Windows baguje

Windows baguje

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Landau and der Pfalz

Postovani vec par dana sistem mi neradi najbolje ,koci,secka i td.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-12-2015
Ran by Anđelić (administrator) on ANĐELIĆ-PC (19-12-2015 21:28:55)
Running from C:\Users\Anđelić\Desktop
Loaded Profiles: Anđelić (Available Profiles: Anđelić)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Vimicro) C:\Windows\vmsnap3.exe
() C:\Windows\Domino.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VMSnap3] => C:\Windows\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [Domino] => C:\Windows\Domino.exe [49152 2006-07-04] ()
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{29109664-89CC-4405-A30C-C728323E5565}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3060246460-3445727265-2582410140-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3060246460-3445727265-2582410140-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\j5qjg02t.default
FF Homepage: www.google.rs
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Qualys BrowserCheck - C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\j5qjg02t.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2015-10-16] [not signed]
FF Extension: Adblock Plus - C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\j5qjg02t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]

Chrome:
=======
CHR Profile: C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-15]
CHR Extension: (Google документи) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-15]
CHR Extension: (Google диск) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-13]
CHR Extension: (Google Search) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2015-12-13]
CHR Extension: (Google табеле) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-15]
CHR Extension: (Zwinky) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg [2015-11-21]
CHR Extension: (Avira Browser Safety) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-16]
CHR Extension: (Google документи офлајн) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (Pin It Button) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-21]
CHR Extension: (Merry Christmas) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh [2015-12-12]
CHR Extension: (блок за цртање) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelnpbigggagbdcfehjcnfbgaleelhop [2015-11-20]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-15]
CHR Extension: (Gmail) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-15]
CHR Extension: (Retrica) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbofginbommomhdjjnngkladncpgcpo [2015-11-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106968 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136272 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [55456 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-09-01] (Avira Operations GmbH & Co. KG)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 catchme; \??\C:\Users\ANELI~1\AppData\Local\Temp\catchme.sys [X]
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
S3 ZSMC0303; System32\Drivers\usbVM303.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 21:28 - 2015-12-19 21:29 - 00011909 _____ C:\Users\Anđelić\Desktop\FRST.txt
2015-12-19 21:28 - 2015-12-19 21:28 - 00000000 ____D C:\FRST
2015-12-19 21:27 - 2015-12-19 21:27 - 01721344 _____ (Farbar) C:\Users\Anđelić\Desktop\FRST.exe
2015-12-19 07:35 - 2015-12-19 21:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-14 16:47 - 2015-12-19 07:24 - 00000000 ____D C:\Users\Anđelić\AppData\LocalLow\uTorrent
2015-12-14 16:21 - 2015-12-14 16:21 - 00000855 _____ C:\Users\Anđelić\Desktop\µTorrent.lnk
2015-12-14 16:21 - 2015-12-14 16:21 - 00000835 _____ C:\Users\Anđelić\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-12-14 16:20 - 2015-12-19 18:29 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\uTorrent
2015-12-13 20:25 - 2015-12-13 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-13 20:25 - 2015-12-13 20:25 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-13 10:32 - 2015-12-13 10:32 - 00000000 ____D C:\Program Files\Qualys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 21:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2015-12-19 21:10 - 2015-04-18 13:23 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\Skype
2015-12-19 21:01 - 2015-10-15 21:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-19 21:01 - 2015-10-15 21:50 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-19 21:00 - 2015-04-05 16:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-19 20:45 - 2015-04-05 16:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-19 20:43 - 2015-04-05 17:39 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-12-19 18:56 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-19 18:56 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-19 18:49 - 2015-09-28 16:08 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2015-12-19 18:49 - 2015-04-10 10:49 - 00151552 _____ C:\Windows\KMSEmulator.exe
2015-12-19 18:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-18 17:58 - 2015-10-30 15:24 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 10:29 - 2015-04-21 05:12 - 00000000 ____D C:\Windows\Minidump
2015-12-18 08:48 - 2015-10-08 14:01 - 00001092 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-12-18 08:47 - 2015-10-08 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-16 22:26 - 2015-10-15 21:51 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 09:31 - 2015-04-05 16:10 - 01515990 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-16 09:31 - 2009-08-16 04:32 - 00669438 _____ C:\Windows\system32\perfh019.dat
2015-12-16 09:31 - 2009-08-16 04:32 - 00129538 _____ C:\Windows\system32\perfc019.dat
2015-12-16 09:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2015-12-13 20:25 - 2015-04-18 13:22 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-13 20:25 - 2015-04-18 13:22 - 00000000 ___RD C:\Program Files\Skype
2015-12-13 20:25 - 2015-04-05 16:42 - 00000000 ____D C:\Users\Anđelić\AppData\Local\Skype
2015-12-13 20:25 - 2015-04-05 16:42 - 00000000 ____D C:\ProgramData\Skype
2015-12-08 22:23 - 2015-04-05 16:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-08 22:23 - 2015-04-05 16:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-04 19:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-01 11:15 - 2015-10-08 14:11 - 00136272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 11:15 - 2015-10-08 14:11 - 00106968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 11:15 - 2015-10-08 14:11 - 00055456 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-12-01 07:40 - 2015-04-05 16:47 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\BSplayer
2015-11-25 20:35 - 2015-10-16 22:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-10-15 21:44 - 2015-10-15 21:44 - 0047104 ___SH () C:\Users\Anđelić\AppData\Roaming\Thumbs.db
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW

Some files in TEMP:
====================
C:\Users\Anđelić\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 16:06

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:


CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW
CHR Extension: (Merry Christmas) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh [2015-12-12]
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Landau and der Pfalz

Fix result of Farbar Recovery Scan Tool (x86) Version:19-12-2015
Ran by Anđelić (2015-12-20 11:34:24) Run:1
Running from C:\Users\Anđelić\Desktop
Loaded Profiles: Anđelić (Available Profiles: Anđelić)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW
CHR Extension: (Merry Christmas) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh [2015-12-12]
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW => moved successfully
C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh => moved successfully
EmptyTemp: => 456.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:35:04 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Landau and der Pfalz

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Landau and der Pfalz

Mnogo bolje je sada !

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Odlicno.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Landau and der Pfalz

Hvala na pomoći!

Ko je trenutno na forumu
 

Ukupno su 990 korisnika na forumu :: 32 registrovanih, 3 sakrivenih i 955 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, Ben Roj, bigfoot, bojank, Bubili, Centauro, Dimitrije Paunovic, DonRumataEstorski, draganl, Džordžino, Georgius, HogarStrashni, ILGromovnik, ivica976, kikisp, kovinacc, Kubovac, kybonacci, Magistar78, milenko crazy north, Milos ZA, Outis, Panonsky, panzerwaffe, pein, Shilok, slonic_tonic, Smd, sovanova95, vaso1, Vlad000