|
Poslao: 07 Feb 2019 15:20
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Ovu temu sam postavio u podforumu aplikacije i niko nije odgovorio pa i ja sumnjam da je virus u pitanju . Naime od prenekoliko dana na svakih desetak minuta izlazi neka sistemska poruka koja nemoze da se iskljuci a pored toga u desnom uglu desktopa non stop izlaze obavestenja sa fejsa iako sam ih u podesavanjima iskljucio. Pokusao sam da izbrisem sa 3-4 anti malvare programa ali bez rezultata . Koristim win7 sa telekom internet konekcijom od 1mb
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 6-02-2019
Ran by miroslav (administrator) on MIROSLAV-PC (07-02-2019 14:54:12)
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav & Administrator & DefaultAppPool)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Slimjet\slimjet.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Iskysoft) C:\Program Files\iSkysoft\IAF\2.4.3.241\IsAppService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
() C:\Program Files\RocketDock\RocketDock.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe
(Viber Media S.Ã r.l.) C:\Users\miroslav\AppData\Local\Viber\Viber.exe
(© 2015 Microsoft Corporation) C:\Users\miroslav\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SRecorder LLC) C:\Program Files\SRecorder\SRecorder.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mobo, Inc.) C:\Program Files\Mobo\Service\MoboDeviceService.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
() C:\Users\miroslav\AppData\Roaming\System32\shosts.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Free Time Co., Ltd.) C:\Program Files\FormatFactory\FormatFactory.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(Mobo) C:\Program Files\Mobo\Service\MoboDeviceProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
() C:\Users\miroslav\AppData\Local\temp\colision\colision.exe
(Farbar) C:\Users\miroslav\Desktop\FRST (3).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (Borislav Surbat -> MyCity)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [uTorrent] => C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-15] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Viber] => C:\Users\miroslav\AppData\Local\Viber\Viber.exe [37073480 2019-01-30] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Skype for Desktop] => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe [50097088 2018-04-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [BingSvc] => C:\Users\miroslav\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Desktop Window Manager] => C:\Users\miroslav\AppData\Roaming\Desktop Window Manager\sysmon.exe [53248 2018-07-23] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [SRecorder] => C:\Program Files\SRecorder\SRecorder.exe [444560 2018-03-29] (АЙ СI СI, ТОВ -> SRecorder LLC)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Chromium] => c:\users\miroslav\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [KIGXU7RATZ] => "J:\GoogleSUI.js"
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Spybot-S&D Cleaning] => C:\Users\miroslav\Desktop\SpybotPortable\App\Spybot\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Sytes] => C:\Users\miroslav\AppData\Roaming\System32\shosts.exe [91136 2019-02-07] (CreateFileW function failed -> )
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\CurrentVersion\Windows: [Load] C:\Users\miroslav\AppData\Local\Temp\colision\colision.exe <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.I420] => C:\Windows\system32\lvcodec2.dll [305000 2012-09-21] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [284672 2018-01-28] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\system32\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-10-24] ()
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-07] (Google LLC -> Google Inc.)
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleSUI.js [2018-07-16] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HostUi.js [2018-07-23] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java Updates Scheduler.jse [2018-10-03] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.jse [2019-01-11] ()
BootExecute: autocheck autochk * aswBoot.exe /M:d5430a59a /dir:C:\Program
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{A1DE0E0E-1595-4216-B22A-8F4F035F1AB3}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-14] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-14] (Oracle America, Inc. -> Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7dpgcy0g.default-1516557775337
FF ProfilePath: C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 [2019-02-06]
FF Homepage: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> hxxp://www.msn.com/?pc=BDT1&ocid=BDT1DHP&osmkt=en-ww&DT=112618
FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled.
FF HomepageOverride: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> Disabled: {88faace4-5f02-4b64-84f6-fd8666fa3681}
FF Extension: (Tampermonkey) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\firefox@tampermonkey.net.xpi [2018-12-01]
FF Extension: (S3.Translator) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\s3google@translator.xpi [2018-10-25]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2019-01-09]
FF Extension: (Bing Homepage and Search Engine) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{88faace4-5f02-4b64-84f6-fd8666fa3681}.xpi [2018-12-14]
FF Extension: (Web of Trust) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-07-01]
FF Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-02]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-14] (Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default [2019-02-07]
CHR Extension: (Slides) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-29]
CHR Extension: (Docs) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-29]
CHR Extension: (Google Drive) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-02-06]
CHR Extension: (YouTube) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-16]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2019-02-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-25]
CHR Extension: (Gmail Offline) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2018-12-16]
CHR Extension: (Convertio) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppjkefeiehhflmgkhdooajgbkkegpcl [2018-11-12]
CHR Extension: (PanicButton) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2018-09-29]
CHR Extension: (Bing) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2019-02-06]
CHR Extension: (Sheets) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-16]
CHR Extension: (Guardio for Chrome) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2019-01-25]
CHR Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-09-29]
CHR Extension: (Onlive Clock) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2018-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-16]
CHR Extension: (Gmail) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-03]
CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
===================== Drivers (Whitelisted) ======================
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-07 14:54 - 2019-02-07 14:59 - 000019703 _____ C:\Users\miroslav\Desktop\FRST.txt
2019-02-07 14:54 - 2019-02-07 14:54 - 000063448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\efywzkyh.sys
2019-02-07 14:52 - 2019-02-07 14:53 - 001793024 _____ (Farbar) C:\Users\miroslav\Desktop\FRST (3).exe
2019-02-07 08:36 - 2019-02-07 08:36 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-06 16:58 - 2019-02-06 16:58 - 000850134 _____ C:\Users\miroslav\Desktop\video-1549455229.mp4
2019-02-06 16:44 - 2019-02-07 11:35 - 000000000 ____D C:\Users\miroslav\AppData\LocalLow\uTorrent
2019-02-06 11:40 - 2019-02-06 11:44 - 000003348 _____ C:\Windows\wininit.ini
2019-02-06 10:31 - 2019-02-06 11:51 - 000000000 ____D C:\AdwCleaner
2019-02-06 10:17 - 2019-02-06 10:18 - 000000000 ____D C:\Users\miroslav\Desktop\SpybotPortable
2019-02-06 10:05 - 2019-02-06 10:05 - 000000000 ____D C:\Users\miroslav\AppData\Local\Viber
2019-02-06 10:01 - 2019-02-07 08:37 - 000580384 _____ C:\Users\miroslav\AppData\Roaming\Sytes.exe
2019-02-04 10:16 - 2019-02-04 10:16 - 000441282 _____ C:\Users\miroslav\Desktop\[CrnaBerza]Remasterovani domaci filmovi RTS (2019) Komplet.torrent
2019-01-31 23:48 - 2019-02-03 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creation CorelDraw(12,X3,X4,X5,X6)Plug-in
2019-01-27 18:14 - 2019-01-27 18:14 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\PicPick
2019-01-27 18:14 - 2019-01-27 18:14 - 000000000 ____D C:\ProgramData\PicPick
2019-01-26 11:12 - 2019-01-26 11:12 - 000000000 ____D C:\Users\miroslav\Desktop\Q-DirPortable
2019-01-26 11:07 - 2019-01-26 11:07 - 000000000 ____D C:\Users\miroslav\Desktop\Web precice
2019-01-25 14:49 - 2019-01-25 14:51 - 000000000 ____D C:\ProgramData\iSkysoft
2019-01-25 14:49 - 2019-01-25 14:50 - 000000000 ____D C:\Program Files\iSkysoft
2019-01-25 14:47 - 2019-01-25 14:51 - 000000000 ____D C:\Users\Public\Documents\iSkysoft
2019-01-12 18:52 - 2019-01-30 10:28 - 000000000 ____D C:\Users\miroslav\Desktop\Stica cutter
2019-01-12 09:44 - 2019-01-12 09:44 - 000000068 ___SH C:\Users\miroslav\AppData\Roaming\.IgHiJkLiO
2019-01-10 22:14 - 2019-01-11 00:29 - 000001719 _____ C:\Users\miroslav\AppData\Roaming\Microsoft Corporation.jse
2019-01-09 09:50 - 2018-12-28 23:52 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-09 09:50 - 2018-12-28 20:51 - 004055272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-01-09 09:50 - 2018-12-28 20:51 - 003960552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-09 09:50 - 2018-12-28 20:51 - 001214696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 09:50 - 2018-12-28 20:51 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-01-09 09:50 - 2018-12-28 20:51 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-09 09:50 - 2018-12-28 20:51 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 09:50 - 2018-12-28 20:51 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-01-09 09:50 - 2018-12-28 20:51 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-01-09 09:50 - 2018-12-28 20:50 - 001310520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:31 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-01-09 09:50 - 2018-12-28 20:31 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-01-09 09:50 - 2018-12-28 20:31 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-01-09 09:50 - 2018-12-28 20:31 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-01-09 09:50 - 2018-12-28 20:30 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-01-09 09:50 - 2018-12-28 20:29 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-01-09 09:50 - 2018-12-28 20:29 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-01-09 09:50 - 2018-12-28 20:29 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-01-09 09:50 - 2018-12-28 20:27 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-01-09 09:50 - 2018-12-28 20:27 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-01-09 09:50 - 2018-12-28 20:27 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-09 09:50 - 2018-12-28 20:26 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-09 09:50 - 2018-12-28 20:26 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-01-09 09:50 - 2018-12-28 20:26 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-01-09 09:50 - 2018-12-28 20:26 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-01-09 09:50 - 2018-12-28 20:26 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-01-09 09:50 - 2018-12-28 20:26 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-01-09 09:50 - 2018-12-28 20:26 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-01-09 09:50 - 2018-12-28 20:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-01-09 09:50 - 2018-12-28 20:26 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-01-09 09:50 - 2018-12-28 20:26 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 20:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-01-09 09:50 - 2018-12-28 19:09 - 000419608 _____ C:\Windows\system32\locale.nls
2019-01-09 09:50 - 2018-12-28 00:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 09:50 - 2018-12-28 00:17 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-09 09:50 - 2018-12-28 00:17 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-09 09:50 - 2018-12-28 00:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-09 09:50 - 2018-12-28 00:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-09 09:50 - 2018-12-28 00:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-09 09:50 - 2018-12-28 00:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-09 09:50 - 2018-12-28 00:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-09 09:50 - 2018-12-28 00:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-09 09:50 - 2018-12-27 23:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-09 09:50 - 2018-12-27 23:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-09 09:50 - 2018-12-27 23:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-09 09:50 - 2018-12-27 23:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-09 09:50 - 2018-12-27 23:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-09 09:50 - 2018-12-27 23:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-09 09:50 - 2018-12-27 23:55 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-09 09:50 - 2018-12-27 23:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-09 09:50 - 2018-12-27 23:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-09 09:50 - 2018-12-27 23:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-09 09:50 - 2018-12-27 23:42 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-09 09:50 - 2018-12-27 23:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-09 09:50 - 2018-12-27 23:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-09 09:50 - 2018-12-27 23:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-09 09:50 - 2018-12-27 23:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-09 09:50 - 2018-12-27 23:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-09 09:50 - 2018-12-27 23:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-09 09:50 - 2018-12-27 23:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-09 09:50 - 2018-12-27 23:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-09 09:50 - 2018-12-27 23:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-09 09:50 - 2018-12-27 23:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-09 09:50 - 2018-12-27 23:29 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-09 09:50 - 2018-12-27 23:28 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-09 09:50 - 2018-12-27 23:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-09 09:50 - 2018-12-27 23:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 09:50 - 2018-12-27 23:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-09 09:50 - 2018-12-08 03:56 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2019-01-09 09:50 - 2018-12-08 03:56 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2019-01-09 09:50 - 2018-12-08 03:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2019-01-09 09:50 - 2018-12-08 03:41 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 09:50 - 2018-12-08 03:41 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-01-09 09:50 - 2018-12-08 03:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2019-01-09 09:50 - 2018-12-08 03:41 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2019-01-09 09:50 - 2018-12-08 03:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2019-01-09 09:50 - 2018-12-08 03:41 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-01-09 09:50 - 2018-12-07 16:33 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-07 14:59 - 2017-01-02 10:19 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\uTorrent
2019-02-07 14:57 - 2018-12-06 23:57 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\System32
2019-02-07 14:54 - 2018-12-02 23:51 - 000000000 ____D C:\FRST
2019-02-07 12:42 - 2016-10-09 13:31 - 000000000 ___RD C:\Users\miroslav\Desktop\video
2019-02-07 11:37 - 2016-12-28 13:46 - 000000000 ____D C:\ProgramData\MCShield
2019-02-07 09:07 - 2009-07-14 05:34 - 000020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-07 09:07 - 2009-07-14 05:34 - 000020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-07 09:02 - 2017-09-26 09:42 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-07 08:35 - 2016-12-28 11:24 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-07 08:35 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-07 00:19 - 2017-03-19 13:41 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\AVI ReComp
2019-02-06 23:18 - 2017-01-07 18:06 - 000000000 ____D C:\Users\miroslav\Documents\ViberDownloads
2019-02-06 16:57 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2019-02-06 11:54 - 2017-01-07 18:06 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\ViberPC
2019-02-06 11:07 - 2018-10-08 18:33 - 000000000 ____D C:\Program Files\Slimjet
2019-02-06 11:04 - 2016-11-29 17:40 - 000000212 __RSH C:\boot.ini
2019-02-04 22:57 - 2016-12-28 15:51 - 000000000 ____D C:\Users\miroslav\AppData\LocalLow\Mozilla
2019-02-04 18:05 - 2016-12-28 12:43 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\AIMP
2019-02-04 13:32 - 2016-12-28 10:55 - 000840900 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-04 13:32 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-02-03 19:21 - 2016-12-28 10:51 - 000000000 ____D C:\Users\miroslav
2019-02-03 19:20 - 2018-11-26 21:27 - 000000000 ____D C:\Users\Administrator
2019-02-03 19:20 - 2018-09-13 21:07 - 000000000 ____D C:\Users\DefaultAppPool
2019-02-03 19:20 - 2017-08-12 16:06 - 000000000 ____D C:\Program Files\BdTips
2019-02-03 19:20 - 2016-12-28 13:25 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\TeraCopy
2019-02-03 19:19 - 2016-12-28 15:51 - 000000000 ____D C:\Users\miroslav\AppData\Local\Mozilla
2019-02-03 19:19 - 2009-07-14 08:48 - 000000000 ___RD C:\Users\Public\Recorded TV
2019-02-03 19:19 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration
2019-02-03 16:25 - 2017-04-21 13:27 - 000000000 ____D C:\ProgramData\TEMP
2019-01-28 00:04 - 2017-05-06 13:59 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\vlc
2019-01-27 19:25 - 2018-11-24 19:42 - 000000400 __RSH C:\ProgramData\ntuser.pol
2019-01-23 17:11 - 2018-10-04 22:10 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-20 18:35 - 2018-07-23 13:37 - 000000068 ___SH C:\ProgramData\.IgHiJkLiO
2019-01-20 17:08 - 2017-01-08 11:37 - 000000000 ___SD C:\Users\miroslav\AppData\LocalLow\Temp
2019-01-12 09:40 - 2017-06-11 17:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-12 09:40 - 2016-12-28 16:26 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-01-10 11:34 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2019-01-09 23:38 - 2016-12-30 08:13 - 000000000 ____D C:\Windows\system32\MRT
2019-01-09 23:32 - 2016-12-30 08:13 - 129687688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-08 18:24 - 2017-02-24 14:34 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2019-01-08 18:24 - 2017-02-24 14:34 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-01-08 18:24 - 2017-02-24 14:34 - 000000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2018-08-20 08:05 - 2018-08-20 08:05 - 000000000 _____ () C:\ProgramData\BPSUnlock.exe
2019-01-12 09:44 - 2019-01-12 09:44 - 000000068 ___SH () C:\Users\miroslav\AppData\Roaming\.IgHiJkLiO
2018-04-08 22:21 - 2018-11-30 18:36 - 000001010 _____ () C:\Users\miroslav\AppData\Roaming\downloads.json
2018-07-24 04:43 - 2018-07-23 20:48 - 000000627 _____ () C:\Users\miroslav\AppData\Roaming\HostUi.js
2018-08-10 01:23 - 2018-08-10 01:16 - 000007748 _____ () C:\Users\miroslav\AppData\Roaming\Java Updates Scheduler.js
2018-10-03 23:56 - 2018-10-03 23:56 - 000001180 _____ () C:\Users\miroslav\AppData\Roaming\Java Updates Scheduler.jse
2019-01-10 22:14 - 2019-01-11 00:29 - 000001719 _____ () C:\Users\miroslav\AppData\Roaming\Microsoft Corporation.jse
2018-07-26 17:57 - 2018-09-23 18:21 - 000001049 _____ () C:\Users\miroslav\AppData\Roaming\MsqlHost.jse
2019-02-06 10:01 - 2019-02-07 08:37 - 000580384 _____ () C:\Users\miroslav\AppData\Roaming\Sytes.exe
2018-09-04 11:29 - 2018-09-04 11:29 - 000000010 _____ () C:\Users\miroslav\AppData\Roaming\Time.txt
2018-09-16 16:59 - 2018-09-17 14:57 - 000000031 ____H () C:\Users\miroslav\AppData\Roaming\__init.ini
2018-08-10 08:25 - 2018-08-10 08:25 - 000000068 ___SH () C:\Users\miroslav\AppData\Local\.IgHiJkLiO
2018-09-28 12:18 - 2018-09-28 15:09 - 000004608 _____ () C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-19 12:42 - 2018-12-19 12:42 - 000000843 _____ () C:\Users\miroslav\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
2019-02-06 11:54 - 2010-11-05 02:53 - 001717576 _____ (Microsoft Corporation) C:\Users\miroslav\AppData\Local\temp\.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe
[2018-10-12 12:24] - [2016-08-29 15:55] - 002392576 _____ (Microsoft Corporation) 72874A5C3D90F49775621714AF4AD00A
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-02 12:39
==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 10 Feb 2019 19:38
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.
C:\Users\miroslav\AppData\Roaming\System32\shosts.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [KIGXU7RATZ] => "J:\GoogleSUI.js"
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Sytes] => C:\Users\miroslav\AppData\Roaming\System32\shosts.exe [91136 2019-02-07] (CreateFileW function failed -> )
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\CurrentVersion\Windows: [Load] C:\Users\miroslav\AppData\Local\Temp\colision\colision.exe <==== ATTENTION
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleSUI.js [2018-07-16] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HostUi.js [2018-07-23] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java Updates Scheduler.jse [2018-10-03] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.jse [2019-01-11] ()
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\system32\Drivers\efywzkyh.sys:changelist [1898]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 [149]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
C:\Users\miroslav\AppData\Roaming\System32
C:\Users\miroslav\AppData\Local\Temp\colision\colision.exe
U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).
|
|
|
|
|
|
|
Poslao: 11 Feb 2019 08:49
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Fix result of Farbar Recovery Scan Tool (x86) Version: 10-02-2019
Ran by miroslav (11-02-2019 08:48:35) Run:1
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Users\miroslav\AppData\Roaming\System32\shosts.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [KIGXU7RATZ] => "J:\GoogleSUI.js"
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Sytes] => C:\Users\miroslav\AppData\Roaming\System32\shosts.exe [91136 2019-02-07] (CreateFileW function failed -> )
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\CurrentVersion\Windows: [Load] C:\Users\miroslav\AppData\Local\Temp\colision\colision.exe <==== ATTENTION
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleSUI.js [2018-07-16] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HostUi.js [2018-07-23] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java Updates Scheduler.jse [2018-10-03] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.jse [2019-01-11] ()
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\system32\Drivers\efywzkyh.sys:changelist [1898]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 [149]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
C:\Users\miroslav\AppData\Roaming\System32
C:\Users\miroslav\AppData\Local\Temp\colision\colision.exe
*****************
"C:\Users\miroslav\AppData\Roaming\System32\shosts.exe" => not found
"HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\KIGXU7RATZ" => removed successfully.
"HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Sytes" => not found
"HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load" => removed successfully.
C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleSUI.js => moved successfully
C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HostUi.js => moved successfully
C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java Updates Scheduler.jse => moved successfully
C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.jse => moved successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
"C:\Windows\system32\Drivers\efywzkyh.sys" => ":changelist" ADS not found.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":6ED8B881" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Users\miroslav\AppData\Roaming\System32 => moved successfully
"C:\Users\miroslav\AppData\Local\Temp\colision\colision.exe" => not found
==== End of Fixlog 08:48:40 ====
|
|
|
|
|
|
|
Poslao: 11 Feb 2019 19:46
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Reci mi kakvo je sada stanje sistema.
|
|
|
|
|
|
|
Poslao: 12 Feb 2019 10:03
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Vise ne izlazi poruka a za obavestenja sam nasao sta je bilo. Bila je ukljucena notifikacija , sada je i to uredu
|
|
|
|
|
|
|
Poslao: 12 Feb 2019 20:48
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish
Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.
• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.
Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.
Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.
• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.
|
|
|
|
|
|
|
|
|
Poslao: 14 Feb 2019 13:38
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
To bi bilo to.
Preimenuij FRST64 u uninstall i pokreni ga. To bi trebalo deinstalirati FRST.
|
|
|
|
|
|
|
Poslao: 14 Feb 2019 14:41
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Nije ga deinstalirao
|
|
|
|
|
|
|
|
Preuzmi "
Remove disinfection tools
