 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-04-25 15:39 - 2014-10-22 21:13 - 00247496 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-04-25 15:26 - 2015-04-25 15:29 - 196612224 _____ (Kaspersky Lab) C:\Users\Aleksandar\Downloads\kis15.0.2.361en.exe
2015-04-25 15:05 - 2015-04-25 15:05 - 00003608 _____ () C:\Windows\System32\Tasks\Maxthon Update
2015-04-25 15:05 - 2015-04-25 15:05 - 00000000 ____D () C:\Users\Aleksandar\AppData\Roaming\Maxthon3
2015-04-25 15:05 - 2015-04-25 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2015-04-25 15:05 - 2015-04-25 15:05 - 00000000 ____D () C:\Program Files (x86)\Maxthon
2015-04-25 15:02 - 2015-04-25 15:02 - 01560488 _____ (Maxthon International ltd.) C:\Users\Aleksandar\Downloads\mxsetup.exe
2015-04-25 14:55 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-04-25 14:55 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-04-25 14:55 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-04-25 14:55 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-04-25 14:54 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-04-25 14:54 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-04-25 14:54 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-04-25 14:54 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-25 14:54 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-04-25 14:53 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-04-25 14:53 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-04-25 14:53 - 2015-03-14 04:03 - 04179968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-25 14:53 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-04-25 14:53 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-04-25 14:53 - 2015-03-13 04:59 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-25 14:53 - 2015-03-13 04:38 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-25 14:53 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-04-25 14:53 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-04-25 14:53 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-04-25 14:53 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-25 14:53 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-04-25 14:53 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-04-25 14:53 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-04-25 14:53 - 2015-02-13 04:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-04-25 14:53 - 2015-02-13 03:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-04-25 14:28 - 2015-04-25 23:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 14:27 - 2015-04-25 14:27 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 14:27 - 2015-04-25 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 14:27 - 2015-04-25 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 14:27 - 2015-04-25 14:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-25 14:27 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-25 14:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 14:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-25 14:26 - 2015-04-25 14:27 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Aleksandar\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-24 22:03 - 2015-04-24 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 23:20 - 2015-04-20 23:20 - 00013800 ____H () C:\Users\Aleksandar\Desktop\~WRL0970.tmp
2015-04-16 21:22 - 2015-04-16 21:22 - 00963354 _____ () C:\Users\Aleksandar\Downloads\a33W73m_460sv.mp4
2015-04-14 22:57 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 22:57 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 22:57 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-14 22:57 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 22:57 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-14 22:57 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-14 22:57 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 22:57 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 22:57 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-14 22:57 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-14 22:57 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-14 22:57 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-14 22:57 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-14 22:57 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-14 22:57 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 22:57 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 22:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 22:57 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 22:57 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 22:57 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-14 22:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 22:57 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 22:57 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-14 22:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 22:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 22:57 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-14 22:56 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 22:56 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 22:56 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 22:56 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 22:56 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 22:56 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 22:56 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 22:56 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 22:56 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 22:56 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 22:56 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 22:56 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 22:56 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 22:56 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 22:56 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 22:56 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 22:56 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-14 22:56 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-14 22:56 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 22:56 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 22:56 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 22:56 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 22:56 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 22:56 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 22:56 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 22:56 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 22:56 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 22:56 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 22:56 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 22:56 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 22:56 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 22:56 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-14 22:56 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-14 22:56 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 22:56 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-14 22:56 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 22:56 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 22:56 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 22:56 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 22:56 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 22:56 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-14 22:56 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 22:56 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 22:56 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 14:42 - 2015-04-13 14:42 - 00016464 _____ () C:\Users\Aleksandar\Downloads\3489285_game-of-thrones-s05e01-hdtv-x264-xclusive-afg-webrip-xvid-fum_87891.rar
2015-04-11 22:32 - 2015-04-11 22:32 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-11 22:32 - 2015-04-11 22:32 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 19:41 - 2014-05-03 21:04 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2FBD836A-E2CA-4637-A73D-DAB31A7B0C3E}
2015-04-26 19:37 - 2015-03-16 17:07 - 01662776 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 19:22 - 2014-05-03 23:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 19:12 - 2014-12-31 22:56 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-26 18:58 - 2014-12-31 22:56 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 18:58 - 2014-10-04 18:19 - 00000000 ___RD () C:\Users\Aleksandar\Dropbox
2015-04-26 18:58 - 2014-10-04 18:13 - 00000000 ____D () C:\Users\Aleksandar\AppData\Roaming\Dropbox
2015-04-26 18:58 - 2014-05-03 22:16 - 00165659 _____ () C:\MyXML.xml
2015-04-26 18:58 - 2014-05-03 20:54 - 00000000 ___DO () C:\Users\Aleksandar\SkyDrive
2015-04-26 18:41 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 15:18 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-25 22:34 - 2014-05-03 20:37 - 00913650 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 22:28 - 2014-05-04 13:23 - 35060736 ___SH () C:\Users\Aleksandar\Downloads\Thumbs.db
2015-04-25 22:19 - 2014-09-19 19:01 - 00005435 _____ () C:\Users\Aleksandar\Documents\TombRaider.log
2015-04-25 21:52 - 2014-05-03 20:58 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3901929142-2490334731-1215119086-1001
2015-04-25 21:33 - 2015-02-21 19:08 - 00000000 ____D () C:\Users\Aleksandar\Documents\Visual Studio 2013
2015-04-25 21:20 - 2015-01-24 15:20 - 00000000 ____D () C:\KMPlayer
2015-04-25 21:20 - 2014-05-03 23:18 - 00000000 ___RD () C:\Users\Aleksandar\Desktop\Manje važne stvari
2015-04-25 21:19 - 2014-05-03 22:17 - 00000000 ____D () C:\Users\Aleksandar\AppData\Roaming\Skype
2015-04-25 21:08 - 2014-05-03 22:09 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-25 17:34 - 2014-05-03 22:07 - 00000000 ____D () C:\Users\Aleksandar\AppData\Roaming\BitTorrent
2015-04-25 15:59 - 2014-05-03 20:53 - 00001458 _____ () C:\Users\Aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-25 15:42 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-04-25 15:40 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-25 15:39 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-04-25 15:32 - 2014-05-03 21:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-25 14:58 - 2013-08-22 16:44 - 00483984 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-25 14:56 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-25 14:55 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-25 14:55 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-25 14:46 - 2015-01-24 14:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-25 14:26 - 2014-10-04 18:14 - 00000000 ____D () C:\Users\Aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-22 21:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-21 00:10 - 2014-05-03 20:53 - 00000000 ____D () C:\Users\Aleksandar
2015-04-20 11:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 11:03 - 2014-05-03 22:10 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-19 09:39 - 2014-05-12 22:39 - 00000000 ____D () C:\Windows\Minidump
2015-04-17 00:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2015-04-17 00:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-04-16 23:02 - 2014-05-03 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 23:02 - 2014-05-03 21:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 22:59 - 2014-05-03 21:39 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 22:58 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2015-04-16 22:55 - 2014-12-12 19:44 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 22:55 - 2014-07-09 16:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 23:22 - 2014-05-03 23:21 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2014-09-10 19:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-09-10 19:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-28 16:00 - 2014-07-10 21:13 - 01174528 ___SH () C:\Users\Aleksandar\Desktop\Thumbs.db

==================== Files in the root of some directories =======

2014-10-08 23:44 - 2014-10-08 23:44 - 0000121 _____ () C:\Users\Aleksandar\AppData\Roaming\System Monitor II_UptimeRecord.ini
2015-04-25 20:54 - 2015-04-25 20:54 - 0000017 _____ () C:\Users\Aleksandar\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Aleksandar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhgesp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-17 11:02

==================== End Of Log ============================


Fajl addition:


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10575
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

YTD Video Downloader 4.8.9



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\MountPoints2: {1fa018e4-d30c-11e3-8257-c86000ee0fe1} - "F:\SISetup.exe"
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\MountPoints2: {d0762c35-3ff5-11e4-83cd-c86000ee0fe1} - "F:\Setup.exe"
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422099921&from=kmp&uid=ST1000DM005XHD103SJ_S246J90C400139"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
CHR Extension: (avast! SafePrice) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-31]
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Kule  Male
  • Elitni građanin
  • Aleksandar
  • student
  • Pridružio: 25 Maj 2012
  • Poruke: 2398
  • Gde živiš: Beograd

Fixlog.txt sadržaj:

Citat: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by Aleksandar at 2015-04-27 22:34:52 Run:1
Running from C:\Users\Aleksandar\Desktop
Loaded Profiles: Aleksandar (Available profiles: Aleksandar)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\MountPoints2: {1fa018e4-d30c-11e3-8257-c86000ee0fe1} - "F:\SISetup.exe"
HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\...\MountPoints2: {d0762c35-3ff5-11e4-83cd-c86000ee0fe1} - "F:\Setup.exe"
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3901929142-2490334731-1215119086-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://istart.webssearches.com/web/?utm_source=b&a.....ult&q={searchTerms}
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422099921&from=kmp&uid=ST1000DM005XHD103SJ_S246J90C400139"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> http://istart.webssearches.com/web/?type=ds&ts.....139&q={searchTerms}
CHR Extension: (avast! SafePrice) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-31]
EmptyTemp:
*****************

"HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fa018e4-d30c-11e3-8257-c86000ee0fe1}" => Key deleted successfully.
HKCR\CLSID\{1fa018e4-d30c-11e3-8257-c86000ee0fe1} => Key not found.
"HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0762c35-3ff5-11e4-83cd-c86000ee0fe1}" => Key deleted successfully.
HKCR\CLSID\{d0762c35-3ff5-11e4-83cd-c86000ee0fe1} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found.
"HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-3901929142-2490334731-1215119086-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => Moved successfully.
EmptyTemp: => Removed 490.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:35:00 ====


Korak 3:



https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10575
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?



Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Kule  Male
  • Elitni građanin
  • Aleksandar
  • student
  • Pridružio: 25 Maj 2012
  • Poruke: 2398
  • Gde živiš: Beograd

Napisano: 27 Apr 2015 23:58

Definitivno bolje, brže radi...samo trenutak, da ja obavim sve ove nove instrukcije.

Dopuna: 28 Apr 2015 0:15

mbar log :

Citat:Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.04.27.05
rootkit: v2015.04.21.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
Aleksandar :: ALEKSANDAR [administrator]

27-Apr-15 23:58:39
mbar-log-2015-04-27 (23-58-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 387415
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


System log fajl:



https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10575
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Kule  Male
  • Elitni građanin
  • Aleksandar
  • student
  • Pridružio: 25 Maj 2012
  • Poruke: 2398
  • Gde živiš: Beograd

Nemam pojma koliko si vremena uložio za analizu stanja mog sistema kao i za ove postove a la user guide for dummies, ali, pobratime moj:

[img]http://people.opposingviews.com/DM-Resize/photos.demandstudios.com/getty/article/178/233/87543639.jpg?w=600&h=600&keep_ratio=1[/img]

Hvala puno! Živ bio!

Ko je trenutno na forumu
 

Ukupno su 613 korisnika na forumu :: 7 registrovanih, 2 sakrivenih i 604 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, bigfoot2, GrobarRomanticar, Iwo Jima, kripo, TegljacMete, zlaya011