gubljenje prostora na C:disku

gubljenje prostora na C:disku

offline
  • Pridružio: 25 Jul 2016
  • Poruke: 4

Svakodnevno gubljenje prostora na C disku do kriticnog nivoa.Tada pokusavam ciscenje sa CClenerom,Tunapom,defregmentaciju,zavrsetak procesa.restart.Rezultati budu od 60-450mb.To traje nekoliko sati pa onda ponovo sve u krug.Problem se javio pre oko 3meseca ali je sada drastican.Pre tri dana nesto je uzelo i 10GB na D:disku i na tome je stalo.Molio bih pomoc.Hvala

Ps:Kablovski internet(SBB) 50mb




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2016
Ran by Orion (administrator) on ORION-PC (25-07-2016 16:26:32)
Running from C:\Users\Orion\Downloads
Loaded Profiles: Orion (Available Profiles: Orion)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
() C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [837640 2015-12-08] (DivX, LLC)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2162760 2016-07-22] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5089480 2015-07-08] (ESET)
HKU\S-1-5-21-3616734537-631555691-662125581-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
HKU\S-1-5-21-3616734537-631555691-662125581-1000\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [118784 2015-02-16] ()
HKU\S-1-5-21-3616734537-631555691-662125581-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-3616734537-631555691-662125581-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-12-24] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{6800F33B-7AD9-4BB5-A76D-0D0D4100C6E8}: [DhcpNameServer] 89.216.1.40 89.216.1.50

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3616734537-631555691-662125581-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={8853B236-FEBB-4690-ADE8-3B8C04818EDD}&mid=83799afdbd0947cdbddea59d7310b7f5-da7dbc45d8a3b7ce315f203816b4ce92d208771a&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2014-12-24 00:30:46&v=4.2.9.726&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-3616734537-631555691-662125581-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8853B236-FEBB-4690-ADE8-3B8C04818EDD}&mid=83799afdbd0947cdbddea59d7310b7f5-da7dbc45d8a3b7ce315f203816b4ce92d208771a&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2014-12-24 00:30:46&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3616734537-631555691-662125581-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8853B236-FEBB-4690-ADE8-3B8C04818EDD}&mid=83799afdbd0947cdbddea59d7310b7f5-da7dbc45d8a3b7ce315f203816b4ce92d208771a&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2014-12-24 00:30:46&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3616734537-631555691-662125581-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll [2016-07-22] (AVG)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar.dll [2015-02-16] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll [2015-02-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-3616734537-631555691-662125581-1000 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll [2015-02-16] (Google Inc.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-24] (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default
FF SelectedSearchEngine: webssearches
FF Homepage: hxxps://mysearch.avg.com/?cid={8853B236-FEBB-4690-ADE8-3B8C04818EDD}&mid=83799afdbd0947cdbddea59d7310b7f5-da7dbc45d8a3b7ce315f203816b4ce92d208771a&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2014-12-24 00:30:46&v=4.1.6.294&pid=wtu&sg=&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.2\\npsitesafety.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-12-02] (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll [No File]
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll [No File]
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll [No File]
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2015-04-06] (Verimatrix, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3616734537-631555691-662125581-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2015-04-06] (Verimatrix, Inc.)
FF user.js: detected! => C:\Users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default\user.js [2015-03-03]
FF SearchPlugin: C:\Users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default\searchplugins\avg-secure-search.xml [2016-07-22]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-07-22]
FF Extension: FIndBeesTDeoaal - C:\Users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default\Extensions\3@wfIwr.net [2015-02-26] [not signed]
FF Extension: AVG Web TuneUp - C:\Users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default\Extensions\avg@toolbar.xpi [2016-07-22]
FF Extension: NetoCouupon - C:\Users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default\Extensions\M2@b6.org [2015-02-26] [not signed]
FF Extension: MyPlayCity Toolbar - C:\Users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default\Extensions\{6a210611-2f33-4926-bf27-3fd9af8266eb} [2016-03-24] [not signed]
FF Extension: Adblock Plus - C:\Users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-01]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1420712924&from=exp&uid=WDCXWD1600AABS-00PRA0_WD-WMAP9680324003240","hxxp://istart.webssearches.com/?type=hppp&ts=1420712993&from=exp&uid=WDCXWD1600AABS-00PRA0_WD-WMAP9680324003240"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Gismeteo App) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjcgbemijnfmocokegilcmlnkbpnlco [2015-06-17]
CHR Extension: (YouTube) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (AVG Secure Search) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-04-26]
CHR Extension: (Google Search) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google документи офлајн) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Спеед Тест) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhbmnfdcklajeaeikfinieljfegamko [2016-01-30]
CHR Extension: (Papas Pastaria Game) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipgpdacoallahbdedblioplcgpkkgnig [2016-07-11]
CHR Extension: (Gmail) - C:\Users\Orion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-3616734537-631555691-662125581-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1353720 2015-07-08] (ESET)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2015-06-25] (TuneUp Software)
R2 vToolbarUpdater40.3.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe [1309768 2016-07-22] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [976456 2016-07-22] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [85312 2013-05-27] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [178496 2013-05-27] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70464 2013-06-27] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34624 2013-06-27] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\GIGABYTE\ET6\i386\AODDriver2.sys [50432 2013-09-20] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19168 2013-10-28] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-13] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [185176 2015-07-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46656 2015-07-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [60552 2015-07-13] (ESET)
S3 etdrv; C:\Windows\etdrv.sys [17488 2016-03-04] (Windows (R) 2000 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [17488 2016-06-07] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2016-06-07] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [30632 2015-06-04] (TuneUp Software)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [20192 2013-10-24] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-25 15:44 - 2016-07-25 15:45 - 00022652 _____ C:\Users\Orion\Downloads\Addition.txt
2016-07-25 15:42 - 2016-07-25 16:27 - 00017432 _____ C:\Users\Orion\Downloads\FRST.txt
2016-07-25 15:42 - 2016-07-25 16:26 - 00000000 ____D C:\FRST
2016-07-25 12:52 - 2016-07-25 12:52 - 01744384 _____ (Farbar) C:\Users\Orion\Downloads\FRST.exe
2016-07-18 08:37 - 2016-07-18 08:37 - 00000000 ____D C:\Users\Orion\Downloads\spacesniffer_1_3_0_1
2016-07-18 08:33 - 2016-07-18 08:34 - 01658890 _____ C:\Users\Orion\Downloads\spacesniffer_1_3_0_1.zip
2016-07-15 15:39 - 2016-07-15 15:39 - 00076214 _____ C:\Users\Orion\Downloads\Izvod tekuceg racuna br 2400100043080 za mesec jun.pdf
2016-07-03 11:43 - 2016-07-03 11:43 - 00000000 ____D C:\Program Files\Cinemaware Marquee
2016-07-02 14:55 - 2016-07-02 14:55 - 00000000 ____D C:\Users\Orion\AppData\LocalLow\uTorrent
2016-06-27 11:12 - 2016-06-27 11:12 - 00000000 ____D C:\ProgramData\PopCap Games
2016-06-27 11:01 - 2016-06-27 11:01 - 00000000 ____D C:\ProgramData\Rumbic Studio

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-25 15:49 - 2014-12-24 01:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-25 15:44 - 2015-05-15 17:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f243e8e4f45.job
2016-07-25 15:43 - 2015-07-16 07:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf89d538dff6.job
2016-07-25 15:36 - 2015-02-11 15:24 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-25 14:39 - 2009-07-14 06:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-25 14:39 - 2009-07-14 06:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-25 08:50 - 2015-12-04 14:46 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-25 08:44 - 2015-02-11 15:24 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-25 08:44 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-22 08:12 - 2014-12-24 01:30 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-07-22 08:11 - 2014-12-24 01:30 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-07-21 15:41 - 2014-12-24 00:25 - 00000000 ____D C:\Users\Orion
2016-07-21 15:40 - 2009-07-14 04:03 - 40632320 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2016-07-21 15:40 - 2009-07-14 04:03 - 17825792 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2016-07-21 15:40 - 2009-07-14 04:03 - 00024576 _____ C:\Windows\system32\config\SECURITY_tureg_old
2016-07-21 15:36 - 2009-07-14 04:03 - 38797312 _____ C:\Windows\system32\config\COMPONENTS_tureg_old
2016-07-21 15:36 - 2009-07-14 04:03 - 00151552 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2016-07-21 15:36 - 2009-07-14 04:03 - 00065536 _____ C:\Windows\system32\config\SAM_tureg_old
2016-07-14 08:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2016-07-13 12:49 - 2014-12-24 01:36 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-13 12:49 - 2014-12-24 01:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-13 12:49 - 2014-12-24 01:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 17:28 - 2015-11-26 08:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 08:55 - 2015-12-04 14:45 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-11 08:55 - 2015-12-04 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-11 08:55 - 2015-12-04 14:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-11 07:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-07-03 11:16 - 2015-02-16 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2016-07-03 11:16 - 2015-02-16 14:15 - 00000000 ____D C:\Program Files\GameHouse
2016-07-03 11:15 - 2014-12-26 01:43 - 00000000 ____D C:\Users\Orion\AppData\Roaming\uTorrent
2016-06-25 06:43 - 2009-07-14 06:53 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-02-24 08:23 - 2015-04-19 08:09 - 0000020 _____ () C:\Users\Orion\AppData\Roaming\appdataFr3.bin
2015-12-04 18:03 - 2016-02-15 15:43 - 0007597 _____ () C:\Users\Orion\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-19 09:48

==================== End of FRST.txt ============================


mycity.rs/must-login.png
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav i dobrodosao.

Savet da deinstaliras AVG Web TuneUp, TuneUp Utilities 2014. Sav 'tune' softver je nepotreban na novijim Windows OS. Iako je Windows 7 i nesto stariji OS, tune up, registry i sl. softver je nepotreban. CCleaner je i vise nego dovoljan za ovaj posao na Windows 7 ako bas moras nesto da koristis ovog tipa.

Resetuj (iskljuci pa ukljuci) system restore, evo kako to da uradis;
http://www.mycity.rs/MyCity-Laboratorija/Kako-iskl.....a-7-8.html




Logovi ne pokazuju znakove aktivne infekcije, ali idemo na dodatnu poveru sa neke druge tacke gledista;



1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);

Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.


------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 25 Jul 2016
  • Poruke: 4

mycity.rs/must-login.png
Imam ComboFix2 neznam da iskopiram u poruku.Izvini

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

ComboFix2 znaci da je alat pokretan dva puta. A lepo je sve napisano...

Iskopiraj C:\ComboFix.txt izvestaj uz poruku. Ako imas ComboFix2.txt, lokacija je u C:\Qoobox folderu.

Ako ne znas da iskopiras, prikaci ih uz poruku, ja cu glavni log da iskopiram umesto tebe.

offline
  • Pridružio: 25 Jul 2016
  • Poruke: 4

ComboFix 16-07-25.01 - Orion 27.07.2016 9:51.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.1478.765 [GMT 2:00]
Running from: c:\users\Orion\Downloads\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\AUTORUN.INF
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-06-27 to 2016-07-27 )))))))))))))))))))))))))))))))
.
.
2016-07-27 09:47 . 2016-07-27 09:47 -------- d-----w- c:\users\Orion\AppData\Local\temp
2016-07-27 09:47 . 2016-07-27 09:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-25 13:42 . 2016-07-25 14:28 -------- d-----w- C:\FRST
2016-07-06 13:18 . 2016-07-06 13:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9281B9C0-A2D1-4553-AE5B-AC772AFF66F0}\offreg.2312.dll
2016-07-03 09:43 . 2016-07-03 09:43 -------- d-----w- c:\program files\Cinemaware Marquee
2016-07-02 12:56 . 2016-07-02 12:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9281B9C0-A2D1-4553-AE5B-AC772AFF66F0}\offreg.2392.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-26 15:36 . 2015-12-04 12:46 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-13 10:49 . 2014-12-23 23:36 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-07-13 10:49 . 2014-12-23 23:36 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-27 09:14 . 2016-06-27 09:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9281B9C0-A2D1-4553-AE5B-AC772AFF66F0}\offreg.5372.dll
2016-06-07 10:27 . 2014-12-23 22:45 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2016-06-07 10:27 . 2014-12-23 22:45 17488 ----a-w- c:\windows\gdrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2016-07-22 06:10 2248776 ----a-w- c:\program files\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2013-11-01 389120]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2015-02-16 118784]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-11-16 6602152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2013-11-01 747264]
"NUSB3MON"="c:\program files\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-12-13 12017368]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2015-12-08 837640]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2016-07-22 2162760]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-07-08 5089480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-12-24 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2016-07-22 06:10 2162760 ----a-w- c:\program files\AVG Web TuneUp\vprot.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys [2013-10-24 20192]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2016-03-04 17488]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2016-06-07 24944]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2013-06-27 70464]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2013-06-27 34624]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-07-13 60552]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2013-10-28 19168]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-07-13 202704]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-07-13 144536]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-07-13 46656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-11-17 209408]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-11-01 276992]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\GIGABYTE\ET6\i386\AODDriver2.sys [2013-09-19 50432]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-07-08 1353720]
S2 vToolbarUpdater40.3.2;vToolbarUpdater40.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe [2016-07-22 1309768]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files\AVG Web TuneUp\WtuSystemSupport.exe [2016-07-22 976456]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2013-05-27 85312]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2013-05-27 178496]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-20 17:36 1245848 ----a-w- c:\program files\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-23 10:49]
.
2016-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-11 13:24]
.
2016-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-11 13:24]
.
2016-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d08f243e8e4f45.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-11 13:24]
.
2016-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0bf89d538dff6.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-11 13:24]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = google.com
uStart Page = mysearch.avg.com/?cid={8853B236-FEBB-4690-ADE8-3B8C04818EDD}&mid=83799afdbd0947cdbddea59d7310b7f5-da7dbc45d8a3b7ce315f203816b4ce92d208771a&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2014-12-24 00:30&v=4.2.9.726&pid=wtu&sg=&sap=hp
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Orion\AppData\Roaming\Mozilla\Firefox\Profiles\txxdjv3x.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com/?cid={8853B236-FEBB-4690-ADE8-3B8C04818EDD}&mid=83799afdbd0947cdbddea59d7310b7f5-da7dbc45d8a3b7ce315f203816b4ce92d208771a&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2014-12-24 00:30&v=4.1.6.294&pid=wtu&sg=&sap=hp
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-07-27 11:52:40
ComboFix-quarantined-files.txt 2016-07-27 09:52
.
Pre-Run: 479.846.400 bytes free
Post-Run: 370.466.816 bytes free
.
- - End Of File - - E537445BB8B4811E1754C069D9B637CB
A36C5E4F47E84449FF07ED3517B43A31

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Nema aktivne infekcije. Ima zaostataka od predhodno deinstaliranih/uklonjenih PUP programa. Browser podesavanja su i dalje pod njihovim efektom. Da jos to sredimo....


1. Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"





2. Resetuj i postavi Internet Explorer i Mozilla Firefox nazad na default podesavanja;
https://support.microsoft.com/en-us/kb/923737
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings


3. Kompletno deinstaliraj Google Chrome browser i preuzmi svezu instalaciju.
Nista ne moras cuvati od podataka, dovoljno je da prijavis Chrome ponovo na svoj nalog (gmail).

offline
  • Pridružio: 25 Jul 2016
  • Poruke: 4

mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Mogu li ja konacno dobiti neku povratnu informaciju osim samih logova, sta je sa mojim savetima za deinstalaciju, sta je sa system restore, sta je sa reset IE, sta je sa reset Firefox, sta je sa 'deinstaliraj-instaliraj' Chrome? Uradio si to? Nisi uradio? Nesto drugo?

Ko je trenutno na forumu
 

Ukupno su 738 korisnika na forumu :: 34 registrovanih, 3 sakrivenih i 701 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Sale, A.R.Chafee.Jr., amaterSRB, Apok, babaroga, Bane san, Cirkon, dekao, Dorcolac, Drug pukovnik, Duh sa sekirom, elenemste, helen1, HrcAk47, ivica976, kripo, kybonacci, Lucije Kvint, Milan A. Nikolic, milos.cbr, Mlav, pein, Sirius, Steeeefan, stegonosa, Toni, Toper, vasa.93, VJ, Vlada1389, vlahale, zljubomir, Živković