MyCity » Ambulanta -> Arhiva Ambulante » Paretologic

Paretologic

Napisano na dan: 2.6.2017

Paretologic

Odgovori

tacija Poslao: 02 Jun 2017 15:52 Idi na vrh
offline tacija Počasni građanin Miroslav Tanaskovic Gradjevinski tehnicar Pridružio: 02 Jan 2009 Poruke: 787 Gde živiš: Cacak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Od juce mi se na racunaru pojavio instaliran neki program Paraetologic tako da u chrome-u nemogu da otvorim pocetnu stranicu. Nevidim ga nigde , ni u control panelu ni u you instaleru da bi mogao da ga uklonim. Pokusao sam sa adwcleanerom on ga navodno izbrise ali posle restarta opet je tu. Pokusao sam i sa MBAM ali isto, Evo izvestaja od ADWC https://www.mycity.rs/must-login.png Ovakva stranica izlazi u Chrome kad pokusam da otvorim pocetnu stranicu Evo izvestaja: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-06-2017 Ran by miroslav (administrator) on MIROSLAV-PC (02-06-2017 16:31:29) Running from C:\Users\miroslav\Desktop Loaded Profiles: miroslav (Available Profiles: miroslav) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe (Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe (Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe () C:\Program Files\RocketDock\RocketDock.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe (Viber Media S.Ã r.l.) C:\Users\miroslav\AppData\Local\Viber\Viber.exe (Innovative Digital Technologies) C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe (BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe (BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Innovative Digital Technologies) C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-15] (Microsoft Corporation) HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [90112 2008-12-11] (Leadtek Research Inc.) HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [162304 2008-09-27] (ArcSoft Inc.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM\ DisallowedCertificates: 1916A2AF346D399F50313C393200F14140456616 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 6431723036FD26DEA502792FA595922493030F97 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: B533345D06F64516403C00DA03187D3BFEF59156 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: CEA586B2CE593EC7D939898337C57814708AB2BE (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (Avast Antivirus/Software) <==== ATTENTION HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2908160 2008-12-19] (Leadtek Research Inc.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [uTorrent] => C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-20] (BitTorrent Inc.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Viber] => C:\Users\miroslav\AppData\Local\Viber\Viber.exe [31014992 2017-05-25] (Viber Media S.Ã r.l.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [AceStream] => C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2017-03-20] (Innovative Digital Technologies) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: J - J:\AutoRun.exe HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: {e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} - J:\AutoRun.exe GroupPolicy: Restriction ? <======= ATTENTION GroupPolicy\User: Restriction ? <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{A1DE0E0E-1595-4216-B22A-8F4F035F1AB3}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-28] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-28] (Oracle Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 7ostk6yx.default FF ProfilePath: C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default [2017-06-02] FF NewTab: Mozilla\Firefox\Profiles\7ostk6yx.default -> about:newtab FF Homepage: Mozilla\Firefox\Profiles\7ostk6yx.default -> www.google .com FF Session Restore: Mozilla\Firefox\Profiles\7ostk6yx.default -> is enabled. FF Keyword.URL: Mozilla\Firefox\Profiles\7ostk6yx.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BA1319EBC-C2B0-4125-B64C-C7348CA2A55D%7D&gp=811037 FF Extension: (Intersection Observer API) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\intersection-observer-beta54@experiments.mozilla.org.xpi [2017-05-12] FF Extension: (S3.Google Translator) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\s3google@translator.xpi [2017-04-03] FF Extension: (FlashGot) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-28] FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2017-05-06] FF Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09] FF Extension: (Adblock Plus) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-26] FF Extension: (User Agent Switcher) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-05-13] FF Extension: (Firefox Screenshots) - C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi [2017-05-08] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] () FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-28] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-28] (Oracle Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin HKU\S-1-5-21-961669800-890686474-1414387024-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\miroslav\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex","hxxp://mail.ru/cnt/10445?gp=811040" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default [2017-06-02] CHR Extension: (Google диск) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-28] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-03-08] CHR Extension: (Turtle) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjoabbgdgocpncdlhlfhbaocdddffjf [2016-12-28] CHR Extension: (YouTube) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28] CHR Extension: (SearchApp) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhnpdaebmmdgfkenahlnpilbgmbekjb [2017-05-25] CHR Extension: (Gmail ван мреже) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-12-28] CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-05-31] CHR Extension: (New Tab - Winter Animation) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2017-06-02] CHR Extension: (Nemoze da se izbrise) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid [2016-12-28] CHR Extension: (Ace Stream Web Extension) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-05-04] CHR Extension: (Onlive Clock) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2016-12-28] CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-28] CHR Extension: (Chrome Media Router) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13] CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-09-23] (ArcSoft Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-15] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-15] (Microsoft Corporation) R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-10-07] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed] R2 Unchecky; C:\Program Files\Unchecky\bin\Unchecky_svc.exe [160208 2016-12-28] (RaMMicHaeL) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-27] (Logitech Inc.) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [220088 2017-06-02] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation) R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-27] (Logitech Inc.) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) R3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [561920 2008-11-19] (eMPIA Technology, Inc.) R3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [455168 2008-11-19] (eMPIA Technology, Inc.) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-02 16:32 - 2017-06-02 16:32 - 00000629 _____ C:\Users\miroslav\Desktop\zcv.txt 2017-06-02 16:31 - 2017-06-02 16:32 - 00021030 _____ C:\Users\miroslav\Desktop\FRST.txt 2017-06-02 16:31 - 2017-06-02 16:31 - 00000000 ____D C:\FRST 2017-06-02 16:30 - 2017-06-02 16:30 - 01773568 _____ (Farbar) C:\Users\miroslav\Desktop\FRST.exe 2017-06-02 12:46 - 2017-06-02 12:47 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\.ACEStream 2017-06-02 12:41 - 2017-06-02 12:41 - 00009971 _____ C:\Users\miroslav\Desktop\AdwCleaner[C3].txt 2017-06-02 11:15 - 2017-06-02 12:18 - 3387684000 _____ C:\Users\miroslav\Desktop\Goodbye Emmanuelle 1977 720p BRRip x264 French AAC.mkv 2017-06-02 10:53 - 2017-06-02 11:15 - 1255562070 _____ C:\Users\miroslav\Desktop\Sindjelici.S04E52.TVRip.DivX.mkv 2017-05-30 18:44 - 2017-06-01 10:04 - 00000000 ____D C:\Users\miroslav\Desktop\GIMPPortable 2017-05-30 17:22 - 2017-05-30 17:22 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\Adobe 2017-05-30 16:33 - 2017-05-30 16:40 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\PhotoScape 2017-05-30 09:59 - 2017-05-30 10:01 - 00000000 ____D C:\Users\miroslav\AppData\Local\Viber 2017-05-27 15:52 - 2017-05-27 15:52 - 00000000 ____D C:\Program Files\Common Files\Skype 2017-05-26 18:10 - 2017-06-02 09:23 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-05-26 10:04 - 2017-05-26 10:06 - 00000000 ____D C:\Program Files\PowerDataRecovery 2017-05-26 10:04 - 2017-05-26 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.6 2017-05-25 23:16 - 2017-05-26 11:23 - 00000000 ____D C:\Program Files\DDR - Removable Media(Demo) 2017-05-25 18:55 - 2017-05-25 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub 2017-05-25 18:55 - 2017-05-25 18:55 - 00000000 ____D C:\Program Files\Gabest 2017-05-25 18:54 - 2017-05-25 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid 2017-05-25 18:54 - 2017-05-25 18:54 - 00000000 ____D C:\Program Files\Xvid 2017-05-25 18:54 - 2011-05-30 15:42 - 00240640 _____ C:\Windows\system32\xvidvfw.dll 2017-05-25 18:54 - 2011-05-23 11:52 - 00153088 _____ C:\Windows\system32\xvid.ax 2017-05-25 18:54 - 2011-05-23 09:46 - 00645632 _____ C:\Windows\system32\xvidcore.dll 2017-05-25 18:53 - 2017-05-25 18:53 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2017-05-25 18:53 - 2017-05-25 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2017-05-25 18:53 - 2017-05-25 18:53 - 00000000 ____D C:\Program Files\AviSynth 2.5 2017-05-25 18:52 - 2017-05-25 18:55 - 00000000 ____D C:\Program Files\AVI ReComp 2017-05-25 18:52 - 2017-05-25 18:52 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVI ReComp 2017-05-25 17:05 - 2017-05-25 18:46 - 00000000 ____D C:\Program Files\PhotoRescue Expert PC Demo 2017-05-25 11:28 - 2017-05-25 11:28 - 00000000 ____D C:\Program Files\EaseUS 2017-05-24 11:40 - 2017-05-24 11:41 - 00000000 ____D C:\Users\miroslav\Documents\Freemake 2017-05-24 11:40 - 2017-05-24 11:40 - 00000000 ____D C:\ProgramData\Freemake 2017-05-23 20:43 - 2017-05-25 09:23 - 00000000 ____D C:\Program Files\Recuva 2017-05-23 19:30 - 2017-05-26 11:26 - 00000000 ____D C:\Program Files\ZAR 2017-05-20 12:00 - 2017-06-02 12:44 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\uTorrent 2017-05-10 08:33 - 2017-04-28 02:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2017-05-10 08:33 - 2017-04-28 02:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-05-10 08:33 - 2017-04-28 02:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-05-10 08:33 - 2017-04-28 02:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-05-10 08:33 - 2017-04-28 02:34 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-05-10 08:33 - 2017-04-28 02:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2017-05-10 08:33 - 2017-04-28 02:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-05-10 08:33 - 2017-04-28 02:11 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-05-10 08:33 - 2017-04-28 02:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-05-10 08:33 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-05-10 08:33 - 2017-04-28 02:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-05-10 08:33 - 2017-04-28 02:09 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2017-05-10 08:33 - 2017-04-28 02:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-05-10 08:33 - 2017-04-28 02:07 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-05-10 08:33 - 2017-04-28 02:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-05-10 08:33 - 2017-04-28 02:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-05-10 08:33 - 2017-04-28 02:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-05-10 08:33 - 2017-04-28 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-05-10 08:33 - 2017-04-28 02:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-05-10 08:33 - 2017-04-26 16:51 - 02400768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-05-10 08:33 - 2017-04-21 17:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 16:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll 2017-05-10 08:33 - 2017-04-17 16:51 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2017-05-10 08:33 - 2017-04-17 16:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 16:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 16:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2017-05-10 08:33 - 2017-04-17 16:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2017-05-10 08:33 - 2017-04-12 17:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2017-05-10 08:33 - 2017-04-12 17:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2017-05-10 08:33 - 2017-04-12 17:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2017-05-10 08:33 - 2017-04-12 17:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2017-05-10 08:33 - 2017-04-07 17:26 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-05-10 08:33 - 2017-04-07 17:26 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-05-10 08:33 - 2017-04-07 17:21 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-05-10 08:33 - 2017-04-07 17:20 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2017-05-10 08:33 - 2017-04-05 17:00 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-05-10 08:33 - 2017-04-05 17:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-05-10 08:33 - 2017-04-05 17:00 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-05-10 08:33 - 2017-04-04 17:25 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-05-10 08:33 - 2017-04-04 17:25 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2017-05-10 08:33 - 2017-04-04 17:25 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2017-05-10 08:33 - 2017-04-04 16:52 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2017-05-10 08:33 - 2017-04-04 16:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-05-10 08:33 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll 2017-05-10 08:33 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2017-05-10 08:33 - 2017-03-10 17:52 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe 2017-05-10 08:33 - 2017-03-10 17:51 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2017-05-10 08:33 - 2017-03-10 17:51 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys 2017-05-10 08:33 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-05-06 14:59 - 2017-05-06 15:02 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\vlc 2017-05-06 14:58 - 2017-05-06 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2017-05-06 14:58 - 2017-05-06 14:58 - 00000000 ____D C:\Program Files\VideoLAN 2017-05-03 23:44 - 2017-06-02 12:30 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\ACEStream ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-02 16:28 - 2017-01-02 11:19 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\uTorrent 2017-06-02 16:23 - 2017-04-22 11:29 - 00000000 ____D C:\AdwCleaner 2017-06-02 12:56 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-06-02 12:56 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-06-02 12:54 - 2016-12-28 16:51 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\Mozilla 2017-06-02 12:46 - 2017-01-07 19:06 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\ViberPC 2017-06-02 12:44 - 2016-12-28 14:46 - 00000000 ____D C:\ProgramData\MCShield 2017-06-02 12:43 - 2017-02-18 11:35 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-06-02 12:43 - 2016-12-28 12:24 - 00000000 ____D C:\ProgramData\NVIDIA 2017-06-02 12:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-02 09:23 - 2016-12-28 17:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-06-01 18:44 - 2017-04-21 14:27 - 00000000 ____D C:\ProgramData\TEMP 2017-06-01 16:37 - 2017-01-07 19:06 - 00000000 ____D C:\Users\miroslav\Documents\ViberDownloads 2017-05-30 22:45 - 2016-12-28 12:08 - 00456360 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-05-30 19:19 - 2016-12-28 11:51 - 00000000 ____D C:\Users\miroslav 2017-05-30 10:49 - 2016-12-28 11:55 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2017-05-30 10:49 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf 2017-05-29 22:35 - 2016-12-28 14:05 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Skype 2017-05-27 15:53 - 2016-12-28 13:44 - 00000000 ____D C:\ProgramData\Skype 2017-05-27 15:52 - 2017-04-08 14:46 - 00000000 ___RD C:\Program Files\Skype 2017-05-27 15:35 - 2017-03-19 14:41 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\AVI ReComp 2017-05-26 12:00 - 2016-12-28 13:43 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\AIMP 2017-05-26 11:34 - 2016-12-28 12:18 - 00000000 ____D C:\Users\miroslav\Desktop\Precice 2017-05-25 11:30 - 2016-12-28 14:45 - 00000000 ____D C:\ProgramData\Unchecky 2017-05-23 22:35 - 2016-12-30 09:13 - 00000000 ____D C:\Windows\system32\MRT 2017-05-23 22:30 - 2016-12-30 09:13 - 129479984 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-05-15 16:01 - 2016-10-09 14:31 - 00000000 ___RD C:\Users\miroslav\Desktop\video 2017-05-12 19:46 - 2016-12-28 12:11 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-11 20:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2017-05-11 17:24 - 2009-07-14 06:33 - 00279304 _____ C:\Windows\system32\FNTCACHE.DAT 2017-05-09 12:26 - 2017-02-24 15:34 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-05-09 12:26 - 2017-02-24 15:34 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-05-09 12:25 - 2017-02-24 15:34 - 00000000 ____D C:\Windows\system32\Macromed ==================== Files in the root of some directories ======= 2017-01-20 18:26 - 2017-01-20 18:26 - 0000017 _____ () C:\Users\miroslav\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== 2016-09-15 02:00 - 2016-09-15 02:00 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\miroslav\AppData\Local\Temp\libeay32.dll 2016-09-15 02:00 - 2016-09-15 02:00 - 0970912 _____ (Microsoft Corporation) C:\Users\miroslav\AppData\Local\Temp\msvcr120.dll 2016-09-15 02:00 - 2016-09-15 02:00 - 0772672 _____ () C:\Users\miroslav\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-02 13:57 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 02 Jun 2017 18:57 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. GroupPolicy: Restriction ? <======= ATTENTION GroupPolicy\User: Restriction ? <======= ATTENTION CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex","hxxp://mail.ru/cnt/10445?gp=811040" CHR Extension: (SearchApp) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhnpdaebmmdgfkenahlnpilbgmbekjb [2017-05-25] CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-05-31] CHR Extension: (Nemoze da se izbrise) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid [2016-12-28] U okviru Notepad-a klikni na File --> Save As Pod Encoding izaberi UTF-8. Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Profil

tacija Poslao: 02 Jun 2017 20:35 Idi na vrh
offline tacija Počasni građanin Miroslav Tanaskovic Gradjevinski tehnicar Pridružio: 02 Jan 2009 Poruke: 787 Gde živiš: Cacak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fix result of Farbar Recovery Scan Tool (x86) Version: 02-06-2017 Ran by miroslav (02-06-2017 21:28:24) Run:1 Running from C:\Users\miroslav\Desktop Loaded Profiles: miroslav (Available Profiles: miroslav) Boot Mode: Normal ============================================== fixlist content: *************** GroupPolicy: Restriction ? <======= ATTENTION GroupPolicy\User: Restriction ? <======= ATTENTION CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex","hxxp://mail.ru/cnt/10445?gp=811040" CHR Extension: (SearchApp) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhnpdaebmmdgfkenahlnpilbgmbekjb [2017-05-25] CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-05-31] CHR Extension: (Nemoze da se izbrise) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid [2016-12-28] *************** C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\system32\GroupPolicy\User => moved successfully Chrome StartupUrls => removed successfully. C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhnpdaebmmdgfkenahlnpilbgmbekjb => moved successfully C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm => moved successfully C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid => moved successfully The system needed a reboot. ==== End of Fixlog 21:28:25 ====

Profil

Sass Drake Poslao: 02 Jun 2017 21:13 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

tacija Poslao: 03 Jun 2017 07:08 Idi na vrh
offline tacija Počasni građanin Miroslav Tanaskovic Gradjevinski tehnicar Pridružio: 02 Jan 2009 Poruke: 787 Gde živiš: Cacak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Popravljeno ,super sve je u redu

Profil

Sass Drake Poslao: 03 Jun 2017 17:22 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! • Sledeća procedura će implementirati završno čišćenje. Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop. Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija; Remove disinfection tools Create registry backup Purge System Restore Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad. Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani. Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt) Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Paretologic

Ko je trenutno na forumu

Ukupno su 1249 korisnika na forumu :: 58 registrovanih, 5 sakrivenih i 1186 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, _Petar, A.R.Chafee.Jr., Aleksandar Tomić, aramis s, bokisha253, brundo65, BSD, Bubimir, cer, cinoeye, delrey, DPera, Excalibur13, flash12, Frunze, gmlale, havoc995, HrcAk47, ivica976, JOntra, jukeboxer, Klecaviks, kokodakalo, Kubovac, kunktator, ljuba, LUDI, Marko Marković, mercedesamg, Ne doznajem se u oružje, Nemanja.M, nemkea71, novator, nuke92, oldtimer, ozzy, pacika, pein, robert1979, rovac, sasa87, Shinobi, SR-3m, Srki94, stegonosa, Toper, vladaa012, vladulns, vobo, voja64, wizzardone, Wrangler, yufighter, zeo, zixmix, zlaya011, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by