Neotvara desktop

1

Neotvara desktop

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

Koristim win7 32 bitni i telekomov adsl . Postovao sam u podforumu windows ovu temu i oni su me poslali u ambulantu pa neznam da li treba ponovo da opisujem problem. Zastitni softver nije nista signalizirao a ja nisam znao sta da preduzmem da bi resio problem.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2016
Ran by miroslav (administrator) on MIROSLAV-PC (02-10-2016 19:10:32)
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\RocketDock\RocketDock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Totem Entertainment) C:\Users\miroslav\AppData\Local\vghd\bin\vghd.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [101888 2012-04-05] (Leadtek Research Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1004064 2016-08-30] (Microsoft Corporation)
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\Run: [uTorrent] => C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe [2139840 2016-09-09] (BitTorrent Inc.)
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2920448 2012-03-02] (Leadtek Research Inc.)
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\Run: [Google Update] => "C:\Users\miroslav\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\MountPoints2: {621a2c3c-5951-11e6-aa2a-001fd05f9e25} - J:\AutoRun.exe
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\...\MountPoints2: {698bc745-c7ff-11e5-b03c-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.ultimatebootcd.com/
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2016-09-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\malwarebytes.lnk [2016-02-06]
ShortcutTarget: malwarebytes.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2016-04-02]
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\miroslav\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BA71F0F3-684F-4933-AC36-9D962FAA543E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CA7257C1-5E41-4C28-B34D-9EE8BEF19590}: [DhcpNameServer] 192.168.42.129
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-1981283564-2037280381-1702048796-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131140248101313292&GUID=DB2AB2EB-FAEF-4C4D-98B3-90A83B8858F6
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File

FireFox:
========
FF ProfilePath: C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234 [2016-10-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234 -> goMovix
FF Homepage: Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234 -> hxxp://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234 -> is enabled.
FF Extension: (Proxmate) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-08-11]
FF Extension: (S3.Google Translator) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\s3google@translator.xpi [2016-08-11]
FF Extension: (FlashGot) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-08-11]
FF Extension: (Flash Game Maximizer) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-09-25]
FF Extension: (X-notifier) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2016-08-31]
FF Extension: (FEBE) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-09-24]
FF Extension: (WOT) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-08-11]
FF Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-17]
FF Extension: (Adblock Plus) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-11]
FF SearchPlugin: C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234\searchplugins\APN_Teoma.xml [2016-07-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1981283564-2037280381-1702048796-1000: @tools.google.com/Google Update;version=3 -> C:\Users\miroslav\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1981283564-2037280381-1702048796-1000: @tools.google.com/Google Update;version=9 -> C:\Users\miroslav\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1981283564-2037280381-1702048796-1000: tpsee.com/ipcctrl -> C:\Windows\system32\IPCConfigV2\npipcctrl.dll [2014-09-10] (tpsee)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default [2016-08-25]
CHR Extension: (Google Docs) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-31]
CHR Extension: (Google Drive) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-31]
CHR Extension: (YouTube) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-31]
CHR Extension: (Google Search) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-31]
CHR Extension: (Google Sheets) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-31]
CHR Extension: (Google Docs Offline) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-01]
CHR Extension: (Fast search v3.5) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2016-08-11]
CHR Extension: (Nemoze da se izbrise) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid [2016-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-31]
CHR Extension: (Gmail) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-31]

Opera:
=======
OPR Extension: (Fast search v3.5) - C:\Users\miroslav\AppData\Roaming\Opera Software\Opera Stable\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2016-08-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [445976 2016-08-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [425496 2016-08-03] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [462360 2016-08-03] (BlueStack Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [104200 2016-08-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-08-30] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-10-07] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\Unchecky_svc.exe [160208 2016-01-31] (RaMMicHaeL) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [X]
S2 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [139360 2016-08-03] (BlueStack Systems)
R2 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [250936 2016-07-28] (Bluestack System Inc. )
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [49152 2004-10-18] (DeviceGuys, Inc.) [File not signed]
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 DSDrv4; C:\Program Files\DScaler\DSDrv4.sys [20128 2012-04-03] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-08-11] (REALiX(tm))
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2016-10-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [16744 2014-06-19] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12656 2014-06-19] ()
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) [File not signed]
R3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [561920 2008-11-19] (eMPIA Technology, Inc.)
R3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [455168 2008-11-19] (eMPIA Technology, Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-02 19:10 - 2016-10-02 19:12 - 00020705 _____ C:\Users\miroslav\Desktop\FRST.txt
2016-10-02 19:10 - 2016-10-02 19:10 - 00000000 ____D C:\FRST
2016-10-02 19:00 - 2016-10-02 19:00 - 01754624 _____ (Farbar) C:\Users\miroslav\Desktop\FRST.exe
2016-10-01 11:51 - 2016-10-01 11:51 - 00692654 _____ C:\Users\miroslav\Desktop\18.jpeg
2016-10-01 09:21 - 2016-10-01 09:45 - 346034434 _____ C:\Users\miro\Desktop\Tri-policajca-2015.mkv
2016-10-01 09:18 - 2016-10-01 09:18 - 00000000 ____D C:\Users\miroslav\Documents\Freemake
2016-10-01 09:18 - 2016-10-01 09:18 - 00000000 ____D C:\ProgramData\Freemake
2016-09-30 19:39 - 2016-09-30 19:39 - 00390098 _____ C:\Users\miroslav\Desktop\www.mpzzs.gov.rs_download_Pravilnici_4827016.0140.9-1-radi-objavljivanja.pdf
2016-09-30 17:33 - 2016-09-30 17:35 - 00000232 _____ C:\Users\miroslav\Desktop\Halkbanka.url
2016-09-24 23:06 - 2016-09-24 23:06 - 00000000 ____D C:\Users\miroslav\AppData\Local\cache
2016-09-24 23:05 - 2016-09-24 23:09 - 00000000 ____D C:\ProgramData\Fotor
2016-09-24 23:04 - 2016-09-24 23:04 - 00000925 _____ C:\Users\Public\Desktop\Fotor.lnk
2016-09-24 23:04 - 2016-09-24 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotor
2016-09-24 23:00 - 2016-09-24 23:01 - 00000000 ____D C:\Program Files\Fotor
2016-09-24 10:57 - 2016-09-25 08:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-21 13:35 - 2016-08-05 17:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-14 09:41 - 2016-09-02 17:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-09-14 09:41 - 2016-09-02 17:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 09:41 - 2016-09-02 17:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 09:41 - 2016-09-02 17:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 09:41 - 2016-09-02 17:18 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 09:41 - 2016-09-02 17:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 09:41 - 2016-09-02 16:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 09:41 - 2016-09-02 16:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 09:41 - 2016-09-02 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 09:41 - 2016-09-02 16:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 09:41 - 2016-09-02 16:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 09:41 - 2016-09-02 16:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 09:41 - 2016-09-02 16:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 09:41 - 2016-09-02 16:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 09:41 - 2016-09-02 16:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 09:41 - 2016-09-02 16:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 09:41 - 2016-09-02 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 09:41 - 2016-09-02 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 09:41 - 2016-09-02 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 09:41 - 2016-08-16 04:48 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 09:41 - 2016-08-16 04:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 09:41 - 2016-08-12 18:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 09:41 - 2016-08-12 18:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 09:41 - 2016-08-12 18:21 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 09:41 - 2016-08-06 17:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 09:41 - 2016-07-07 17:20 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-14 09:41 - 2016-07-07 17:20 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-14 09:41 - 2016-07-07 17:20 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-14 09:41 - 2016-07-07 16:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-14 09:41 - 2016-07-01 17:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 09:41 - 2016-07-01 17:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-14 09:41 - 2016-06-06 17:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-14 09:41 - 2016-06-06 17:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-14 09:41 - 2016-06-06 17:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-14 09:41 - 2016-06-06 17:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-14 09:41 - 2016-05-13 23:50 - 02945536 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-14 09:41 - 2016-05-13 23:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-14 09:41 - 2016-05-13 23:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-14 09:41 - 2016-05-13 23:39 - 02060288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-14 09:41 - 2016-05-13 23:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-14 09:41 - 2016-05-13 23:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-14 09:41 - 2016-05-13 23:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-14 09:41 - 2016-05-13 23:38 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-14 09:41 - 2016-05-13 23:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-14 09:41 - 2016-05-13 23:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-14 09:41 - 2016-05-13 23:38 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-14 09:41 - 2016-05-12 17:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-09-14 09:41 - 2016-05-12 17:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-14 09:41 - 2016-05-04 19:21 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-14 09:41 - 2016-05-04 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-14 09:41 - 2016-05-04 19:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-14 09:41 - 2016-05-04 19:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-14 09:41 - 2016-05-04 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-14 09:41 - 2016-05-04 19:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-14 09:41 - 2016-05-04 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-11 17:22 - 2016-09-11 17:22 - 01767605 _____ C:\Users\miroslav\Desktop\Fitnes vezbe.mp4
2016-09-09 10:53 - 2016-10-02 17:00 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\uTorrent
2016-09-08 15:49 - 2016-09-08 15:49 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-08 15:49 - 2016-09-08 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-09-08 15:49 - 2016-09-08 15:49 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2016-09-08 15:49 - 2016-09-08 15:49 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-08 14:47 - 2016-09-23 16:13 - 00000834 _____ C:\Users\miroslav\Desktop\gf.txt
2016-09-06 16:11 - 2016-09-06 16:11 - 03255775 _____ C:\Users\miroslav\Desktop\Osnovna-podesavanja-grafickog-okruzenja-i-rad-sa-podacima.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-02 19:10 - 2016-02-03 12:17 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\uTorrent
2016-10-02 18:52 - 2016-02-23 19:39 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1981283564-2037280381-1702048796-1000Core.job
2016-10-02 18:42 - 2016-08-25 16:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-02 18:39 - 2016-03-02 19:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-02 18:29 - 2016-01-31 03:18 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-02 17:10 - 2009-07-14 06:34 - 00029440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-02 17:10 - 2009-07-14 06:34 - 00029440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-02 17:05 - 2016-01-31 03:35 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Skype
2016-10-02 16:59 - 2016-01-31 04:08 - 00000000 ____D C:\ProgramData\MCShield
2016-10-02 16:59 - 2016-01-31 03:18 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-02 16:59 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-02 16:58 - 2016-02-01 11:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-01 23:20 - 2016-01-31 03:27 - 00001945 _____ C:\Windows\epplauncher.mif
2016-10-01 23:20 - 2016-01-31 03:26 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-10-01 23:19 - 2016-01-31 03:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-10-01 13:32 - 2016-01-31 18:55 - 00000000 ___RD C:\Users\miroslav\Desktop\video
2016-10-01 10:10 - 2016-06-04 13:34 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-10-01 09:06 - 2016-02-05 10:02 - 00000000 ____D C:\Windows\Minidump
2016-10-01 09:05 - 2012-08-14 15:30 - 00162705 ____N C:\Windows\Minidump\100116-26988-01.dmp
2016-09-27 13:23 - 2016-01-31 03:24 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\AIMP
2016-09-27 13:22 - 2016-01-31 14:11 - 00000000 ____D C:\ProgramData\TEMP
2016-09-27 13:15 - 2016-02-21 12:54 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\NCH Software
2016-09-25 08:36 - 2016-01-31 03:25 - 00000000 ___RD C:\Program Files\Skype
2016-09-25 08:36 - 2016-01-31 03:25 - 00000000 ____D C:\ProgramData\Skype
2016-09-25 08:32 - 2016-01-31 17:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-23 13:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2016-09-23 12:18 - 2016-01-31 03:00 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-23 12:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-09-21 17:52 - 2016-04-25 09:33 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-09-15 08:46 - 2009-07-14 06:33 - 00375312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-15 08:38 - 2009-07-14 09:49 - 00000000 ____D C:\Windows\ShellNew
2016-09-14 22:51 - 2016-02-01 10:41 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 22:44 - 2016-02-01 10:41 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-13 17:39 - 2016-03-02 19:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-09-13 17:39 - 2016-03-02 19:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-09-13 17:39 - 2016-02-10 11:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-10 11:50 - 2016-01-31 03:11 - 00000000 ___RD C:\Users\miroslav\Desktop\Precice
2016-09-10 11:42 - 2013-02-22 20:46 - 00244169 ____H C:\Users\miroslav\Desktop\Briefcase Database
2016-09-09 20:58 - 2016-02-21 12:54 - 00000000 ____D C:\ProgramData\NCH Software
2016-09-08 15:58 - 2016-01-31 03:33 - 00093472 _____ C:\Users\miroslav\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-08 15:50 - 2016-01-31 13:04 - 00000376 _____ C:\Windows\ODBC.INI
2016-09-08 15:50 - 2016-01-31 04:06 - 00000000 ____D C:\ProgramData\Unchecky
2016-09-08 15:49 - 2016-01-31 13:02 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-08 15:49 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-08 15:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system
2016-09-08 15:21 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-08 15:20 - 2009-07-14 04:04 - 00000489 _____ C:\Windows\win.ini
2016-09-06 10:43 - 2016-02-25 20:06 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Nitro PDF

==================== Files in the root of some directories =======

2016-03-16 18:23 - 2016-04-26 09:45 - 0000096 _____ () C:\Users\miroslav\AppData\Roaming\Camdata.ini
2016-03-16 18:23 - 2016-04-26 09:45 - 0000408 _____ () C:\Users\miroslav\AppData\Roaming\CamLayout.ini
2016-03-16 18:23 - 2016-04-26 09:45 - 0000408 _____ () C:\Users\miroslav\AppData\Roaming\CamShapes.ini
2016-03-16 18:23 - 2016-04-26 09:45 - 0004547 _____ () C:\Users\miroslav\AppData\Roaming\CamStudio.cfg
2016-03-16 18:11 - 2016-04-26 09:45 - 0000096 _____ () C:\Users\miroslav\AppData\Roaming\version2.xml
2016-08-12 19:32 - 2016-08-12 19:32 - 0000367 _____ () C:\Users\miroslav\AppData\Roaming\Weather Meter_Settings.ini
2016-02-26 20:18 - 2016-02-26 20:19 - 0003584 _____ () C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\miroslav\AppData\Local\Temp\2.exe
C:\Users\miroslav\AppData\Local\Temp\2665.tmp.exe
C:\Users\miroslav\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\miroslav\AppData\Local\Temp\DriverBoosterSetup.exe
C:\Users\miroslav\AppData\Local\Temp\Execute2App.exe
C:\Users\miroslav\AppData\Local\Temp\FFSetupLatest.exe
C:\Users\miroslav\AppData\Local\Temp\msvcp90.dll
C:\Users\miroslav\AppData\Local\Temp\msvcr90.dll
C:\Users\miroslav\AppData\Local\Temp\ResetDevice.exe
C:\Users\miroslav\AppData\Local\Temp\SkypeSetup.exe
C:\Users\miroslav\AppData\Local\Temp\sqlite3.dll
C:\Users\miroslav\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 09:23

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2016-09-08] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2016-04-02]
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\miroslav\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
GroupPolicy: Restriction ? <======= ATTENTION
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234 -> goMovix
CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex"
CHR Extension: (Fast search v3.5) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2016-08-11]
CHR Extension: (Nemoze da se izbrise) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid [2016-08-11]
OPR Extension: (Fast search v3.5) - C:\Users\miroslav\AppData\Roaming\Opera Software\Opera Stable\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2016-08-11]
C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
C:\Users\miroslav\AppData\Local\vghd\bin
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [154]
AlternateDataStreams: C:\ProgramData\TEMP:62220827 [136]
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [122]
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

Napisano: 03 Okt 2016 9:48

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-10-2016
Ran by miroslav (03-10-2016 09:37:39) Run:1
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Boot Mode: Normal

==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2016-09-08] ()
Startup: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2016-04-02]
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\miroslav\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
GroupPolicy: Restriction ? <======= ATTENTION
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bagi40tt.default-1456181436234 -> goMovix
CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex"
CHR Extension: (Fast search v3.5) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2016-08-11]
CHR Extension: (Nemoze da se izbrise) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid [2016-08-11]
OPR Extension: (Fast search v3.5) - C:\Users\miroslav\AppData\Roaming\Opera Software\Opera Stable\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2016-08-11]
C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
C:\Users\miroslav\AppData\Local\vghd\bin
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [154]
AlternateDataStreams: C:\ProgramData\TEMP:62220827 [136]
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [122]
EmptyTemp:
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully.
"HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}" => key removed successfully.
C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk => moved successfully
C:\Users\miroslav\AppData\Local\vghd\bin\vghd.exe => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
Firefox DefaultSearchEngine removed successfully.
Chrome StartupUrls => removed successfully.
C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp => moved successfully
C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid => moved successfully
C:\Users\miroslav\AppData\Roaming\Opera Software\Opera Stable\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp => moved successfully
Could not move "C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll" => Scheduled to move on reboot.

"C:\Users\miroslav\AppData\Local\vghd\bin" folder move:

Could not move "C:\Users\miroslav\AppData\Local\vghd\bin" => Scheduled to move on reboot.

C:\Windows => ":nlsPreferences" ADS removed successfully..
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully..
C:\ProgramData\TEMP => ":62220827" ADS removed successfully..
C:\ProgramData\TEMP => ":8E5EA40F" ADS removed successfully..

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14006998 B
Java, Flash, Steam htmlcache => 45108 B
Windows/system/drivers => 97826478 B
Edge => 0 B
Chrome => 49164944 B
Firefox => 394886905 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 424 B
LocalService => 132244 B
NetworkService => 2906506 B
miroslav => 625121954 B

RecycleBin => 3486499 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-10-2016 09:44:50)

C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll => is moved successfully
C:\Users\miroslav\AppData\Local\vghd\bin => moved successfully

==== End of Fixlog 09:44:51 ====

Dopuna: 03 Okt 2016 9:59

Fajl C:\FRST\Quarantine je 28mb nemoze da se posalje

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Probaj da ispratiš ovo uputstvo kako da napraviš razdijeljenju arhivu u WinRAR-u, pa je tako probaj uploadovati.
http://www.addictivetips.com/windows-tips/how-to-s.....them-back/

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

Poslao sam FRST karantine u 4 rar fajla

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

Nema c1 , ima samo C0 i S0 pa evo saljem oba.
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?


Arrow

Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.


- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.




• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.


• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.




Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

Napisano: 04 Okt 2016 18:07

https://www.mycity.rs/must-login.png

Dopuna: 04 Okt 2016 19:47

Problem zbog koga sam u ambulanti i dalje postoji , ikonica desktop i dalje nemoze da se otvori

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Možeš li m inapraviti screenshot te ikonice?

Ko je trenutno na forumu
 

Ukupno su 1415 korisnika na forumu :: 62 registrovanih, 5 sakrivenih i 1348 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, 39mm, amaterSRB, Apok, Atomski čoban, Batinas, bojank, Boris90, Brana01, darkangel, DeerHunter, Dežurni pod palubom, Djokislav, dmdr, Dorcolac, drimer, Duh sa sekirom, Georgius, HogarStrashni, ikan, Ilija Cvorovic, Insan, kinez88, Klecaviks, kokodakalo, Kruger, Krvava Devetka, Kubovac, kunktator, Kure126-7, Litostroton, LUDI, Luka Blažević, Lukaaa, Lutvo_Redzepagic, milenko crazy north, mkukoleca, MrNo, nebkv, Nemanja.M, nemkea71, Neretva, oganj123, oldtimer, opt1, robert1979, royst33, sap, sasa87, slonic_tonic, Srle993, stegonosa, StepskiVuk, suton, Tvrtko I, vathra, virked, VJ, vukdra, yufighter, Zimbabwe, zlaya011