Chrome izbacuje reklame pored instaliranog ADBLOCK Plus-a

2

Chrome izbacuje reklame pored instaliranog ADBLOCK Plus-a

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by dejan (administrator) on DEJAN-PC (27-08-2017 16:21:46)
Running from C:\Users\dejan\Desktop
Loaded Profiles: dejan (Available Profiles: dejan)
Platform: Microsoft Windows 10 Pro Version 1703 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Facebook) C:\Users\dejan\AppData\Local\Facebook\Games\FacebookGameroom.exe
(The CefSharp Authors) C:\Users\dejan\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [15111680 2017-02-10] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\Run: [Viber] => C:\Users\dejan\AppData\Local\Viber\Viber.exe [30676560 2017-05-06] (Viber Media S.à r.l.)
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7658200 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4005944 2017-02-14] (Tonec Inc.)
Startup: C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-08-26]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\dejan\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{938526f2-0a05-4077-a0e9-c9636044b755}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{938526f2-0a05-4077-a0e9-c9636044b755}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df927024-ee76-41e9-bec0-c7ce2732a227}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{df927024-ee76-41e9-bec0-c7ce2732a227}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-24] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-24] (Oracle Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001 -> about:start

FireFox:
========
FF ProfilePath: C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467 [2017-08-27]
FF Homepage: Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467 -> www.google.com
FF Extension: (Vlc context menu) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\Extensions\vlcplaylist@helgatauscher.de.xpi [2017-05-28]
FF Extension: (VideoDownloadConverter) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\Extensions\_4zMembers_@www.videodownloadconverter.com [2017-08-21]
FF Extension: (Video DownloadHelper) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-08-21]
FF Extension: (Adblock Plus) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-21]
FF Extension: (Firefox Screenshots) - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\6unxlt1d.default-1476917329467\features\{48b193db-8667-41f3-b793-94688160f06f}\screenshots@mozilla.org.xpi [2017-08-27]
FF HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\dejan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\dejan\AppData\Roaming\IDM\idmmzcc5 [2017-08-25] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-24] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.google.com/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/","hxxp://www.youndoo.com/?z=61bcc231723f316e9912186g2z5b6teo2w2zazczaq&from=amz&uid=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&type=hp","hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a12627-333&t=4","hxxp://www.initialsite123.com/?z=53e8deaf6335b4feab6622eg8z8t0g5mbw7q9b8w6o&from=icb&uid=HitachiXHDS721050CLA362_JPF521HA3EJ06V3EJ06VX&type=hp"
CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-08-27] <==== ATTENTION
CHR Extension: (Google Translate) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-08-25]
CHR Extension: (Nice Day (weather)) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\akmijnhpfgblhkbdlnbldpmjgaiognoo [2017-08-25]
CHR Extension: (Google Docs) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-25]
CHR Extension: (Google Drive) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-25]
CHR Extension: (YouTube) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-25]
CHR Extension: (Adblock Plus) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-08-25]
CHR Extension: (Notifier for Gmail™) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2017-08-25]
CHR Extension: (SBRO Safe Browsing) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eglegmheckaainhhlaiogafaecfgfbga [2017-08-25]
CHR Extension: (Tampermonkey BETA) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2017-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-25]
CHR Extension: (Image Search Options) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kljmejbpilkadikecejccebmccagifhl [2017-08-25]
CHR Extension: (IDM Integration Module) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-08-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Chrome NPAPI Replacement) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\okoafaojkokbmieeefnflkiklhanpeoc [2017-08-25]
CHR Extension: (Gmail) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-25]
CHR Extension: (Chrome Media Router) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-02-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [1002544 2017-06-26] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files\AVG\Av\avgfws.exe [1458352 2017-06-26] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153400 2017-06-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606352 2017-06-26] (AVG Technologies CZ, s.r.o.)
R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [392168 2016-08-31] (Digital Wave Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-18] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-06-20] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [14554768 2017-04-29] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus.sys [15744 2014-10-09] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag.sys [23680 2014-10-09] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem.sys [28416 2014-10-09] (LG Electronics Inc.)
S0 Avgbootx; C:\WINDOWS\System32\DRIVERS\avgbootx.sys [19584 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6x.sys [67336 2016-10-23] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [259328 2017-03-23] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimw8x.sys [41216 2016-08-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\WINDOWS\system32\DRIVERS\avgwfpx.sys [246536 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 dg_ksudbus; C:\WINDOWS\System32\drivers\ksudbus.sys [75776 2011-03-25] (Microsoft Corporation) [File not signed]
S3 HtcUsbMdmV32; C:\WINDOWS\system32\DRIVERS\HtcUsbMdmV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R1 lnvguard; C:\WINDOWS\System32\DRIVERS\lnvguard.sys [83392 2016-12-01] (Huorong Borui (Beijing) Technology Co., Ltd.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-08-08] (Malwarebytes)
S3 pneteth; C:\WINDOWS\System32\drivers\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [13064 2016-11-24] ()
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [39456 2015-09-25] (QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [214560 2015-09-25] (QUALCOMM Incorporated)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [795648 2017-02-20] (Realtek )
S3 usbbus; C:\WINDOWS\System32\drivers\lgusbbus.sys [13056 2014-05-27] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [20864 2014-05-27] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [25216 2014-05-27] (LG Electronics Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\drivers\usb2ser.sys [128704 2016-08-16] (MBB)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [128704 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [160256 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2016-10-15] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2016-10-15] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-27 16:21 - 2017-08-27 16:22 - 000018120 _____ C:\Users\dejan\Desktop\FRST.txt
2017-08-27 16:21 - 2017-08-27 16:21 - 000000258 _____ C:\Users\dejan\Desktop\Fixlog.txt
2017-08-26 23:52 - 2017-08-26 23:52 - 000001227 _____ C:\Users\dejan\Desktop\Facebook Gameroom.lnk
2017-08-26 23:52 - 2017-08-26 23:52 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-08-23 23:16 - 2017-08-23 23:16 - 001792512 _____ (Farbar) C:\Users\dejan\Desktop\FRST.exe
2017-08-21 21:37 - 2017-08-27 16:21 - 000000000 ____D C:\FRST
2017-08-13 22:40 - 2017-08-13 22:40 - 000260776 _____ (Facebook) C:\Users\dejan\Downloads\FacebookGameroom.exe
2017-08-09 22:03 - 2017-08-01 04:47 - 005862816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 22:03 - 2017-08-01 04:43 - 000273312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 22:03 - 2017-08-01 04:41 - 000095648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 22:03 - 2017-08-01 04:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 22:03 - 2017-08-01 04:37 - 002023832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 22:03 - 2017-08-01 04:37 - 000582560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 22:03 - 2017-08-01 04:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 22:03 - 2017-08-01 04:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 22:03 - 2017-08-01 04:36 - 000173984 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 22:03 - 2017-08-01 04:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 22:03 - 2017-08-01 04:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 22:03 - 2017-08-01 04:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 22:03 - 2017-08-01 04:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 22:03 - 2017-08-01 04:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 22:03 - 2017-08-01 04:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 22:03 - 2017-08-01 04:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 22:03 - 2017-08-01 04:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 22:03 - 2017-08-01 04:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 22:03 - 2017-08-01 04:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 22:03 - 2017-08-01 04:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 22:03 - 2017-08-01 04:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 22:03 - 2017-08-01 04:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 22:03 - 2017-08-01 04:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 22:03 - 2017-08-01 04:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 22:03 - 2017-08-01 04:13 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 22:03 - 2017-08-01 04:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 22:03 - 2017-08-01 04:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 22:03 - 2017-08-01 04:11 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 22:03 - 2017-08-01 04:10 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 22:03 - 2017-08-01 04:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 22:03 - 2017-08-01 04:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 22:03 - 2017-08-01 04:08 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 22:03 - 2017-08-01 04:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 22:03 - 2017-08-01 04:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 22:03 - 2017-08-01 04:07 - 003447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 22:03 - 2017-08-01 04:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 22:03 - 2017-08-01 04:06 - 001585152 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 22:03 - 2017-08-01 04:06 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 22:03 - 2017-08-01 04:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 22:03 - 2017-08-01 04:06 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 22:03 - 2017-08-01 04:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 22:03 - 2017-08-01 04:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 22:03 - 2017-08-01 04:04 - 001831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 22:03 - 2017-08-01 04:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 22:03 - 2017-08-01 04:01 - 000547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-08-09 22:03 - 2017-08-01 04:01 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-08-09 22:03 - 2017-08-01 00:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswdat10.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswstr10.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000518144 _____ C:\WINDOWS\system32\msjetoledb40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxbde40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbde40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd3x40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd2x40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjtes40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstext40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msltus40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint40.dll
2017-08-09 22:03 - 2017-08-01 00:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjter40.dll
2017-08-09 22:02 - 2017-08-01 04:34 - 000060312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 22:02 - 2017-08-01 04:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 22:02 - 2017-08-01 04:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 22:02 - 2017-08-01 04:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 22:02 - 2017-08-01 04:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 22:02 - 2017-08-01 04:20 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 22:02 - 2017-08-01 04:17 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2017-08-09 22:02 - 2017-08-01 04:16 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 22:02 - 2017-08-01 04:15 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 22:02 - 2017-08-01 04:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 22:02 - 2017-08-01 04:12 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 22:02 - 2017-08-01 04:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 22:02 - 2017-08-01 04:01 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-07 18:11 - 2017-08-07 18:11 - 000000979 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2017-08-07 18:11 - 2017-08-07 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-08-07 18:08 - 2017-08-07 18:08 - 000000000 ___HD C:\$AVG
2017-08-07 18:06 - 2017-08-27 16:21 - 000000000 ____D C:\ProgramData\MFAData
2017-08-05 17:21 - 2017-08-05 17:21 - 000001321 _____ C:\Users\dejan\Desktop\Continue Adobe Flash Player Installation.lnk
2017-08-05 00:15 - 2017-08-05 00:15 - 000005554 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2017-08-04 01:05 - 2017-07-28 06:48 - 001972128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-04 01:05 - 2017-07-28 06:48 - 001854832 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-04 01:05 - 2017-07-28 06:48 - 000358816 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2017-08-04 01:05 - 2017-07-28 06:48 - 000358816 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-04 01:05 - 2017-07-28 06:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-04 01:05 - 2017-07-28 06:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-04 01:05 - 2017-07-28 06:47 - 000572320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-04 01:05 - 2017-07-28 06:44 - 000239008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-04 01:05 - 2017-07-28 06:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-04 01:05 - 2017-07-28 06:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-04 01:05 - 2017-07-28 06:39 - 000434592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-04 01:05 - 2017-07-28 06:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-04 01:05 - 2017-07-28 06:38 - 000216504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-04 01:05 - 2017-07-28 06:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-04 01:05 - 2017-07-28 06:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-04 01:05 - 2017-07-28 06:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-04 01:05 - 2017-07-28 06:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-04 01:05 - 2017-07-28 06:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-04 01:05 - 2017-07-28 06:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-04 01:05 - 2017-07-28 06:33 - 002081184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-04 01:05 - 2017-07-28 06:33 - 000440184 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-04 01:05 - 2017-07-28 06:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-04 01:05 - 2017-07-28 06:24 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-04 01:05 - 2017-07-28 06:21 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-04 01:05 - 2017-07-28 06:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-04 01:05 - 2017-07-28 06:20 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-04 01:05 - 2017-07-28 06:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-04 01:05 - 2017-07-28 06:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-04 01:05 - 2017-07-28 06:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-04 01:05 - 2017-07-28 06:16 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-04 01:05 - 2017-07-28 06:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-04 01:05 - 2017-07-28 06:15 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-04 01:05 - 2017-07-28 06:14 - 000678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-04 01:05 - 2017-07-28 06:14 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-04 01:05 - 2017-07-28 06:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-04 01:05 - 2017-07-28 06:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-04 01:05 - 2017-07-28 06:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-04 01:05 - 2017-07-28 06:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-04 01:05 - 2017-07-28 06:13 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-04 01:05 - 2017-07-28 06:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-04 01:05 - 2017-07-28 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-04 01:05 - 2017-07-28 06:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-08-04 01:05 - 2017-07-28 06:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-04 01:05 - 2017-07-28 06:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-04 01:05 - 2017-07-28 06:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-04 01:05 - 2017-07-28 06:04 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-04 01:05 - 2017-07-28 06:03 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-04 01:05 - 2017-07-28 06:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-04 01:05 - 2017-07-28 06:03 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-04 01:05 - 2017-07-28 06:03 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-04 01:05 - 2017-07-28 06:02 - 001377280 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-04 01:04 - 2017-07-28 07:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-04 01:04 - 2017-07-28 06:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-04 01:04 - 2017-07-28 06:46 - 000698384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-04 01:04 - 2017-07-28 06:40 - 000755616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-04 01:04 - 2017-07-28 06:38 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-04 01:04 - 2017-07-28 06:38 - 000597920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-04 01:04 - 2017-07-28 06:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-04 01:04 - 2017-07-28 06:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-04 01:04 - 2017-07-28 06:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-04 01:04 - 2017-07-28 06:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-04 01:04 - 2017-07-28 06:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-04 01:04 - 2017-07-28 06:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-04 01:04 - 2017-07-28 06:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-04 01:04 - 2017-07-28 06:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-04 01:04 - 2017-07-28 06:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-04 01:04 - 2017-07-28 06:21 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-04 01:04 - 2017-07-28 06:20 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-04 01:04 - 2017-07-28 06:20 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-04 01:04 - 2017-07-28 06:20 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-04 01:04 - 2017-07-28 06:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-04 01:04 - 2017-07-28 06:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-04 01:04 - 2017-07-28 06:18 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-04 01:04 - 2017-07-28 06:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-04 01:04 - 2017-07-28 06:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-04 01:04 - 2017-07-28 06:17 - 000661504 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-04 01:04 - 2017-07-28 06:17 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-04 01:04 - 2017-07-28 06:17 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-04 01:04 - 2017-07-28 06:17 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-04 01:04 - 2017-07-28 06:17 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-04 01:04 - 2017-07-28 06:16 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-04 01:04 - 2017-07-28 06:16 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-04 01:04 - 2017-07-28 06:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-04 01:04 - 2017-07-28 06:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-04 01:04 - 2017-07-28 06:15 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-04 01:04 - 2017-07-28 06:15 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-04 01:04 - 2017-07-28 06:14 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-04 01:04 - 2017-07-28 06:14 - 000435712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-04 01:04 - 2017-07-28 06:14 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-04 01:04 - 2017-07-28 06:13 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-04 01:04 - 2017-07-28 06:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-04 01:04 - 2017-07-28 06:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-04 01:04 - 2017-07-28 06:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-04 01:04 - 2017-07-28 06:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-04 01:04 - 2017-07-28 06:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-04 01:04 - 2017-07-28 06:12 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-04 01:04 - 2017-07-28 06:11 - 001513984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-04 01:04 - 2017-07-28 06:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-04 01:04 - 2017-07-28 06:11 - 000962048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-04 01:04 - 2017-07-28 06:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-04 01:04 - 2017-07-28 06:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-04 01:04 - 2017-07-28 06:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-04 01:04 - 2017-07-28 06:09 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-04 01:04 - 2017-07-28 06:09 - 002040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 002122240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-04 01:04 - 2017-07-28 06:08 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-04 01:04 - 2017-07-28 06:06 - 001126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-04 01:04 - 2017-07-28 06:06 - 000558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-04 01:04 - 2017-07-28 06:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-04 01:04 - 2017-07-28 06:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-04 01:04 - 2017-07-28 06:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-04 01:04 - 2017-07-28 06:04 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-04 01:04 - 2017-07-28 06:02 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-04 01:04 - 2017-07-28 06:02 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-04 01:04 - 2017-07-28 06:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-04 01:04 - 2017-07-28 06:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-04 01:04 - 2017-07-28 06:02 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-04 01:04 - 2017-07-28 06:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-04 01:04 - 2017-07-28 06:01 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-27 16:22 - 2017-06-27 13:53 - 000227188 _____ C:\WINDOWS\ZAM.krnl.trace
2017-08-27 16:22 - 2017-06-27 13:53 - 000202465 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-08-27 16:18 - 2017-03-18 08:02 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2017-08-27 16:15 - 2017-06-13 16:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-27 02:00 - 2017-03-07 16:58 - 000000000 ____D C:\Users\dejan\AppData\Local\Adobe
2017-08-27 00:19 - 2017-05-28 21:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-26 23:52 - 2017-04-26 16:31 - 000000000 ____D C:\Users\dejan\AppData\Local\Facebook
2017-08-26 23:49 - 2017-06-13 16:57 - 000000000 ____D C:\Users\dejan
2017-08-26 23:49 - 2016-09-24 16:45 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Messenger for Desktop
2017-08-26 19:39 - 2016-11-18 20:21 - 000000000 ____D C:\Users\dejan\AppData\Roaming\DMCache
2017-08-26 18:39 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-25 19:14 - 2017-03-11 19:22 - 000000000 ____D C:\Users\dejan\AppData\Roaming\IDM
2017-08-25 18:31 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-25 14:29 - 2017-03-18 20:23 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-25 14:29 - 2017-01-28 21:39 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-25 14:29 - 2017-01-28 21:39 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-25 14:29 - 2016-09-07 15:27 - 000000000 ____D C:\Users\dejan\AppData\Local\Packages
2017-08-25 14:26 - 2017-06-15 22:56 - 000000000 ____D C:\Program Files\Popcorn Time
2017-08-25 14:23 - 2017-06-13 17:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-23 23:25 - 2017-03-15 17:46 - 000002282 _____ C:\Users\dejan\Desktop\Google Chrome.lnk
2017-08-23 23:19 - 2017-06-30 19:01 - 000154124 ____N C:\WINDOWS\Minidump\082317-49609-01.dmp
2017-08-23 23:19 - 2017-06-13 17:56 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-23 00:23 - 2017-01-01 00:36 - 000000000 ____D C:\Users\dejan\AppData\Roaming\vlc
2017-08-22 22:33 - 2017-04-17 20:40 - 000000000 ____D C:\Users\dejan\Downloads\Compressed
2017-08-19 19:13 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-14 23:50 - 2017-03-18 08:02 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-12 19:41 - 2017-03-18 20:21 - 000000000 ____D C:\WINDOWS\INF
2017-08-12 19:39 - 2016-09-08 21:40 - 000001038 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-12 19:33 - 2016-09-08 21:40 - 000000000 ____D C:\Program Files\CCleaner
2017-08-12 12:34 - 2017-03-18 20:14 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-11 03:32 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 00:17 - 2017-06-13 16:51 - 000223632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 22:09 - 2016-09-07 17:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 22:04 - 2016-09-07 17:53 - 137505280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 23:48 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 19:10 - 2016-12-06 00:06 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-07 22:50 - 2016-12-09 23:37 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Mozilla
2017-08-07 19:15 - 2017-06-01 13:14 - 000000000 ____D C:\Users\dejan\AppData\Roaming\WinSAPSvc
2017-08-07 19:09 - 2017-05-27 15:46 - 000000000 ____D C:\Users\dejan\AppData\Local\terana
2017-08-07 18:55 - 2017-06-01 13:14 - 000000000 ____D C:\Users\dejan\AppData\Local\glory
2017-08-07 18:12 - 2016-09-14 15:56 - 000000000 ____D C:\Users\dejan\AppData\Local\Avg
2017-08-07 18:11 - 2017-03-18 20:23 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-08-07 18:06 - 2016-12-31 15:39 - 000000000 ____D C:\Program Files\AVG
2017-08-07 18:06 - 2016-09-14 15:56 - 000000000 ____D C:\ProgramData\Avg
2017-08-07 18:05 - 2016-09-14 15:56 - 000000000 ____D C:\Users\dejan\AppData\Local\AvgSetupLog
2017-08-07 18:01 - 2016-09-14 16:26 - 000000000 ____D C:\Users\dejan\AppData\Roaming\AVG
2017-08-05 00:14 - 2016-04-27 06:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-04 19:18 - 2017-06-13 17:17 - 001135462 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-04 19:11 - 2017-03-18 20:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-31 17:15 - 2017-03-18 20:25 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-31 17:15 - 2017-03-18 20:25 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-29 00:05 - 2016-10-02 00:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2017-07-29 00:05 - 2016-09-07 23:10 - 000001230 _____ C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2017-07-29 00:05 - 2016-09-07 23:10 - 000001206 _____ C:\Users\Public\Desktop\GOM Player.lnk

==================== Files in the root of some directories =======

2016-09-23 15:24 - 2016-10-19 12:50 - 000000396 _____ () C:\Users\dejan\AppData\Roaming\burnaware.ini
2016-12-09 01:04 - 2017-02-03 01:46 - 000001002 _____ () C:\Users\dejan\AppData\Roaming\downloads.json
2016-12-26 18:32 - 2016-12-26 18:32 - 000000353 _____ () C:\Users\dejan\AppData\Roaming\imagetuner.ini
2016-12-10 20:57 - 2016-12-11 23:26 - 000004608 _____ () C:\Users\dejan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-16 20:41 - 2017-04-16 20:41 - 000003370 _____ () C:\Users\dejan\AppData\Local\recently-used.xbel
2017-06-12 15:05 - 2017-06-12 15:05 - 000000017 _____ () C:\Users\dejan\AppData\Local\resmon.resmoncfg
2017-01-04 22:23 - 2017-01-07 22:01 - 000000176 _____ () C:\Users\dejan\AppData\Local\uts.ini

Files to move or delete:
====================
C:\Users\dejan\k350n_.reg


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-12 20:08

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CreateRestorePoint:
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
C:\Program Files\Popcorn Time
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/","hxxp://www.youndoo.com/?z=61bcc231723f316e9912186g2z5b6teo2w2zazczaq&from=amz&uid=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&type=hp","hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a12627-333&t=4","hxxp://www.initialsite123.com/?z=53e8deaf6335b4feab6622eg8z8t0g5mbw7q9b8w6o&from=icb&uid=HitachiXHDS721050CLA362_JPF521HA3EJ06V3EJ06VX&type=hp"
CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-08-27] <==== ATTENTION
C:\Users\dejan\k350n_.reg
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-49C2F4479574}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
Task: {9931FCAE-5037-4F66-83F7-2B0B40881B5A} - System32\Tasks\Pegasbetotion => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&v=2017311 /q <==== ATTENTION
Task: {C7442C22-8DE8-4479-8FEA-9A361A58BAD6} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe <==== ATTENTION
C:\Program Files\MIO
Shortcut: C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplorеr.lnk -> C:\Users\dejan\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\dejan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk -> C:\Users\dejan\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
FirewallRules: [{2A579B6B-B7F1-4878-B269-A5FFA4D229F6}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{FB0D2782-31A0-45C9-BF51-38517A2BB1BB}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
C:\Users\dejan\AppData\Roaming\Browsers
C:\Program Files\Steerwardpriboly Builder


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi Unicode.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).


Idi u C:\Windows\Minidump folder i kopiraj fajl pod nazivom 082317-49609-01.dmp na Desktop. Zatim ga zapakuj i zakači u temu.

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by dejan (29-08-2017 21:31:39) Run:4
Running from C:\Users\dejan\Desktop
Loaded Profiles: dejan (Available Profiles: dejan)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
C:\Program Files\Popcorn Time
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/","hxxp://www.youndoo.com/?z=61bcc231723f316e9912186g2z5b6teo2w2zazczaq&from=amz&uid=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&type=hp","hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a12627-333&t=4","hxxp://www.initialsite123.com/?z=53e8deaf6335b4feab6622eg8z8t0g5mbw7q9b8w6o&from=icb&uid=HitachiXHDS721050CLA362_JPF521HA3EJ06V3EJ06VX&type=hp"
CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-08-27] <==== ATTENTION
C:\Users\dejan\k350n_.reg
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-49C2F4479574}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
Task: {9931FCAE-5037-4F66-83F7-2B0B40881B5A} - System32\Tasks\Pegasbetotion => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=WDCXWD3200AVJS-63B6A0_WD-WCAT1A29657496574&v=2017311 /q <==== ATTENTION
Task: {C7442C22-8DE8-4479-8FEA-9A361A58BAD6} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe <==== ATTENTION
C:\Program Files\MIO
Shortcut: C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplorеr.lnk -> C:\Users\dejan\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\dejan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk -> C:\Users\dejan\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
FirewallRules: [{2A579B6B-B7F1-4878-B269-A5FFA4D229F6}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{FB0D2782-31A0-45C9-BF51-38517A2BB1BB}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
C:\Users\dejan\AppData\Roaming\Browsers
C:\Program Files\Steerwardpriboly Builder
*****************

Restore point was successfully created.
C:\Program Files\Popcorn Time\Updater.exe
[2820] C:\Program Files\Popcorn Time\Updater.exe => process closed successfully.
C:\Program Files\Popcorn Time => moved successfully
Chrome StartupUrls => removed successfully.
C:\Users\dejan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
C:\Users\dejan\k350n_.reg => moved successfully
HKLM\System\CurrentControlSet\Services\Update service => key removed successfully.
Update service => service removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\ChromeHTML => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-49C2F4479574} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07} => key removed successfully.
HKU\S-1-5-21-2725342497-1767379937-2485888434-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9931FCAE-5037-4F66-83F7-2B0B40881B5A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9931FCAE-5037-4F66-83F7-2B0B40881B5A} => key removed successfully.
C:\Windows\System32\Tasks\Pegasbetotion => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pegasbetotion => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7442C22-8DE8-4479-8FEA-9A361A58BAD6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7442C22-8DE8-4479-8FEA-9A361A58BAD6} => key removed successfully.
C:\Windows\System32\Tasks\Milimili => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => key removed successfully.
"C:\Program Files\MIO" => not found.
C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplorеr.lnk => moved successfully
C:\Users\dejan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A579B6B-B7F1-4878-B269-A5FFA4D229F6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB0D2782-31A0-45C9-BF51-38517A2BB1BB} => value removed successfully.
"C:\Users\dejan\AppData\Roaming\Browsers" => not found.
"C:\Program Files\Steerwardpriboly Builder" => not found.

==== End of Fixlog 21:32:41 ====



https://www.mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.


Zatim:

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.

Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Napisano: 31 Avg 2017 15:30

Nemam view report , računar je zatražio restartovanje odradio sam ,ali nemam ovo dalje.



Dopuna: 31 Avg 2017 16:20

Sad nakon odrađenog sa ADW cleanerom, sistem neće da se podigne, samo mi izlazi Automatic Reapair, Dignose pc, imam uključen system restore, ali ga nije odradio izbacio mi ovo

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Butuj u Advanced Boot Options, otvori cmd i upiši: chkdsk /r

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Već sam završio. Resetovao sistem, sve važno mi je na drugim particijama. Hvala.

Ko je trenutno na forumu
 

Ukupno su 1124 korisnika na forumu :: 31 registrovanih, 7 sakrivenih i 1086 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, Asparagus, Atomski čoban, bobomicek, Brana01, CikaKURE, Dimitrise93, DonRumataEstorski, Dorcolac, DPera, Dvojac005, FOX, hooraay, HrcAk47, ivan1973, jackreacher011011, Karla, Kibice, kjkszpj, ladro, laurusri, LUDI, milenko crazy north, Misirac, moldway, nebidrag, nemkea71, pein, Romibrat, Sirius, vathra