Plavi ekran za OS Win 8.1 - Kolaps racunara i restart

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Postovanje dezurnom osoblju ambulante!..
Naime, problem sam prvo prijavio u odeljku Windows, gde me je jedan od vasih kolega uputio ovde sumnjajuci da se radi o virusnoj infekciji
Link mozete pogledati ovde
http://www.mycity.rs/Windows/Plavi-ekran-za-OS-Win.....art.html
Tema je otvorena pre 2h.

E sad da krenem po tackama>
1. Problem se ispoljava tako sto mi se iznenada pojavljuje Plavi ekran koji restartuje racunar (klikom na link gore mozete da vidite fotografiju sta mi se pojavljuje kao i fotografiju OS koji koristim)
2. Problem je nastao posle skidanja neke datoteke sa interneta koja je verovatno bila zarazena. Inace kao antivirusnu zastitu koristim program Avast. Znam da mi se umesto Google pretrazivaca pojavljivao neki link na kom je bila slika sa sesirom.
3. Zatitini softver Avast. Sa vremena na vreme mi iz cista mira iskoci prozor gde on detektuje nesto sto se zove - adware generic. Sada sam uradio detaljno skeniranje i nesto mi je obrisao a nesto prebacio u karantin. Fotografije obrisanih fajlova su ovde





4. Instalirao sam programe System Mechanic i Advanced System Care. Ovaj prvi izgleda da je mozda i resio problem (mada ne verujem), jer posle njegovog skeniranja i popravljanja kompjuter za sada nema Plavi Ekran.
5.Kablovski sistem Vektor
6.Odradio sam skeniranje sa WhoCrashed i MBT programima koje sam pronasao ovde kod vas. Rezultate mozete da vidi na ovoj temi ovde koja je danas otvorena mycity.rs/Windows/Plavi-ekran-za-OS-Win.....start.html

Sto se tice skeniranja sa alatom FRST rezultati cu ovde iskopirati>

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Sloba (administrator) on USER (11-01-2017 16:13:02)
Running from C:\Users\Sloba\Desktop
Loaded Profiles: Sloba (Available Profiles: Sloba)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvWsc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\AutoKMS\AutoKMS.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-01] (NVIDIA Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2016-10-10] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2016-10-10] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [ACSW17EN] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1470280 2014-03-05] (ACD Systems)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29642368 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [3023136 2016-12-26] (IObit)
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Providers\i0g5knn0: C:\Program Files (x86)\Dutianurs Manager\local64spl.dll [292352 2017-01-03] ()
ShellExecuteHooks: No Name - {BEFCEB0C-CC39-11E6-A922-64006A5CFC23} - -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-12] (AVAST Software)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 109.122.98.6
Tcpip\..\Interfaces\{6283C5BA-47E0-4B4F-958B-D6EE6E585729}: [DhcpNameServer] 109.122.98.6

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-464433618-3909481312-2535189563-1001 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-464433618-3909481312-2535189563-1001 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-464433618-3909481312-2535189563-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BE6CE7BE9-A94D-49BF-9703-4F1881365E6F%7D&gp=811014
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7egyhhum.default
FF ProfilePath: C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\7egyhhum.default\Profiles\7egyhhum.default [not found]
FF ProfilePath: C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default [2017-01-11]
FF user.js: detected! => C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\user.js [2016-12-07]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7egyhhum.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7egyhhum.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\7egyhhum.default -> hxxp://mail.ru/cnt/10445?gp=818406
FF Keyword.URL: Mozilla\Firefox\Profiles\7egyhhum.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B9D7ED06C-CF70-41A3-B44E-E31D4FFE36D0%7D&gp=811010
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\homepage@mail.ru [2017-01-05]
FF Extension: (Поиск@Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\search@mail.ru [2017-01-05]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-01-05]
FF SearchPlugin: C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\searchplugins\mailru.xml [2017-01-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.google.com/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-11] <==== ATTENTION
CHR Extension: (Docs) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-03]
CHR Extension: (Google Drive) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-03]
CHR Extension: (YouTube) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-03]
CHR Extension: (Fast search) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-03]
CHR Extension: (Gmail) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-03]
CHR Profile: C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default [2017-01-10]
CHR Extension: (No Name) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-10]
CHR Extension: (No Name) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-10]
CHR Extension: (No Name) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-10]
CHR Extension: (No Name) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-10]
CHR Extension: (Avast SafePrice) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (No Name) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-10]
CHR Extension: (No Name) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-11]
CHR Extension: (Avast Online Security) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Voice Actions for Chrome (beta)) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhpjefokaphndbbidpehikcjhldaklje [2016-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-10]
CHR Extension: (No Name) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-03]
CHR Extension: (No Name) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe [1013024 2016-11-10] (IObit)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [1931552 2016-12-26] (IObit)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [366560 2016-04-28] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-12] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134880 2016-01-08] (ELAN Microelectronics Corp.)
R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [131072 2017-01-11] () [File not signed]
S3 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-05] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-06-03] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S3 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-28] (IObit)
R2 SAService; C:\Windows\system32\SAsrv.exe [431960 2015-09-15] (Conexant Systems, Inc.)
R2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1063200 2015-12-29] (IObit)
S2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-11-21] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-15] (Microsoft Corporation)
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [508928 2017-01-11] () [File not signed]
R2 WinSnare; C:\Users\Sloba\AppData\Roaming\WinSnare\WinSnare.dll [775168 2017-01-10] (InterSect Alliance Pty Ltd) [File not signed]
S3 iThemes5; no ImagePath <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-01-11] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-01-11] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2017-01-11] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-05] (REALiX(tm))
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2357144 2016-06-28] (Qualcomm Atheros, Inc.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1772008 2016-06-09] (Sonix Tech. Co., Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [520032 2016-11-02] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-15] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-15] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-15] (Microsoft Corporation)
S1 p1483638730am; \??\C:\Users\Sloba\AppData\Local\Temp\bk3CA2.tmp\p1483638730am.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 16:13 - 2017-01-11 16:14 - 00020987 _____ C:\Users\Sloba\Desktop\FRST.txt
2017-01-11 16:12 - 2017-01-11 16:12 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-11 14:58 - 2017-01-11 16:13 - 00000000 ____D C:\FRST
2017-01-11 14:58 - 2017-01-11 14:58 - 02419200 _____ (Farbar) C:\Users\Sloba\Desktop\FRST64.exe
2017-01-11 13:25 - 2017-01-11 13:25 - 00031669 _____ C:\Users\Sloba\Desktop\MTB analiza.txt
2017-01-11 13:22 - 2017-01-11 13:22 - 00892416 _____ (Farbar) C:\Users\Sloba\Desktop\MiniToolBox.exe
2017-01-11 13:12 - 2017-01-11 13:12 - 00000000 ____D C:\Users\Sloba\AppData\Local\Disc_Soft_Ltd
2017-01-11 13:11 - 2017-01-11 13:11 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-01-11 13:10 - 2017-01-11 13:10 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-01-11 13:09 - 2017-01-11 13:11 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-01-11 13:09 - 2017-01-11 13:11 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\DAEMON Tools Lite
2017-01-11 13:09 - 2017-01-11 13:11 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-11 13:09 - 2017-01-11 13:09 - 00001799 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-01-11 13:09 - 2017-01-11 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-01-11 13:09 - 2017-01-11 13:09 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-01-11 13:02 - 2017-01-11 13:02 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.4)
2017-01-11 13:02 - 2017-01-11 13:02 - 00000000 ____D C:\Program Files (x86)\Gubed
2017-01-11 12:48 - 2017-01-11 12:48 - 00329688 _____ C:\Windows\Minidump\011117-65296-01.dmp
2017-01-11 12:27 - 2017-01-11 12:47 - 678026009 _____ C:\Windows\MEMORY.DMP
2017-01-11 12:27 - 2017-01-11 12:27 - 00329688 _____ C:\Windows\Minidump\011117-16015-01.dmp
2017-01-11 12:20 - 2017-01-11 12:57 - 00000912 _____ C:\Users\Sloba\Desktop\WhoCrashed.lnk
2017-01-11 12:20 - 2017-01-11 12:52 - 00000000 ____D C:\Program Files\WhoCrashed
2017-01-11 12:20 - 2017-01-11 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2017-01-11 12:13 - 2017-01-11 12:13 - 00329680 _____ C:\Windows\Minidump\011117-16359-01.dmp
2017-01-11 12:00 - 2017-01-11 12:00 - 00329808 _____ C:\Windows\Minidump\011117-16234-01.dmp
2017-01-11 11:49 - 2017-01-11 11:49 - 00321208 _____ C:\Windows\Minidump\011117-16312-01.dmp
2017-01-11 08:22 - 2017-01-11 08:23 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\Adobe
2017-01-11 08:22 - 2017-01-11 08:22 - 00000000 ____D C:\Users\Sloba\AppData\Local\Adobe
2017-01-11 08:22 - 2017-01-11 08:22 - 00000000 ____D C:\ProgramData\Adobe
2017-01-11 07:49 - 2017-01-11 07:49 - 00002388 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Sloba
2017-01-11 07:49 - 2017-01-11 07:49 - 00001404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-01-11 07:49 - 2017-01-11 07:49 - 00001392 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-01-11 07:49 - 2017-01-11 07:49 - 00000288 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Sloba.job
2017-01-11 07:49 - 2017-01-11 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-01-11 07:46 - 2017-01-11 07:46 - 05986104 _____ C:\Users\Sloba\Desktop\Alepo1.avi
2017-01-11 07:37 - 2017-01-11 07:37 - 00049584 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-01-10 12:56 - 2017-01-10 12:56 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Sloba)
2017-01-10 12:50 - 2017-01-10 12:50 - 00345376 _____ C:\Windows\Minidump\011017-51062-01.dmp
2017-01-10 12:45 - 2017-01-10 12:45 - 00000000 ____D C:\Users\Sloba\AppData\Local\ElevatedDiagnostics
2017-01-06 14:11 - 2017-01-11 13:02 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\WinSnare
2017-01-05 23:06 - 2017-01-05 23:06 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-05 23:06 - 2017-01-05 23:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-01-05 22:39 - 2017-01-05 22:39 - 00000000 ____D C:\Windows\IObit
2017-01-05 22:38 - 2017-01-05 22:38 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-05 22:22 - 2017-01-11 07:52 - 00000266 _____ C:\Windows\Tasks\ASCU10_SkipUac_Sloba.job
2017-01-05 22:22 - 2017-01-05 22:22 - 00003026 _____ C:\Windows\System32\Tasks\ASCU10_PerformanceMonitor
2017-01-05 22:22 - 2017-01-05 22:22 - 00002366 _____ C:\Windows\System32\Tasks\ASCU10_SkipUac_Sloba
2017-01-05 22:22 - 2017-01-05 22:22 - 00000000 ____D C:\ProgramData\BDLogging
2017-01-05 22:22 - 2017-01-05 22:22 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2017-01-05 22:22 - 2017-01-05 22:22 - 00000000 ____D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2017-01-05 22:22 - 2016-11-02 19:11 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-01-05 22:21 - 2017-01-10 23:58 - 00002401 _____ C:\Users\Public\Desktop\Advanced SystemCare Ultimate 10.lnk
2017-01-05 22:21 - 2017-01-05 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate
2017-01-05 21:24 - 2017-01-05 21:25 - 05976478 _____ C:\Users\Sloba\Desktop\Alepo.avi
2017-01-05 18:49 - 2017-01-05 18:49 - 00329816 _____ C:\Windows\Minidump\010517-14000-01.dmp
2017-01-05 17:31 - 2017-01-05 17:31 - 00000000 ____D C:\Windows\system32\config\Original
2017-01-05 17:30 - 2017-01-05 21:53 - 00000000 ____D C:\Windows\system32\config\SM Registry Backup
2017-01-05 17:30 - 2017-01-05 17:30 - 00000000 ____D C:\Windows\system32\config\Before Compact
2017-01-05 14:58 - 2017-01-05 14:58 - 00000406 _____ C:\Windows\system32\ioloBootDefrag.cfg
2017-01-05 14:56 - 2017-01-05 14:56 - 00003118 _____ C:\Windows\System32\Tasks\iolo Process Governor
2017-01-05 14:56 - 2017-01-05 14:56 - 00001365 _____ C:\Users\Sloba\Desktop\System Mechanic.lnk
2017-01-05 14:56 - 2017-01-05 14:56 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\ioloGovernor
2017-01-05 14:56 - 2017-01-05 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2017-01-05 14:56 - 2017-01-05 14:56 - 00000000 ____D C:\ProgramData\ioloGovernor
2017-01-05 14:56 - 2017-01-05 14:56 - 00000000 ____D C:\Program Files (x86)\iolo
2017-01-05 14:56 - 2013-12-03 10:47 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2017-01-05 14:56 - 2013-12-03 10:47 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2017-01-05 14:56 - 2013-12-03 10:01 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2017-01-05 14:56 - 2013-12-03 10:01 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2017-01-05 14:56 - 2013-12-03 09:54 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2017-01-05 14:55 - 2017-01-05 18:52 - 00000000 ____D C:\ProgramData\iolo
2017-01-05 14:55 - 2017-01-05 17:23 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\iolo
2017-01-05 14:55 - 2017-01-05 14:55 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2017-01-05 14:55 - 2013-12-03 09:54 - 00030752 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys
2017-01-05 14:52 - 2017-01-05 14:53 - 00327504 _____ C:\Windows\Minidump\010517-14906-01.dmp
2017-01-05 14:02 - 2017-01-07 10:08 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\TeamViewer
2017-01-05 13:30 - 2017-01-11 13:02 - 00000000 ____D C:\ProgramData\WinSAPSvc
2017-01-05 13:30 - 2017-01-10 13:03 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-01-05 13:17 - 2017-01-05 13:17 - 00325424 _____ C:\Windows\Minidump\010517-18546-01.dmp
2017-01-05 10:11 - 2017-01-05 10:11 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
2017-01-05 10:11 - 2017-01-05 10:11 - 00000000 ____D C:\Users\Sloba\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
2017-01-05 10:11 - 2017-01-05 10:11 - 00000000 ____D C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
2017-01-05 02:27 - 2017-01-05 02:28 - 00327600 _____ C:\Windows\Minidump\010517-17015-01.dmp
2017-01-05 02:18 - 2017-01-11 12:48 - 00000000 ____D C:\Windows\Minidump
2017-01-05 02:18 - 2017-01-05 02:18 - 00327664 _____ C:\Windows\Minidump\010517-17093-01.dmp
2017-01-05 02:08 - 2017-01-11 07:35 - 00001126 _____ C:\Windows\system32\.crusader
2017-01-05 02:05 - 2017-01-05 02:05 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-05 02:05 - 2017-01-05 02:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-05 02:05 - 2017-01-05 02:05 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-05 02:02 - 2017-01-05 02:02 - 00000000 ____D C:\Users\Sloba\AppData\Local\Вoйти в Интeрнет
2017-01-05 01:59 - 2017-01-05 01:59 - 00000000 ____D C:\Users\Sloba\AppData\Local\Поиcк в Интeрнете
2017-01-05 01:58 - 2017-01-05 14:22 - 00000000 ____D C:\Users\Sloba\AppData\Local\Mail.Ru
2017-01-05 01:58 - 2017-01-05 01:58 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-01-05 01:34 - 2017-01-05 21:57 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-04 18:40 - 2017-01-11 16:13 - 00000000 ____D C:\Program Files\i0g5knn0
2017-01-04 16:54 - 2017-01-07 09:52 - 00000000 ____D C:\Program Files (x86)\56oab8ct
2017-01-03 16:21 - 2017-01-07 09:52 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-01-03 16:21 - 2017-01-03 16:21 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2017-01-03 15:20 - 2017-01-03 15:20 - 00006066 _____ C:\Windows\System32\Tasks\Coagotbobward Cache
2017-01-03 15:20 - 2017-01-03 15:20 - 00000000 ____D C:\Program Files (x86)\Dutianurs Manager
2017-01-03 15:19 - 2017-01-11 16:10 - 00000000 ____D C:\Program Files (x86)\Plrerch
2017-01-03 15:19 - 2017-01-03 15:50 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\Grufrychermoent
2017-01-03 15:19 - 2017-01-03 15:20 - 00000000 ____D C:\Users\Sloba\AppData\Local\Gerpuleluhoght
2016-12-27 19:24 - 2016-12-27 19:24 - 00001496 _____ C:\Users\Sloba\Desktop\Astrolog 6.10.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Astrolog
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Astrolog
2016-12-27 18:00 - 2015-11-28 19:18 - 00275857 _____ C:\Users\Sloba\Desktop\IMG_20150913_142338.jpg
2016-12-27 17:58 - 2015-10-01 12:23 - 00219492 _____ C:\Users\Sloba\Desktop\IMG_20150914_1337337.jpg
2016-12-27 12:56 - 2016-12-27 12:56 - 00450240 _____ C:\Users\Sloba\Desktop\ckjDXnDSCS0.jpg
2016-12-25 19:17 - 2016-12-25 19:17 - 00021139 _____ C:\Users\Sloba\Desktop\Podloga cista kocka.jpg
2016-12-23 12:52 - 2016-12-23 12:52 - 01599338 _____ C:\Users\Sloba\Desktop\video.mp4
2016-12-20 09:00 - 2016-12-20 09:00 - 00048922 _____ C:\Users\Sloba\Desktop\cScxpw7zKEU.jpg
2016-12-15 13:40 - 2016-12-15 13:40 - 11277114 _____ C:\Users\Sloba\Desktop\snajper.psd
2016-12-15 13:09 - 2017-01-10 21:54 - 00012743 _____ C:\Users\Sloba\Desktop\Book1.xlsx
2016-12-15 12:21 - 2016-12-19 21:19 - 00378403 _____ C:\Users\Sloba\Desktop\Book1.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 16:14 - 2016-10-10 16:48 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C67B4315-8A3E-46B8-A55F-F09907940801}
2017-01-11 16:12 - 2016-10-10 16:59 - 00000000 __SHD C:\Users\Sloba\IntelGraphicsProfiles
2017-01-11 16:11 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-11 16:10 - 2016-10-10 17:33 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-11 13:11 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-01-11 12:52 - 2016-10-10 16:41 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-01-11 11:51 - 2016-10-10 16:47 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-11 08:05 - 2016-10-10 17:50 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-11 07:46 - 2016-10-10 17:51 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-11 07:43 - 2016-10-11 15:40 - 00039868 _____ C:\Users\Sloba\Documents\starburn.txt
2017-01-11 07:36 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-01-11 00:17 - 2016-10-10 16:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-464433618-3909481312-2535189563-1001
2017-01-11 00:08 - 2016-10-10 16:47 - 00000000 ____D C:\ProgramData\ProductData
2017-01-10 21:59 - 2016-10-10 16:36 - 00000000 ____D C:\Users\Sloba\AppData\Local\Packages
2017-01-10 21:40 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2017-01-10 12:57 - 2016-10-10 17:47 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-10 12:57 - 2016-10-10 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-10 12:57 - 2016-10-10 17:47 - 00000000 ____D C:\Program Files\WinRAR
2017-01-08 16:38 - 2016-10-23 13:17 - 00001456 _____ C:\Users\Sloba\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-08 14:32 - 2014-11-21 08:39 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-07 10:08 - 2016-10-10 17:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-07 09:52 - 2016-10-10 17:39 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-01-07 09:52 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-05 23:18 - 2016-11-30 22:34 - 00012687 _____ C:\Users\Sloba\Desktop\Argon tab.xlsx
2017-01-05 23:10 - 2013-08-22 15:44 - 00422056 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-05 23:07 - 2016-10-10 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-05 23:06 - 2016-10-10 17:42 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-01-05 23:06 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-05 23:03 - 2014-11-21 08:19 - 00000000 ____D C:\Windows\ShellNew
2017-01-05 23:03 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-05 23:03 - 2013-08-22 14:25 - 00000167 _____ C:\Windows\win.ini
2017-01-05 22:39 - 2016-10-10 16:47 - 00000000 ____D C:\ProgramData\IObit
2017-01-05 22:36 - 2016-10-10 16:47 - 00000000 ____D C:\Users\Sloba\AppData\Roaming\IObit
2017-01-05 01:59 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-05 01:58 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-01-03 17:31 - 2016-10-14 11:20 - 00001430 _____ C:\Users\Sloba\Desktop\generaln pass.txt
2017-01-03 15:53 - 2016-10-10 16:44 - 00001121 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-03 15:48 - 2016-10-10 16:36 - 00000000 ____D C:\Users\Sloba
2017-01-03 13:24 - 2016-10-11 15:39 - 00000000 ____D C:\Users\Sloba\Documents\Wondershare Filmora
2016-12-27 01:29 - 2016-10-13 11:23 - 00138083 _____ C:\Users\Sloba\Desktop\Kupci.xlsx
2016-12-17 00:00 - 2016-10-10 17:50 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 00:00 - 2016-10-10 17:50 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 08:02 - 2016-10-10 17:51 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 08:02 - 2016-10-10 17:51 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-10-23 13:17 - 2017-01-08 16:38 - 0001456 _____ () C:\Users\Sloba\AppData\Local\Adobe Save for Web 13.0 Prefs

Some files in TEMP:
====================
C:\Users\Sloba\AppData\Local\Temp\HitmanPro.exe
C:\Users\Sloba\AppData\Local\Temp\Yuzwnpxejvho.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-11 02:19

==================== End of FRST.txt ============================


Addition fajl ovde>
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav!

Na pocetku, deinstaliraj ove programe (ako iz nekog razloga ne uspes, predji na sledeci korak):

IObit Uninstaller
iolo technologies' System Mechanic
Advanced SystemCare Ultimate 10


Nakon toga,

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Providers\i0g5knn0: C:\Program Files (x86)\Dutianurs Manager\local64spl.dll [292352 2017-01-03] ()
C:\Program Files (x86)\Dutianurs Manager
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-464433618-3909481312-2535189563-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BE6CE7BE9-A94D-49BF-9703-4F1881365E6F%7D&gp=811014
FF user.js: detected! => C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\user.js [2016-12-07]
C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\user.js
FF Homepage: Mozilla\Firefox\Profiles\7egyhhum.default -> hxxp://mail.ru/cnt/10445?gp=818406
FF Keyword.URL: Mozilla\Firefox\Profiles\7egyhhum.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B9D7ED06C-CF70-41A3-B44E-E31D4FFE36D0%7D&gp=811010
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\homepage@mail.ru [2017-01-05]
FF Extension: (Поиск@Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\search@mail.ru [2017-01-05]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-01-05]
FF SearchPlugin: C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\searchplugins\mailru.xml [2017-01-05]
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.google.com/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-11] <==== ATTENTION
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [131072 2017-01-11] () [File not signed]
C:\Program Files (x86)\Gubed
S2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-11-21] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [508928 2017-01-11] () [File not signed]
C:\ProgramData\WinSAPSvc
R2 WinSnare; C:\Users\Sloba\AppData\Roaming\WinSnare\WinSnare.dll [775168 2017-01-10] (InterSect Alliance Pty Ltd) [File not signed]
S3 iThemes5; no ImagePath <==== ATTENTION
C:\Users\Sloba\AppData\Roaming\WinSnare
S1 p1483638730am; \??\C:\Users\Sloba\AppData\Local\Temp\bk3CA2.tmp\p1483638730am.sys [X]
C:\Users\Sloba\AppData\Local\Temp\bk3CA2.tmp\
2017-01-04 18:40 - 2017-01-11 16:13 - 00000000 ____D C:\Program Files\i0g5knn0
2017-01-04 16:54 - 2017-01-07 09:52 - 00000000 ____D C:\Program Files (x86)\56oab8ct
2017-01-03 16:21 - 2017-01-07 09:52 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-01-05 02:02 - 2017-01-05 02:02 - 00000000 ____D C:\Users\Sloba\AppData\Local\Вoйти в Интeрнет
2017-01-05 01:59 - 2017-01-05 01:59 - 00000000 ____D C:\Users\Sloba\AppData\Local\Поиcк в Интeрнете
2017-01-05 01:58 - 2017-01-05 14:22 - 00000000 ____D C:\Users\Sloba\AppData\Local\Mail.Ru
2017-01-05 01:58 - 2017-01-05 01:58 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-01-03 15:20 - 2017-01-03 15:20 - 00000000 ____D C:\Program Files (x86)\Dutianurs Manager
Task: {287E6BE9-0151-4286-8460-1146CEEBA29A} - \fupdate -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Sloba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
ShortcutWithArgument: C:\Users\Sloba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
2017-01-11 13:02 - 2017-01-11 13:02 - 00131072 _____ () c:\program files (x86)\gubed\gubedzl.dll
c:\program files (x86)\gubed
2017-01-11 13:02 - 2017-01-11 13:02 - 00508928 _____ () c:\programdata\winsapsvc\winsap.dll
c:\programdata\winsapsvc
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\...\StartupApproved\Run: => "ljhfyvrzlt"
File: C:\Program Files (x86)\Plrerch\wuapy.exe
Hosts:
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Nakon toga,


Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 11 Jan 2017 22:32

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-01-2017
Ran by Sloba (11-01-2017 22:19:38) Run:1
Running from C:\Users\Sloba\Desktop
Loaded Profiles: Sloba (Available Profiles: Sloba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
reateRestorePoint:
CloseProcesses:
HKLM\...\Providers\i0g5knn0: C:\Program Files (x86)\Dutianurs Manager\local64spl.dll [292352 2017-01-03] ()
C:\Program Files (x86)\Dutianurs Manager
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-464433618-3909481312-2535189563-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BE6CE7BE9-A94D-49BF-9703-4F1881365E6F%7D&gp=811014
FF user.js: detected! => C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\user.js [2016-12-07]
C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\user.js
FF Homepage: Mozilla\Firefox\Profiles\7egyhhum.default -> hxxp://mail.ru/cnt/10445?gp=818406
FF Keyword.URL: Mozilla\Firefox\Profiles\7egyhhum.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B9D7ED06C-CF70-41A3-B44E-E31D4FFE36D0%7D&gp=811010
FF Extension: (???????? ???????? Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\homepage@mail.ru [2017-01-05]
FF Extension: (?????@Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\search@mail.ru [2017-01-05]
FF Extension: (?????????? ???????? @Mail.Ru) - C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-01-05]
FF SearchPlugin: C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\searchplugins\mailru.xml [2017-01-05]
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.google.com/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-11] <==== ATTENTION
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [131072 2017-01-11] () [File not signed]
C:\Program Files (x86)\Gubed
S2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-11-21] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [508928 2017-01-11] () [File not signed]
C:\ProgramData\WinSAPSvc
R2 WinSnare; C:\Users\Sloba\AppData\Roaming\WinSnare\WinSnare.dll [775168 2017-01-10] (InterSect Alliance Pty Ltd) [File not signed]
S3 iThemes5; no ImagePath <==== ATTENTION
C:\Users\Sloba\AppData\Roaming\WinSnare
S1 p1483638730am; \??\C:\Users\Sloba\AppData\Local\Temp\bk3CA2.tmp\p1483638730am.sys [X]
C:\Users\Sloba\AppData\Local\Temp\bk3CA2.tmp\
2017-01-04 18:40 - 2017-01-11 16:13 - 00000000 ____D C:\Program Files\i0g5knn0
2017-01-04 16:54 - 2017-01-07 09:52 - 00000000 ____D C:\Program Files (x86)\56oab8ct
2017-01-03 16:21 - 2017-01-07 09:52 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-01-05 02:02 - 2017-01-05 02:02 - 00000000 ____D C:\Users\Sloba\AppData\Local\?o??? ? ???e????
2017-01-05 01:59 - 2017-01-05 01:59 - 00000000 ____D C:\Users\Sloba\AppData\Local\???c? ? ???e?????
2017-01-05 01:58 - 2017-01-05 14:22 - 00000000 ____D C:\Users\Sloba\AppData\Local\Mail.Ru
2017-01-05 01:58 - 2017-01-05 01:58 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-01-03 15:20 - 2017-01-03 15:20 - 00000000 ____D C:\Program Files (x86)\Dutianurs Manager
Task: {287E6BE9-0151-4286-8460-1146CEEBA29A} - \fupdate -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Sloba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
ShortcutWithArgument: C:\Users\Sloba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
2017-01-11 13:02 - 2017-01-11 13:02 - 00131072 _____ () c:\program files (x86)\gubed\gubedzl.dll
c:\program files (x86)\gubed
2017-01-11 13:02 - 2017-01-11 13:02 - 00508928 _____ () c:\programdata\winsapsvc\winsap.dll
c:\programdata\winsapsvc
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\...\StartupApproved\Run: => "ljhfyvrzlt"
File: C:\Program Files (x86)\Plrerch\wuapy.exe
Hosts:
EmptyTemp:
*****************

reateRestorePoint: => Error: No automatic fix found for this entry.
Processes closed successfully.
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\i0g5knn0 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order i0g5knn0 => removed successfully
C:\Program Files (x86)\Dutianurs Manager => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key removed successfully
HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found.
C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\user.js => moved successfully
C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\user.js => not found.
"C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\user.js" => not found.
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\homepage@mail.ru => moved successfully
C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\search@mail.ru => moved successfully
C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} => moved successfully
C:\Users\Sloba\AppData\Roaming\Mozilla\Firefox\Profiles\7egyhhum.default\searchplugins\mailru.xml => moved successfully
CHR DefaultProfile: ChromeDefaultData => Error: No automatic fix found for this entry.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Sloba\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof => key removed successfully
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj => key removed successfully
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd => key removed successfully
HKLM\System\CurrentControlSet\Services\GubedZL => key removed successfully
GubedZL => service removed successfully
C:\Program Files (x86)\Gubed => moved successfully
HKLM\System\CurrentControlSet\Services\Themes\\DependOnService => value removed successfully
WinSAPSvc => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WinSAPSvc => key removed successfully
WinSAPSvc => service removed successfully

"C:\ProgramData\WinSAPSvc" folder move:

Could not move "C:\ProgramData\WinSAPSvc" => Scheduled to move on reboot.

WinSnare => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WinSnare => key removed successfully
WinSnare => service removed successfully
HKLM\System\CurrentControlSet\Services\iThemes5 => key removed successfully
iThemes5 => service removed successfully
C:\Users\Sloba\AppData\Roaming\WinSnare => moved successfully
HKLM\System\CurrentControlSet\Services\p1483638730am => key removed successfully
p1483638730am => service removed successfully
C:\Users\Sloba\AppData\Local\Temp\bk3CA2.tmp => moved successfully
C:\Program Files\i0g5knn0 => moved successfully
C:\Program Files (x86)\56oab8ct => moved successfully
C:\Program Files (x86)\Adware Removal Tool by TSA => moved successfully
"C:\Users\Sloba\AppData\Local\?o??? ? ???e????" => not found.
"C:\Users\Sloba\AppData\Local\???c? ? ???e?????" => not found.
C:\Users\Sloba\AppData\Local\Mail.Ru => moved successfully
C:\ProgramData\Mail.Ru => moved successfully
"C:\Program Files (x86)\Dutianurs Manager" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{287E6BE9-0151-4286-8460-1146CEEBA29A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{287E6BE9-0151-4286-8460-1146CEEBA29A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fupdate => key removed successfully
C:\Users\Sloba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => Shortcut argument removed successfully.
C:\Users\Sloba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk => Shortcut argument removed successfully.
"c:\program files (x86)\gubed\gubedzl.dll" => not found.
"c:\program files (x86)\gubed" => not found.
c:\programdata\winsapsvc\winsap.dll => moved successfully

"c:\programdata\winsapsvc" folder move:

Could not move "c:\programdata\winsapsvc" => Scheduled to move on reboot.

HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ljhfyvrzlt => value removed successfully
HKU\S-1-5-21-464433618-3909481312-2535189563-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ljhfyvrzlt => value not found.

========================= File: C:\Program Files (x86)\Plrerch\wuapy.exe ========================

File is digitally signed
MD5: C60E1BCF6B5AE19C47B13A30BEACF169
Creation and modification date: 2017-01-03 15:19 - 2017-01-03 15:19
Size: 0780600
Attributes: ----A
Company Name: Glarysoft Ltd
Internal Name:
Original Name:
Product: Glary Utilities
Description: Glary Utilities AutoUpdate
File Version: 5, 0, 0, 8
Product Version: 5.0.0.1
Copyright: Copyright (c) 2003-2014 Glarysoft Ltd

====== End of File: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 20971520 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11688746 B
Java, Flash, Steam htmlcache => 321 B
Windows/system/drivers => 123941418 B
Edge => 0 B
Chrome => 29145088 B
Firefox => 9863036 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 33043977 B
LocalService => 132498 B
NetworkService => 0 B
Sloba => 2203047410 B

RecycleBin => 150789596 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-01-2017 22:22:57)

C:\ProgramData\WinSAPSvc => moved successfully
c:\programdata\winsapsvc => Is moved successfully

==== End of Fixlog 22:22:57 ====

Dopuna: 11 Jan 2017 22:40

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisi lepo kopirala fix prvi put, propustila si prvo slovo. Ali dobro, nije veliki problem, idemo dalje. Zamolicu te da pazljivo pratis uputstva!



Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju .

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 11 Jan 2017 23:00

I samo jos jedno pitanje... Naime, nestali su mi obelezivaci na Chrome pretrazivacu. Jel se to moze povratiti ili...?

Dopuna: 11 Jan 2017 23:10

evo sad cu.....

Dopuna: 11 Jan 2017 23:28

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve je ostalo zapamceno na malicioznom profilu koji se nalazio u Chromu, a on je sada uklonjen, tako da su uklonjeni i obelezivaci koji su bili na tom profilu. Ipak, ako si kojim slucajem povezala gmail nalog sa Chromom, mozda su i ostali kad se budes ponovo prijavila.

Svakako, preporucujem vracanje Google Chroma i Firefoxa na pocetna podesavanja. Ovo nece obrisati bookmarks, ali ce vratiti browser na pocetna podesavanja.

Google Chrome: https://support.google.com/chrome/answer/3296214?hl=sr
Firefox: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

Reci mi, kakvo je sada stanje racunara?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

stanje je perfektno za sada... Bilo je i ranije. Samo sto se pojavljivao Blue Screen pa se stalno restartovao iz cista mira... Hvala vam Return. Jel mislite da smo sve prosli?

• 1Ovo se svidja korisniku: gvozdenavolja
  
  Registruj se da bi pohvalio/la poruku!

Pa da, zavrsili smo, posto je gamad uklonjena. Ako ponovo budes imao problema sa BSOD, vrati se nazad na temu u Windows forumu, jer BSOD vise ne bi trebalo da se pojavljuje, ako je malver bio uzrok.

• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png