Prioritetna provera

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Instalirao sam igricu i tokom instalacije kaspersky mi je zavristao da je neki luncher inficiran i da je obrisan. Hitno mi treba provera jer sutra ujutru radim e banking. Hvala puno.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2017
Ran by Brksi (administrator) on BRX-EX-MAXIMUS (22-10-2017 20:56:00)
Running from C:\Users\Brksi\Desktop
Loaded Profiles: Brksi (Available Profiles: Brksi & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAuto\bin\KMSSS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\wmi64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-3390059587-1347697927-1921477610-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3390059587-1347697927-1921477610-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{19573b16-e103-46fc-90d7-630ad77a8485}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3390059587-1347697927-1921477610-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-23] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-08-09] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-08-09] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-03-23] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-08-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-23] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-03-23] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3390059587-1347697927-1921477610-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-23] (AO Kaspersky Lab)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-09] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-09] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-09] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-09] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-09] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Brksi\AppData\Roaming\Mozilla\Firefox\Profiles\gvp3wo1x.default [2017-10-09]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Brksi\AppData\Roaming\Mozilla\Firefox\Profiles\gvp3wo1x.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2017-09-26]
FF Extension: (Download Youtube Video) - C:\Users\Brksi\AppData\Roaming\Mozilla\Firefox\Profiles\gvp3wo1x.default\Extensions\{579822b5-d5d0-4316-8b71-83a53c756378}.xpi [2017-09-22]
FF Extension: (Video DownloadHelper) - C:\Users\Brksi\AppData\Roaming\Mozilla\Firefox\Profiles\gvp3wo1x.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-08-27]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-08-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-09] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default [2017-10-22]
CHR Extension: (Презентације) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21]
CHR Extension: (Документи) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21]
CHR Extension: (Google диск) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-09]
CHR Extension: (YouTube) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-09]
CHR Extension: (Табеле) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21]
CHR Extension: (Kaspersky Protection) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-08-09]
CHR Extension: (Google документи офлајн) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-09]
CHR Extension: (AdBlock) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-21]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2017-10-21]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-11]
CHR Extension: (Gmail) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-21]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\TC UP\PLUGINS\Media\Opera\launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-03] (Microsoft Corporation)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-06-29] (Foxit Software Inc.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S3 wampapache; f:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; f:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 GemCCID; C:\Windows\system32\DRIVERS\GemCCID.sys [137712 2016-10-17] (Gemalto)
R1 ISODrive; f:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197344 2017-10-14] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [592088 2017-10-14] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [186184 2017-10-22] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1021656 2017-10-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-03-23] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-08-09] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-08-09] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251656 2017-08-09] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-08-09] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-08-09] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-23] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-08-09] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-05-18] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 20:56 - 2017-10-22 20:56 - 000021354 _____ C:\Users\Brksi\Desktop\FRST.txt
2017-10-22 20:55 - 2017-10-22 20:56 - 000000000 ____D C:\FRST
2017-10-22 20:55 - 2017-10-22 20:55 - 002402816 _____ (Farbar) C:\Users\Brksi\Desktop\FRST64.exe
2017-10-22 18:15 - 2017-10-22 18:15 - 000000573 _____ C:\Users\Public\Desktop\DOOM Vulkan.lnk
2017-10-22 18:15 - 2017-10-22 18:15 - 000000563 _____ C:\Users\Public\Desktop\DOOM.lnk
2017-10-21 16:49 - 2015-08-05 15:52 - 003067392 _____ C:\Windows\system32\pwNative.exe
2017-10-21 16:49 - 2013-09-30 15:26 - 000019152 ____N C:\Windows\system32\pwdrvio.sys
2017-10-21 16:49 - 2013-09-30 15:26 - 000012504 ____N C:\Windows\system32\pwdspio.sys
2017-10-21 16:43 - 2017-10-21 16:43 - 000001024 ____H C:\AMTAG.BIN
2017-10-21 16:28 - 2017-10-21 16:28 - 000000000 ____D C:\Program Files (x86)\EaseUS
2017-10-21 14:33 - 2017-10-21 14:33 - 000000000 ____D C:\ProgramData\Acronis
2017-10-04 17:03 - 2017-10-04 17:03 - 000000000 ____D C:\AIK
2017-09-22 16:05 - 2017-09-25 18:32 - 000000000 ____D C:\ProgramData\Freemake
2017-09-22 16:05 - 2017-09-22 16:05 - 000000000 ____D C:\Users\Brksi\AppData\Local\FreemakeVideoConverter

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 20:54 - 2017-08-09 18:12 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\Skype
2017-10-22 20:53 - 2017-08-10 03:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-22 20:53 - 2017-08-09 21:46 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-10-22 20:53 - 2017-08-09 19:30 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-22 20:53 - 2017-08-09 18:10 - 000000000 ____D C:\Users\Brksi
2017-10-22 20:53 - 2016-07-16 08:04 - 000524288 _____ C:\Windows\system32\config\BBI
2017-10-22 20:52 - 2017-08-10 21:29 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-10-22 20:52 - 2017-08-09 19:09 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-22 20:47 - 2017-08-10 03:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-10-22 19:23 - 2017-08-09 20:07 - 000004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18649115-6AAE-4AA1-9AC9-C426033972A1}
2017-10-22 15:44 - 2017-08-09 18:10 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\Adobe
2017-10-22 15:04 - 2017-08-10 15:19 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\tixati
2017-10-22 13:15 - 2017-08-09 22:02 - 000000000 ____D C:\Users\Brksi\AppData\LocalLow\Mozilla
2017-10-21 16:42 - 2017-08-09 18:13 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3390059587-1347697927-1921477610-1001
2017-10-21 16:42 - 2017-08-09 18:12 - 000002377 _____ C:\Users\Brksi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-21 16:42 - 2017-08-09 18:12 - 000000000 ___RD C:\Users\Brksi\OneDrive
2017-10-21 14:55 - 2017-08-09 21:46 - 000003240 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-10-21 14:44 - 2017-08-09 18:16 - 001886752 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-21 11:59 - 2017-08-12 13:51 - 000000000 ____D C:\ProgramData\Oracle
2017-10-21 11:58 - 2017-08-12 13:51 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-21 11:58 - 2017-08-12 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-21 11:58 - 2017-08-12 13:51 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-16 18:35 - 2017-08-21 19:36 - 000005632 _____ C:\Users\Brksi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-14 12:16 - 2017-08-09 21:46 - 001021656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-10-14 12:16 - 2017-08-09 21:46 - 000592088 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-10-14 12:16 - 2017-08-09 21:46 - 000197344 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-10-14 12:16 - 2016-07-16 13:45 - 000000000 ____D C:\Windows\INF
2017-10-10 12:46 - 2017-08-09 18:10 - 000000000 ____D C:\Users\Brksi\AppData\Local\Packages
2017-10-07 13:55 - 2017-08-12 14:42 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\Foxit Software
2017-10-07 12:01 - 2017-08-16 15:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-07 12:01 - 2017-08-09 22:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-27 11:16 - 2017-08-09 21:31 - 000002428 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-27 11:16 - 2017-08-09 21:31 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 15:41 - 2017-08-18 20:52 - 000000132 _____ C:\Users\Brksi\AppData\Roaming\Adobe PNG Format CC Prefs

==================== Files in the root of some directories =======

2017-08-18 20:52 - 2017-09-25 15:41 - 000000132 _____ () C:\Users\Brksi\AppData\Roaming\Adobe PNG Format CC Prefs
2017-08-21 19:36 - 2017-10-16 18:35 - 000005632 _____ () C:\Users\Brksi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-09 19:12 - 2017-08-09 19:12 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Brksi\pkcs11wrapper_32.dll


Some files in TEMP:
====================
2017-09-22 16:04 - 2017-09-22 16:05 - 034589584 _____ (Ellora Assets Corporation                                   ) C:\Users\Brksi\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2017-10-21 11:57 - 2017-10-21 11:57 - 001856576 _____ (Oracle Corporation) C:\Users\Brksi\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-08-27 21:52 - 2017-08-22 15:19 - 004608512 _____ (New Technology Studio) C:\Users\Brksi\AppData\Local\Temp\ovi-uninstall.exe
2017-08-13 16:26 - 2017-08-13 16:36 - 006652982 _____ (Ubisoft) C:\Users\Brksi\AppData\Local\Temp\ubi5558.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-19 11:16

==================== End of FRST.txt ============================

pkcs11wrapper_32.dll je legitiman i odno si se bas na e banking.
https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Čisto.

• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

zahvaljujem