Poslao: 19 Dec 2015 21:33
|
offline
- njuskalo75
- Ugledni građanin
- Pridružio: 03 Feb 2011
- Poruke: 445
- Gde živiš: Landau and der Pfalz
|
Postovani vec par dana sistem mi neradi najbolje ,koci,secka i td.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-12-2015
Ran by Anđelić (administrator) on ANĐELIĆ-PC (19-12-2015 21:28:55)
Running from C:\Users\Anđelić\Desktop
Loaded Profiles: Anđelić (Available Profiles: Anđelić)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Vimicro) C:\Windows\vmsnap3.exe
() C:\Windows\Domino.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VMSnap3] => C:\Windows\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [Domino] => C:\Windows\Domino.exe [49152 2006-07-04] ()
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{29109664-89CC-4405-A30C-C728323E5565}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3060246460-3445727265-2582410140-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3060246460-3445727265-2582410140-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\j5qjg02t.default
FF Homepage: www.google.rs
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Qualys BrowserCheck - C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\j5qjg02t.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2015-10-16] [not signed]
FF Extension: Adblock Plus - C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\j5qjg02t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
Chrome:
=======
CHR Profile: C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-15]
CHR Extension: (Google документи) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-15]
CHR Extension: (Google диск) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-13]
CHR Extension: (Google Search) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2015-12-13]
CHR Extension: (Google табеле) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-15]
CHR Extension: (Zwinky) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg [2015-11-21]
CHR Extension: (Avira Browser Safety) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-16]
CHR Extension: (Google документи офлајн) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (Pin It Button) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-21]
CHR Extension: (Merry Christmas) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh [2015-12-12]
CHR Extension: (блок за цртање) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelnpbigggagbdcfehjcnfbgaleelhop [2015-11-20]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-15]
CHR Extension: (Gmail) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-15]
CHR Extension: (Retrica) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbofginbommomhdjjnngkladncpgcpo [2015-11-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106968 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136272 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [55456 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-09-01] (Avira Operations GmbH & Co. KG)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 catchme; \??\C:\Users\ANELI~1\AppData\Local\Temp\catchme.sys [X]
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
S3 ZSMC0303; System32\Drivers\usbVM303.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-19 21:28 - 2015-12-19 21:29 - 00011909 _____ C:\Users\Anđelić\Desktop\FRST.txt
2015-12-19 21:28 - 2015-12-19 21:28 - 00000000 ____D C:\FRST
2015-12-19 21:27 - 2015-12-19 21:27 - 01721344 _____ (Farbar) C:\Users\Anđelić\Desktop\FRST.exe
2015-12-19 07:35 - 2015-12-19 21:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-14 16:47 - 2015-12-19 07:24 - 00000000 ____D C:\Users\Anđelić\AppData\LocalLow\uTorrent
2015-12-14 16:21 - 2015-12-14 16:21 - 00000855 _____ C:\Users\Anđelić\Desktop\µTorrent.lnk
2015-12-14 16:21 - 2015-12-14 16:21 - 00000835 _____ C:\Users\Anđelić\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-12-14 16:20 - 2015-12-19 18:29 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\uTorrent
2015-12-13 20:25 - 2015-12-13 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-13 20:25 - 2015-12-13 20:25 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-13 10:32 - 2015-12-13 10:32 - 00000000 ____D C:\Program Files\Qualys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-19 21:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2015-12-19 21:10 - 2015-04-18 13:23 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\Skype
2015-12-19 21:01 - 2015-10-15 21:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-19 21:01 - 2015-10-15 21:50 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-19 21:00 - 2015-04-05 16:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-19 20:45 - 2015-04-05 16:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-19 20:43 - 2015-04-05 17:39 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-12-19 18:56 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-19 18:56 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-19 18:49 - 2015-09-28 16:08 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2015-12-19 18:49 - 2015-04-10 10:49 - 00151552 _____ C:\Windows\KMSEmulator.exe
2015-12-19 18:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-18 17:58 - 2015-10-30 15:24 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 10:29 - 2015-04-21 05:12 - 00000000 ____D C:\Windows\Minidump
2015-12-18 08:48 - 2015-10-08 14:01 - 00001092 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-12-18 08:47 - 2015-10-08 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-16 22:26 - 2015-10-15 21:51 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 09:31 - 2015-04-05 16:10 - 01515990 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-16 09:31 - 2009-08-16 04:32 - 00669438 _____ C:\Windows\system32\perfh019.dat
2015-12-16 09:31 - 2009-08-16 04:32 - 00129538 _____ C:\Windows\system32\perfc019.dat
2015-12-16 09:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2015-12-13 20:25 - 2015-04-18 13:22 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-13 20:25 - 2015-04-18 13:22 - 00000000 ___RD C:\Program Files\Skype
2015-12-13 20:25 - 2015-04-05 16:42 - 00000000 ____D C:\Users\Anđelić\AppData\Local\Skype
2015-12-13 20:25 - 2015-04-05 16:42 - 00000000 ____D C:\ProgramData\Skype
2015-12-08 22:23 - 2015-04-05 16:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-08 22:23 - 2015-04-05 16:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-04 19:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-01 11:15 - 2015-10-08 14:11 - 00136272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 11:15 - 2015-10-08 14:11 - 00106968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 11:15 - 2015-10-08 14:11 - 00055456 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-12-01 07:40 - 2015-04-05 16:47 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\BSplayer
2015-11-25 20:35 - 2015-10-16 22:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2015-10-15 21:44 - 2015-10-15 21:44 - 0047104 ___SH () C:\Users\Anđelić\AppData\Roaming\Thumbs.db
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW
Some files in TEMP:
====================
C:\Users\Anđelić\AppData\Local\temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-10 16:06
==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 20 Dec 2015 00:04
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Zdravo,
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW
CHR Extension: (Merry Christmas) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh [2015-12-12]
EmptyTemp:
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
|
|
|
|
Poslao: 20 Dec 2015 11:38
|
offline
- njuskalo75
- Ugledni građanin
- Pridružio: 03 Feb 2011
- Poruke: 445
- Gde živiš: Landau and der Pfalz
|
Fix result of Farbar Recovery Scan Tool (x86) Version:19-12-2015
Ran by Anđelić (2015-12-20 11:34:24) Run:1
Running from C:\Users\Anđelić\Desktop
Loaded Profiles: Anđelić (Available Profiles: Anđelić)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW
CHR Extension: (Merry Christmas) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh [2015-12-12]
EmptyTemp:
*****************
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW => moved successfully
C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh => moved successfully
EmptyTemp: => 456.5 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 11:35:04 ====
|
|
|
|
Poslao: 20 Dec 2015 13:47
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop
Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok
Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt
|
|
|
|
|
|
|
|
|