Rutinska kontrola kompa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Ljudi zet mi je dobio eksterni hdd i zabranio sam mu da ga ukljuci, dok ne prekontrolisem windows od virusa. Igraju se igrice po netu pa bolje da pogledamo.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 01
Ran by Zo (administrator) on ZO-PC (05-05-2016 20:36:29)
Running from C:\Users\Zo\Desktop
Loaded Profiles: Zo (Available Profiles: Zo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Team17 Software Ltd) D:\INSTALACIJE\IGRICE (inst.)\Worms Armageddon v3.7.2.1\WA.exe
(TeamViewer GmbH) C:\Users\Zo\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Zo\AppData\Local\Temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\Zo\AppData\Local\Temp\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Users\Zo\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-09-30] (Scansoft, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [69632 2006-03-21] (ScanSoft, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2015-12-16] ()
HKU\S-1-5-21-2587672541-2013694922-133323328-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2587672541-2013694922-133323328-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2587672541-2013694922-133323328-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-2587672541-2013694922-133323328-1000\...\Run: [EpicScale] => 0
HKU\S-1-5-21-2587672541-2013694922-133323328-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2587672541-2013694922-133323328-1000\...\MountPoints2: {3fb40c94-525a-11e4-8c94-806e6f6e6963} - E:\DriverPackSolution.exe
HKU\S-1-5-21-2587672541-2013694922-133323328-1000\...\MountPoints2: {d48876be-63ef-11e4-8679-8c89a5ff2652} - H:\setup.exe
HKU\S-1-5-21-2587672541-2013694922-133323328-1000\...\MountPoints2: {fbe27b6f-764e-11e4-b943-8c89a5ff2652} - F:\HTC_Sync_Manager_PC.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{207EF93A-D8FC-4C3A-A5CC-7A9CED11A0F2}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{25C4231A-5F6E-49F7-BA9F-C7B1FC17E2E4}: [DhcpNameServer] 5.45.75.11 5.45.75.36
Tcpip\..\Interfaces\{B3144E25-3637-45C0-8FE5-45074F5DB521}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Zo\AppData\Roaming\Mozilla\Firefox\Profiles\eo0ZwTmY.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2587672541-2013694922-133323328-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2587672541-2013694922-133323328-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Zo\AppData\Roaming\Mozilla\Firefox\Profiles\eo0ZwTmY.default\Extensions\abs@avira.com [2014-10-12] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google документи) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google диск) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google табеле) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google документи офлајн) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Internet Speed Tracker) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinlofiojphnmpllecgejammnjcmeipf [2015-02-21]
CHR Extension: (Merry Christmas) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnmjckfjclclmjiekoibnmoglogldeh [2015-12-12]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Zo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 TeamViewer9; "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-04] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2212496 2014-07-04] (MediaTek Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-05 20:36 - 2016-05-05 20:36 - 00013173 _____ C:\Users\Zo\Desktop\FRST.txt
2016-05-05 20:36 - 2016-05-05 20:36 - 00000000 ____D C:\FRST
2016-05-05 20:35 - 2016-05-05 20:35 - 02379776 _____ (Farbar) C:\Users\Zo\Desktop\FRST64.exe
2016-05-04 22:15 - 2016-05-04 22:15 - 00322263 _____ C:\Users\Zo\Downloads\Strategija_2015-2018.pdf
2016-05-04 22:15 - 2016-05-04 22:15 - 00322263 _____ C:\Users\Zo\Downloads\Strategija_2015-2018 (1).pdf
2016-04-30 21:55 - 2016-04-30 21:55 - 00145408 _____ C:\Users\Zo\Downloads\ПРИЈАВА ЗА УЧЕШЋЕ НА РЕПУБЛИЧКОМ ФЕСТИВАЛУ (2) (1) (1).xls
2016-04-30 13:26 - 2016-04-30 21:48 - 00145408 _____ C:\Users\Zo\Desktop\ПРИЈАВА ЗА УЧЕШЋЕ НА РЕПУБЛИЧКОМ ФЕСТИВАЛУ (2) (1).xls
2016-04-30 11:31 - 2016-04-30 13:25 - 00141824 _____ C:\Users\Zo\Downloads\ПРИЈАВА ЗА УЧЕШЋЕ НА РЕПУБЛИЧКОМ ФЕСТИВАЛУ (2) (1).xls
2016-04-29 20:04 - 2016-04-29 21:49 - 00000000 ____D C:\Users\Zo\AppData\Local\Roblox
2016-04-29 19:54 - 2016-04-30 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2016-04-29 19:54 - 2016-04-29 19:54 - 00000000 ____D C:\ProgramData\Roblox
2016-04-29 19:53 - 2016-04-30 08:27 - 00000256 _____ C:\Users\Zo\AppData\LocalLow\rbxcsettings.rbx
2016-04-29 19:53 - 2016-04-29 19:53 - 00969584 _____ (ROBLOX Corporation) C:\Users\Zo\Downloads\RobloxPlayerLauncher (2).exe
2016-04-29 19:53 - 2016-04-29 19:53 - 00000000 ____D C:\Program Files (x86)\Roblox
2016-04-29 19:51 - 2016-04-29 19:52 - 00969584 _____ (ROBLOX Corporation) C:\Users\Zo\Downloads\RobloxPlayerLauncher (1).exe
2016-04-21 15:52 - 2016-04-21 15:53 - 06938829 _____ C:\Users\Zo\Downloads\SZSSI.rar
2016-04-10 10:58 - 2016-04-10 10:58 - 00208092 _____ C:\Users\Zo\Downloads\Zakon_o_saradnji_Crne_Gore_sa_iseljenicima.pdf
2016-04-08 14:49 - 2016-05-05 12:13 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-05 20:34 - 2014-10-12 18:00 - 00000000 ____D C:\Users\Zo\AppData\Roaming\Skype
2016-05-05 20:13 - 2009-07-14 06:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-05 20:13 - 2009-07-14 06:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-05 19:38 - 2014-10-12 16:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-05 12:17 - 2009-07-14 07:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-05 12:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-05 12:12 - 2014-10-12 16:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-05 12:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-04 15:28 - 2009-07-14 04:34 - 00000854 _____ C:\Windows\win.ini
2016-05-02 21:41 - 2014-10-12 16:54 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-24 14:48 - 2014-10-12 18:13 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-04-22 09:57 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 16:04 - 2016-03-19 18:22 - 00000000 ____D C:\Users\Zo\Downloads\SZSSI
2016-04-18 21:18 - 2014-12-05 18:58 - 00000029 _____ C:\Windows\popcinfo.dat
2016-04-09 10:23 - 2015-03-13 20:11 - 00043008 _____ C:\Users\Zo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-08 14:48 - 2016-01-10 16:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-08 14:48 - 2014-10-12 18:00 - 00000000 ____D C:\ProgramData\Skype
2016-04-05 10:05 - 2014-11-27 19:05 - 00000000 ____D C:\Users\Zo\Documents\FIFA 14

==================== Files in the root of some directories =======

2015-03-13 20:11 - 2016-04-09 10:23 - 0043008 _____ () C:\Users\Zo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-12 15:31 - 2014-10-12 15:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Zo\AppData\Local\Temp\AVG Toolbar v.9.23.exe
C:\Users\Zo\AppData\Local\Temp\avgnt.exe
C:\Users\Zo\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Zo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Zo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Zo\AppData\Local\Temp\Nero_keymaker.exe
C:\Users\Zo\AppData\Local\Temp\ochelper.exe
C:\Users\Zo\AppData\Local\Temp\offer-D1843ADE-D281-44FF-97D9-1E226877BD6F4.exe
C:\Users\Zo\AppData\Local\Temp\raptrpatch.exe
C:\Users\Zo\AppData\Local\Temp\raptr_stub.exe
C:\Users\Zo\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2014-10-12 15:04] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2014-10-12 15:04] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 10:38

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Cist PC. Logovi ne pokazuju tragove aktivne infekcije.

System Restore mu je disabled, bilo bi korisno da mu ga vratis u funkciju.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala. Ja sam ga iskljucio volim to da uradim, jer kad do infekcije dodje, virusi znaju da zlupotrebe ovu funkciju windowsa te da je koriste da bi se opet i opet instalirali.

• 1Ovo se svidja korisniku: SlobaBgd
  
  Registruj se da bi pohvalio/la poruku!

Ne funkcionise to bas tako. Njegov reset obavlja sav posao. A iz system restore-a nista ne moze samo da izadje...