Svchost.exe problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav!

Ogroman problem sa svchost.exe. Ne mogu da ga skinem antivirusom, uporno se vraća.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Phoenix (administrator) on PHOENIX-PC (11-11-2017 02:02:37)
Running from C:\Users\Phoenix\Desktop
Loaded Profiles: Phoenix (Available Profiles: Phoenix & postgres)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
() C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
() C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\MobileBrServ\mbbService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\ProgramData\OnlineUpdate\ouc.exe
() C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
() C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [549600 2017-11-10] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [281872 2017-11-11] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3609400 2017-11-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [628760 2017-11-11] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\Run: [] => [X]
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [886592 2017-11-11] ()
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {01006375-015b-11e6-a91a-94de800f2cfb} - G:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {01006383-015b-11e6-a91a-94de800f2cfb} - G:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {3bde2c4a-ba1d-11e6-afeb-94de800f2cfb} - G:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {aa5bf3fd-b476-11e3-9e9b-94de800f2d19} - H:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {aa5bf3ff-b476-11e3-9e9b-94de800f2d19} - H:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk [2017-10-06]
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Token Manager.lnk [2017-07-26]
ShortcutTarget: Token Manager.lnk -> C:\Program Files\NetSeT\TrustEdgeID\TokenUtil.exe (NetSeT Global Solutions d.o.o.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{023E46F2-FCB9-4EC6-8DC1-D68589C478F6}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{2024E1B4-1D37-4023-8DA1-1FBEF57B0A63}: [NameServer] 172.21.21.157 172.21.21.158
Tcpip\..\Interfaces\{535083ED-7D87-4B27-93CB-21E8B90C70A4}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{6B62871F-1A70-4B36-BD88-86D7CD6FF927}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E6CA682D-715A-42B0-A141-3E4DBCA10397}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1638686990-3675606546-2166461290-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={07450843-47CD-47F8-AF55-04377E0B94E2}&mid=dedaa56e0bc347d28e344597c6ebc508-867c6d0bae92026b94a60f62372b585a1c7e35f1&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516avz&pr=fr&d=2016-05-10 17:08:47&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1638686990-3675606546-2166461290-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={07450843-47CD-47F8-AF55-04377E0B94E2}&mid=dedaa56e0bc347d28e344597c6ebc508-867c6d0bae92026b94a60f62372b585a1c7e35f1&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516avz&pr=fr&d=2016-05-10 17:08:47&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1638686990-3675606546-2166461290-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10285__160518__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2013-03-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2013-03-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-09] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-1638686990-3675606546-2166461290-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default [2017-11-11]
FF NewTab: Mozilla\Firefox\Profiles\xmwyxlfj.default -> hxxp://www.google.com/
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xmwyxlfj.default -> AVG Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\xmwyxlfj.default -> default-search.net
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xmwyxlfj.default -> Yahoo®
FF Homepage: Mozilla\Firefox\Profiles\xmwyxlfj.default -> hxxp://www.google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\xmwyxlfj.default -> hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=544&src=ds&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\xmwyxlfj.default -> socks_remote_dns", true
FF Extension: (German Dictionary) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-12-03]
FF Extension: (Youtube Downloader - 4K Download) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\paulsaintuzb@gmail.com [2016-07-31]
FF Extension: (Save as PDF) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2017-11-10]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-08]
FF Extension: (Srpski rečnik) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\Srpski_latinica@dictionaries.addons.mozilla.org.xpi [2016-06-14]
FF Extension: (Video DownloadHelper) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-21]
FF Extension: (Adblock Plus) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF Extension: (DownThemAll!) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29]
FF Extension: (Web2PDF converter) - C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\xmwyxlfj.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-07-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-15] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2015-02-03] ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-02-03] (Unauthorized copy)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-01-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-01-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-01-11] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-01-11] (RealPlayer)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.mysites123.com/?type=hp&ts=1451294164&z=480a14058bc99e2a66f3cc2g3z1w0g4obt5zcg9qdz&from=amt&uid=st31000524as_9vpfj9fwxxxx9vpfj9fw
CHR Profile: C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default [2017-11-11]
CHR Extension: (Презентације) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Документи) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google диск) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-06]
CHR Extension: (Табеле) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google документи офлајн) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-09]
CHR Extension: (Save as PDF) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2017-11-10]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-05-21]
CHR Extension: (Gmail) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Phoenix\AppData\Local\Google\Chrome\User Data\default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [303616 2017-11-11] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [119416 2017-11-10] () [File not signed]
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [184616 2017-11-11] () [File not signed]
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [184616 2017-11-11] () [File not signed]
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [179208 2016-02-10] ()
S3 FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1115952 2017-11-10] () [File not signed]
S3 fsssvc; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1554112 2017-11-11] () [File not signed]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [185672 2017-11-11] () [File not signed]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [185672 2017-11-11] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [111104 2017-11-10] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [218848 2017-11-10] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [115200 2017-11-10] () [File not signed]
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [438736 2017-11-10] () [File not signed]
R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] ()
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [217040 2017-11-11] () [File not signed]
S2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation)
S2 mts mobilni internet. RunOuc; C:\Program Files (x86)\mts mobilni internet\UpdateDog\ouc.exe [693328 2017-11-11] () [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-06-01] (Nalpeiron Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-09-19] (NVIDIA Corporation)
S2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-02] (PostgreSQL Global Development Group) [File not signed]
R2 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2016-02-10] (Mentor Graphics Corporation)
R2 RepetierServer; C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe [5970792 2016-12-08] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [779088 2017-11-11] () [File not signed]
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [358880 2017-11-11] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [120832 2017-11-10] () [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [654528 2017-11-11] () [File not signed]
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [785160 2017-11-11] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [558568 2017-11-10] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2016-03-30] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-20] (DT Soft Ltd)
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-12-10] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376704 2013-12-10] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-25] (Malwarebytes)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 nrtap; C:\Windows\System32\DRIVERS\nrtap.sys [29696 2009-09-01] (NeoRouter Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-05-25] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 TodosAgmII; C:\Windows\System32\Drivers\AgmIIusb.sys [25088 2007-01-22] (Todos Data System AB)
S1 ArcSec; system32\drivers\ArcSec.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 iusb3hub; system32\DRIVERS\iusb3hub.sys [X]
S3 iusb3xhc; system32\DRIVERS\iusb3xhc.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3\WNt500x64\Sandra.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-11 02:02 - 2017-11-11 02:09 - 000032763 _____ C:\Users\Phoenix\Desktop\FRST.txt
2017-11-11 02:02 - 2017-11-11 02:02 - 000000000 ____D C:\FRST
2017-11-11 02:01 - 2017-11-11 02:01 - 002403328 _____ (Farbar) C:\Users\Phoenix\Desktop\FRST64.exe
2017-11-11 01:43 - 2017-11-11 02:01 - 010435192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-11 01:00 - 2017-11-11 01:27 - 000004852 _____ C:\Users\Phoenix\Desktop\Rkill.txt
2017-11-11 00:41 - 2017-11-11 01:49 - 000000000 ____D C:\ProgramData\OnlineUpdate
2017-11-11 00:41 - 2017-11-11 00:41 - 000000000 ____D C:\ProgramData\log
2017-11-10 23:45 - 2017-11-10 23:45 - 000003526 _____ C:\Windows\System32\Tasks\{417A3C6A-A30F-41EF-AFEB-8AFA807932A4}
2017-11-10 23:40 - 2017-11-11 02:02 - 000000071 _____ C:\Windows\directx.sys
2017-11-10 23:39 - 2017-11-11 01:48 - 000041472 _____ C:\Windows\svchost.com
2017-11-10 22:46 - 2017-11-10 22:46 - 000000000 ____D C:\Users\Phoenix\AppData\Local\Tempzxpsignb8a737a7d38fc55d
2017-11-09 22:51 - 2017-11-09 22:51 - 000000000 ____D C:\Users\Phoenix\AppData\Local\Tempzxpsign935c61aa06c8ebf0
2017-11-07 17:57 - 2017-11-07 17:57 - 000000038 _____ C:\Users\Phoenix\Desktop\Suzanina svekrva.txt
2017-11-06 13:25 - 2017-11-06 13:28 - 000000000 ____D C:\Users\Phoenix\AppData\OICE_15_974FA576_32C1D314_173A
2017-11-06 13:11 - 2017-11-06 13:11 - 000000000 ____D C:\Users\Phoenix\AppData\LocalLow\BitTorrent
2017-11-04 23:57 - 2017-11-10 21:00 - 000003144 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTask
2017-11-04 16:24 - 2017-11-05 16:02 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-04 16:24 - 2017-11-04 16:24 - 000002007 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-11-04 10:50 - 2017-11-04 12:48 - 000000000 ____D C:\Users\Phoenix\Desktop\Adobe Acrobat
2017-11-04 10:37 - 2017-11-04 10:37 - 000000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2017-11-03 03:43 - 2017-11-03 03:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-03 00:08 - 2017-11-04 15:43 - 000000000 ____D C:\Users\Phoenix\Desktop\Adobe Acrobat XI
2017-11-01 12:58 - 2017-11-01 12:58 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-11-01 12:58 - 2017-11-01 12:58 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-10-31 18:17 - 2017-10-31 18:17 - 000000000 ____D C:\Users\Phoenix\AppData\Local\Tempzxpsign8823cc5bee36a9e2
2017-10-24 23:38 - 2017-10-24 23:38 - 180220107 _____ C:\Users\Phoenix\Desktop\00001.pdf
2017-10-23 17:21 - 2017-10-23 17:21 - 000000000 ____D C:\Users\Phoenix\AppData\Local\Tempzxpsign32727630e7207061
2017-10-20 14:29 - 2017-10-20 14:29 - 000000000 ____D C:\Users\Phoenix\AppData\OICE_15_974FA576_32C1D314_4B7
2017-10-18 22:27 - 2017-10-18 22:27 - 000000731 _____ C:\Users\Phoenix\Desktop\Desktop 18 10 2017 - Shortcut.lnk
2017-10-18 21:37 - 2016-11-14 10:45 - 000615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-10-14 17:31 - 2017-10-14 17:31 - 000000000 ____D C:\Users\Phoenix\AppData\Local\Tempzxpsign9be95794d3a5fc26
2017-10-12 22:39 - 2017-10-12 22:40 - 000000000 ____D C:\Users\Phoenix\Documents\Overwatch
2017-10-12 22:39 - 2017-10-12 22:39 - 000000441 _____ C:\Users\Public\Desktop\Overwatch.lnk
2017-10-12 22:39 - 2017-10-12 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-11 02:00 - 2009-07-14 05:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-11 02:00 - 2009-07-14 05:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-11 01:50 - 2013-09-05 20:09 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-11 01:47 - 2017-07-01 10:35 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-11-11 01:47 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-11 01:38 - 2015-12-28 14:22 - 000000000 ____D C:\Users\Phoenix\AppData\Roaming\uTorrent
2017-11-11 01:30 - 2009-07-14 06:13 - 000923080 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-11 01:30 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-11 01:23 - 2016-09-29 22:48 - 347389952 _____ C:\Users\Phoenix\AppData\Local\SageThumbs.db3
2017-11-11 01:10 - 2016-05-25 14:09 - 000000000 ____D C:\EEK
2017-11-11 01:07 - 2013-08-22 11:36 - 000000000 ____D C:\Users\Phoenix\AppData\Roaming\BitTorrent
2017-11-11 01:06 - 2013-09-03 22:16 - 000000000 ____D C:\Users\Phoenix\AppData\Local\CrashDumps
2017-11-11 01:00 - 2009-07-14 06:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-11 00:52 - 2013-08-22 10:53 - 000002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-11 00:45 - 2013-08-19 17:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-11 00:41 - 2014-05-01 15:48 - 000000000 ____D C:\Users\postgres
2017-11-11 00:19 - 2013-09-08 17:31 - 000000000 ____D C:\Users\Phoenix\AppData\LocalLow\Temp
2017-11-11 00:19 - 2013-08-20 15:33 - 000000000 ____D C:\Users\Phoenix\AppData\Roaming\Skype
2017-11-11 00:17 - 2016-02-19 17:03 - 000964864 _____ C:\Users\Phoenix\Desktop\rufus-2.7.exe
2017-11-11 00:09 - 2015-05-07 11:34 - 000163678 _____ C:\Users\Beogrid\BEOGRID StrongDC.exe
2017-11-10 23:40 - 2017-07-01 10:35 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-11-10 23:24 - 2013-08-19 16:59 - 000000000 ____D C:\Users\Phoenix\AppData\Roaming\Adobe
2017-11-10 23:08 - 2013-08-21 20:22 - 000000000 ____D C:\Users\Phoenix\AppData\Roaming\vlc
2017-11-10 12:45 - 2016-09-20 13:33 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-11-09 14:20 - 2014-04-24 13:03 - 000000636 _____ C:\Users\Phoenix\Desktop\mirko.lnk
2017-11-09 09:34 - 2016-04-28 00:02 - 000000033 _____ C:\Users\Phoenix\AppData\Roaming\AdobeWLCMCache.dat
2017-11-07 00:16 - 2016-11-25 01:20 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-11-06 17:41 - 2013-09-05 12:05 - 000000000 ____D C:\Users\Phoenix\AppData\Roaming\onOne Software
2017-11-05 22:33 - 2013-09-11 03:10 - 000000132 _____ C:\Users\Phoenix\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-11-05 16:03 - 2015-03-31 09:59 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-04 21:18 - 2017-09-25 20:58 - 000000000 ____D C:\Users\Phoenix\Desktop\USB i Knjiga
2017-11-04 16:27 - 2013-08-19 16:59 - 000000000 ____D C:\Users\Phoenix\AppData\Local\Adobe
2017-11-04 16:24 - 2013-08-19 17:03 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-04 16:20 - 2013-08-19 16:59 - 000000000 ____D C:\ProgramData\Adobe
2017-11-04 11:25 - 2017-07-01 10:35 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-04 10:38 - 2013-08-23 15:40 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-11-04 10:32 - 2013-08-30 19:57 - 000000000 ____D C:\Program Files\Adobe
2017-11-03 21:07 - 2013-08-20 15:30 - 000000000 ____D C:\Users\Phoenix\AppData\Roaming\DAEMON Tools Lite
2017-10-24 23:00 - 2017-09-27 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 2017 (64-bit)
2017-10-21 17:13 - 2016-06-10 08:55 - 000000000 ____D C:\Users\Phoenix\Desktop\000
2017-10-20 20:36 - 2017-10-10 21:13 - 000000000 ____D C:\Users\Phoenix\AppData\Local\Battle.net
2017-10-18 21:38 - 2017-10-09 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-10-18 21:37 - 2015-09-21 19:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-18 21:12 - 2013-09-11 02:19 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-10-18 21:11 - 2014-12-03 00:12 - 000000000 ____D C:\temp
2017-10-18 13:22 - 2014-11-19 13:03 - 000004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-18 13:22 - 2013-08-20 19:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-18 13:22 - 2013-08-20 19:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-18 13:22 - 2013-08-19 17:12 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-13 15:35 - 2016-03-21 23:56 - 000000132 _____ C:\Users\Phoenix\AppData\Roaming\Adobe BMP Format CS6 Prefs
2017-10-12 22:04 - 2017-10-10 21:14 - 000000000 ____D C:\Users\Phoenix\AppData\Roaming\Battle.net

==================== Files in the root of some directories =======

2013-09-15 21:47 - 2013-09-15 21:47 - 000062482 _____ () C:\Program Files (x86)\setuplog.txt
2013-09-15 16:10 - 2013-09-15 16:10 - 000000132 _____ () C:\Users\Phoenix\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2016-03-21 23:56 - 2017-10-13 15:35 - 000000132 _____ () C:\Users\Phoenix\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-10-09 15:28 - 2016-11-19 23:50 - 000000132 _____ () C:\Users\Phoenix\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-11-21 13:35 - 2017-07-22 20:34 - 000000132 _____ () C:\Users\Phoenix\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-09-06 02:33 - 2013-09-22 20:51 - 000000132 _____ () C:\Users\Phoenix\AppData\Roaming\Adobe OpenEXR Format CS6 Prefs
2013-09-11 03:10 - 2017-11-05 22:33 - 000000132 _____ () C:\Users\Phoenix\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-28 00:02 - 2017-11-09 09:34 - 000000033 _____ () C:\Users\Phoenix\AppData\Roaming\AdobeWLCMCache.dat
2013-09-22 19:03 - 2013-09-22 19:04 - 000308506 _____ () C:\Users\Phoenix\AppData\Roaming\CodecsLE_Install.log
2013-10-23 18:52 - 2017-10-04 11:20 - 000001456 _____ () C:\Users\Phoenix\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-10-03 16:35 - 2014-05-14 18:35 - 000004608 _____ () C:\Users\Phoenix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-26 08:36 - 2017-06-26 08:36 - 000000751 _____ () C:\Users\Phoenix\AppData\Local\recently-used.xbel
2014-05-19 17:57 - 2014-05-19 17:57 - 000000017 _____ () C:\Users\Phoenix\AppData\Local\resmon.resmoncfg
2016-09-29 22:48 - 2017-11-11 01:23 - 347389952 _____ () C:\Users\Phoenix\AppData\Local\SageThumbs.db3
2017-02-07 01:32 - 2016-11-23 14:37 - 000000570 _____ () C:\Users\Phoenix\AppData\Local\TroubleshooterConfig.json
2017-10-07 19:40 - 2017-10-07 19:40 - 000000000 _____ () C:\Users\Phoenix\AppData\Local\{562A2E6B-DB1D-4872-A2E2-EF2728075863}
2017-10-07 20:25 - 2017-10-07 20:25 - 000000000 _____ () C:\Users\Phoenix\AppData\Local\{8A2BCCD7-ECA8-48D7-BCB2-1F135FE447F9}
2013-11-25 21:42 - 2013-11-25 21:42 - 000000026 ____H () C:\ProgramData\.811261211181235583101118113995
2017-02-17 23:26 - 2017-02-17 23:26 - 000004930 _____ () C:\ProgramData\czchsjpj.srw
2017-02-17 23:42 - 2017-02-17 23:42 - 000004975 _____ () C:\ProgramData\kjiixkes.ghp
2017-02-17 23:26 - 2017-02-17 23:26 - 000000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\Users\Beogrid\BEOGRID StrongDC.exe
C:\Users\Phoenix\{0B58B8BE-ECA4-40FE-BC61-189F9B1A2330}.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-09 00:42

==================== End of FRST.txt ============================
mycity.rs/must-login.png


Unapred hvala na pomoći!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {01006375-015b-11e6-a91a-94de800f2cfb} - G:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {01006383-015b-11e6-a91a-94de800f2cfb} - G:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {3bde2c4a-ba1d-11e6-afeb-94de800f2cfb} - G:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {aa5bf3fd-b476-11e3-9e9b-94de800f2d19} - H:\AutoRun.exe
HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\...\MountPoints2: {aa5bf3ff-b476-11e3-9e9b-94de800f2d19} - H:\AutoRun.exe
GroupPolicy: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1638686990-3675606546-2166461290-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\xmwyxlfj.default -> default-search.net
FF Keyword.URL: Mozilla\Firefox\Profiles\xmwyxlfj.default -> hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=544&src=ds&p=
CHR HomePage: Default -> hxxp://www.mysites123.com/?type=hp&ts=1451294164&z=480a14058bc99e2a66f3cc2g3z1w0g4obt5zcg9qdz&from=amt&uid=st31000524as_9vpfj9fwxxxx9vpfj9fw
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:24975D5E [119]
AlternateDataStreams: C:\Users\Phoenix\Local Settings:GniNtruisN6BtrJJjNX [2178]
AlternateDataStreams: C:\Users\Phoenix\AppData\Local:GniNtruisN6BtrJJjNX [2178]
AlternateDataStreams: C:\Users\Phoenix\AppData\Local\Application Data:GniNtruisN6BtrJJjNX [2178]
AlternateDataStreams: C:\Users\Phoenix\AppData\Local\Temp:rjN1Y5YQ9Fj3AUc6o11Fxn [2474]
HKLM\...\exefile\shell\open\command: C:\Windows\svchost.com "%1" %* <==== ATTENTION
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
C:\Windows\svchost.com
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve sam uradila kako si rekao, ali klikom na Fix dobijam - No fixlist.txt found i ako se fajl nalazi na desktopu kao i program.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ako ti je FRST prikazan u Windows Exploreru kao FRST64.exe, a ne kao FRST64 (bez .exe) dok je fix prikazan kao fixlist.txt, ukloni .txt iz naziva. Pretpostavljam da je umjesto fixlist.txt pravo ime fajla fixlist.txt.txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve urađeno, ali svchost je preuzeo sve i vrti me u krug. Kad kliknem na fix, prijavljuje da je Update complete i sve iz početka ...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li uvijek kaže update complete i zatvori FRST?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da, uvek, a pre otvaranja FRST-a mi prvo svchost.com traži odobrenje (dozvolu) za otvaranje programa (svih programa koje pokušam da otvorim). Ako ubijem svchost, ne mogu da otvorim ništa, ako kliknem Yes, otvori program, ali u ovom slučaju FRST vrti u krug.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probaj iz Safe mode-a da odradiš.

https://www.mycity.rs/MyCity-Laboratorija/Kako-uci-u-Safe-Mode-2.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Problem je što mi ne dozvoljava da uđem u Safe Mode. Evo probaću opet, ali mi iz 10 pokušaja nije dozvolio da otvorim ni jednu drugu opciju sem Start Win Normaly

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ubaci flash drive u inficiran racunar.
Kopiraj FRST64.exe i fixlist.txt na njega. Moraju biti na root-u diska, a ne u folderu.

Potrebno je pokrenuti racunar iz recovery okruzenja ( System Recovery Options )



Restartuj racunar i pritiskaj dugme F8 dok se ne pojavi Advanced Options Menu ili Advanced Boot Options.

Izaberi Repair your computer.
Izaberi jezik (Language) a zatim klikni na Next
Unesi sifru (password) ukoliko je to potrebno i klikni na OK,
i trebao bi da se pojavi prozor kao na slici ...




Izaberi Command Prompt
Novi (crn) prozor ce se otvoriti.

Ukucaj notepad a potom pritisni Enter.
Otvorice se Notepad

Klikni File potom Open a zatimklikni na Computer.
Zapisi ili upamti slovo koje je dodeljeno tvom flash drive uredjaju.
Obicno je to slovo "e:" ali to nije uvek slucaj.
Vrati se na Command Prompt (crn prozor)....

Upisi e:/frst64.exe i pritisni Enter (gde ces slovo e: zameniti sa onim slovom koje je dodeljeno tvom flash drive uredjaju.

Ukoliko je dodeljeno slovo "e" to bi izgledalo ovako:
e:\frst64.exe

FRST ce se pokrenuti.
Kada se alat pokrene, klikni Yes na pop-up prozor.
Pritisni Fix dugme.

Kada FRST zavrsi, napravice na tvom flesh uredjaju novi log pod nazivom fixlog.txt
Zatvori Command Prompt ( crn prozor )
Podigni sistem u normal mode.


Okaci uz poruku fixlog.txt