Pokupljeni sa online filmova

Pokupljeni sa online filmova

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Napisano: 13 Jul 2016 11:53

Poz ekipa,

Juce postjetih sajt online filmovi sa prevodom i odmah nakon njega mi zabudali komp, prije svega chrome, sva instorija i favorites su mi izbrisani, pa sve nesto sam instalira. Skinuh malwarebytes ocistih sa njim ali i dalje budali po malo.

Windows 8.1 je u pitanju.

Dopuna: 13 Jul 2016 12:00

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
Ran by Nikola Pejovic (administrator) on NIKOLAPC (13-07-2016 11:55:47)
Running from C:\Users\Nikola Pejovic\Downloads
Loaded Profiles: Nikola Pejovic (Available Profiles: Nikola Pejovic)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(猫哈网络 版权所有) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
() C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe
(重庆悦微捷科技有限公司) C:\Program Files\YueweijieNetTrans\TransHost.exe
() C:\Users\Nikola Pejovic\AppData\Local\40EACB4B-1468409017-E011-B495-A9D1B81A1D31\qnse220A.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
() C:\Users\Nikola Pejovic\AppData\Local\Viber\Viber.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(eee) C:\Users\Nikola Pejovic\AppData\Roaming\THREADAPP.exe
() C:\Users\Nikola Pejovic\AppData\Roaming\adb.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Nikola Pejovic\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM-x32\...\Run: [MTel_ontenegro Imola ModemListener] => C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [125504 2012-05-14] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ACPW07EN] => C:\Program Files (x86)\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [EYAN] => C:\Users\Nikola Pejovic\AppData\Roaming\THREADAPP.exe [9216000 2016-07-05] (eee)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Viber] => C:\Users\Nikola Pejovic\AppData\Local\Viber\Viber.exe [80036560 2015-05-25] ()
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Dropbox Update] => C:\Users\Nikola Pejovic\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: D - "D:\autorun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {06ffbd2c-e5fb-11e4-827d-60d819ea6866} - "G:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {06ffbd7f-e5fb-11e4-827d-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {1c2b1253-13c8-11e4-825a-60d819ea6866} - "D:\autorun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {403db24f-c8f7-11e5-82b9-60d819ea6866} - "G:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {46966f1b-2cac-11e5-8285-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {4c352bcc-f3da-11e4-827e-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {8f3306ca-33bd-11e4-825e-60d819ea6866} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {8f3306d8-33bd-11e4-825e-60d819ea6866} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {e4e87462-9b4c-11e5-82ac-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {e4e87525-9b4c-11e5-82ac-60d819ea6866} - "D:\AutoRun.exe"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => C:\Program Files\ZipTool\JZipExt.dll [2015-11-30] ()
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2016-07-13] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
Startup: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.2.1.66 193.2.1.72
Tcpip\..\Interfaces\{2685DFB0-E5AB-43CB-B5EE-5F4148B3C450}: [DhcpNameServer] 193.2.1.66 193.2.1.72
Tcpip\..\Interfaces\{51D99859-CEE1-4B15-AA5C-B73E1ABD6149}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2864281891-3376825052-3278056506-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-02] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-11-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-11-03] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-11] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-07-11] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-24] [not signed]

Chrome:
=======
CHR DefaultSearchURL: pruvchshzedomhalgh -> hxxp://feed.wiki-search.me/?st=ds&query={searchTerms}
CHR DefaultSearchKeyword: pruvchshzedomhalgh -> Wiki Search.me
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-08-16] () [File not signed]
R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219072 2016-07-13] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 MaohaWifiSvr; C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe [170464 2014-12-18] (猫哈网络 版权所有)
R2 MTel_ontenegro Imola Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 YueweijieTransHost; C:\Program Files\YueweijieNetTrans\TransHost.exe [634216 2016-06-20] (重庆悦微捷科技有限公司)
R2 zigipyro; C:\Users\Nikola Pejovic\AppData\Local\40EACB4B-1468409017-E011-B495-A9D1B81A1D31\qnse220A.tmp [158720 2015-12-26] () [File not signed]
R2 ziphost; c:\program files\ziptool\ziphost.dll [114080 2015-11-30] ()
S2 FastCompress; C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [375040 2013-10-23] (Huawei Technologies Co., Ltd.)
S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92872 2016-07-13] (WinMount International Inc)
R1 MaohaWifiNetPro; C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaoHaWiFiNet64.sys [871152 2015-10-27] ()
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-07-04] (Huorong Borui (Beijing) Technology Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2013-10-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [236888 2013-10-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R1 ZipProtect; c:\program files\ziptool\ZipProtect64.sys [886512 2015-12-14] ()
S1 MpKsl209e431b; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D12B0855-EECF-4B7D-9690-D53D32B4F929}\MpKsl209e431b.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-13 11:55 - 2016-07-13 11:56 - 00021301 _____ C:\Users\Nikola Pejovic\Downloads\FRST.txt
2016-07-13 11:55 - 2016-07-13 11:55 - 02390528 _____ (Farbar) C:\Users\Nikola Pejovic\Downloads\FRST64.exe
2016-07-13 11:55 - 2016-07-13 11:55 - 02390528 _____ (Farbar) C:\Users\Nikola Pejovic\Downloads\FRST64 (1).exe
2016-07-13 11:55 - 2016-07-13 11:55 - 00000000 ____D C:\FRST
2016-07-13 11:44 - 2016-07-13 11:44 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-07-13 11:26 - 2016-07-13 11:42 - 00000080 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìÑ1.lnk
2016-07-13 11:23 - 2016-07-13 11:23 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\40EACB4B-1468409017-E011-B495-A9D1B81A1D31
2016-07-13 11:01 - 2016-07-13 11:19 - 00000492 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2016-07-13 11:01 - 2016-07-13 11:01 - 00003460 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2016-07-13 10:56 - 2016-07-13 11:43 - 00001072 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-13 10:56 - 2016-07-13 10:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-13 10:56 - 2016-07-13 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-13 10:56 - 2016-07-13 10:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-13 10:56 - 2016-07-13 10:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-13 10:56 - 2016-07-04 07:53 - 51376752 _____ (UCWeb Inc.) C:\Users\Nikola Pejovic\AppData\Roaming\Browser_V5.6.14087.7_r_4681_(Build1607010949).exe
2016-07-13 10:56 - 2016-07-04 07:38 - 51373168 _____ (UCWeb Inc.) C:\Users\Nikola Pejovic\AppData\Roaming\Browser_V5.6.14087.7_r_4700_(Build1607010949).exe
2016-07-13 10:56 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-13 10:56 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-13 10:56 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-13 10:55 - 2016-07-13 10:55 - 22851472 _____ (Malwarebytes ) C:\Users\Nikola Pejovic\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-13 10:54 - 2016-07-13 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress
2016-07-13 10:54 - 2016-07-05 07:58 - 09216000 _____ (eee) C:\Users\Nikola Pejovic\AppData\Roaming\THREADAPP.exe
2016-07-13 10:53 - 2016-07-13 10:54 - 00000000 ____D C:\Program Files\ZipTool
2016-07-13 00:37 - 2016-06-23 14:47 - 08300392 _____ (重庆悦微捷科技有限公司) C:\Users\Nikola Pejovic\AppData\Roaming\Setup.exe
2016-07-13 00:34 - 2016-07-13 10:36 - 00000000 ____D C:\Program Files\¿ìѹ
2016-07-13 00:33 - 2016-07-13 10:50 - 00000000 ____D C:\Program Files\YueweijieNetTrans
2016-07-13 00:30 - 2016-07-13 11:44 - 07616340 _____ C:\Users\Nikola Pejovic\AppData\Roaming\setup.apk
2016-07-13 00:30 - 2016-07-13 11:43 - 00732869 _____ C:\Users\Nikola Pejovic\AppData\Roaming\xdo.zip
2016-07-13 00:30 - 2016-07-13 00:45 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Kuaizip
2016-07-13 00:30 - 2016-07-13 00:34 - 00000853 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk
2016-07-13 00:30 - 2016-07-13 00:30 - 00092872 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2016-07-13 00:30 - 2016-07-13 00:30 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Softlink
2016-07-13 00:27 - 2016-07-13 11:38 - 00000000 ____D C:\Program Files\BitTorrent
2016-07-13 00:26 - 2016-07-13 00:26 - 00018432 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Main.dat
2016-07-13 00:25 - 2016-07-13 00:25 - 07102976 _____ C:\Users\Nikola Pejovic\AppData\Roaming\agent.dat
2016-07-13 00:25 - 2016-07-13 00:24 - 00709120 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Softis.exe
2016-07-13 00:25 - 2016-07-13 00:24 - 00709120 _____ C:\Users\Nikola Pejovic\AppData\Roaming\New-Fresh.exe
2016-07-13 00:24 - 2016-07-13 00:24 - 00128512 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Installer.dat
2016-07-13 00:22 - 2016-07-13 00:22 - 00000000 ____D C:\Program Files (x86)\USBBoxLite
2016-07-13 00:22 - 2016-02-18 10:10 - 05267952 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\ziptool_wc-9015_setup.exe
2016-07-13 00:21 - 2016-07-13 00:21 - 00000000 ____D C:\Program Files (x86)\GreatMaker
2016-07-13 00:21 - 2016-05-26 10:51 - 04761392 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\usbboxlite_4001_o_8209_hn.exe
2016-07-13 00:20 - 2016-07-01 11:19 - 08284704 _____ (深圳市伟创科技软件有限公司) C:\Users\Nikola Pejovic\AppData\Roaming\MaoHaWiFiSetup_263.exe
2016-07-13 00:19 - 2016-07-13 00:20 - 00001520 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2016-07-13 00:19 - 2016-07-13 00:20 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-07-13 00:16 - 2016-07-13 11:25 - 00000000 ____D C:\Program Files (x86)\Tholigetermught
2016-07-13 00:16 - 2016-07-13 04:29 - 00344576 _____ C:\Users\Nikola Pejovic\AppData\Roaming\RandomDelJiheReg.exe
2016-07-13 00:16 - 2016-07-13 00:16 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\levispmenoycazuk
2016-07-13 00:13 - 2016-07-13 00:13 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\UCBrowser
2016-07-13 00:13 - 2016-07-04 07:47 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys
2016-07-13 00:12 - 2016-07-13 11:01 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-07-13 00:11 - 2016-07-13 00:11 - 00009024 _____ C:\Windows\System32\Tasks\Phuktherjerzodom Helper
2016-07-13 00:11 - 2016-07-13 00:09 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-07-13 00:10 - 2016-07-13 00:12 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\thuboshsorotvedety
2016-07-13 00:09 - 2016-07-13 11:25 - 00000000 ____D C:\Program Files (x86)\ContentPush
2016-07-13 00:09 - 2016-07-13 11:25 - 00000000 ____D C:\Program Files (x86)\Clmoied
2016-07-13 00:09 - 2016-07-13 00:19 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\app
2016-07-13 00:09 - 2016-07-13 00:09 - 00000000 ____D C:\Program Files (x86)\WeatherChickn
2016-07-13 00:09 - 2016-07-13 00:09 - 00000000 ____D C:\extensions
2016-07-13 00:09 - 2016-07-11 15:34 - 00936960 ___SH (AutoIt Team) C:\Users\Nikola Pejovic\AppData\Roaming\UZYFMBEaaYgNhFSDVKRGN.txt
2016-07-13 00:09 - 2016-07-11 15:34 - 00653328 ___SH C:\Users\Nikola Pejovic\AppData\Roaming\VVShWZTYTVHH
2016-07-13 00:09 - 2016-07-11 15:34 - 00036494 ___SH C:\Users\Nikola Pejovic\AppData\Roaming\UZYFMBEaaYgNhFSDVKR
2016-07-11 23:34 - 2016-07-11 23:34 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-11 16:45 - 2016-07-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSmartSoft
2016-07-11 16:45 - 2016-07-11 16:45 - 00000000 ____D C:\Program Files (x86)\FreeSmartSoft
2016-07-11 16:44 - 2016-07-11 16:44 - 02099385 _____ (FreeSmartSoft ) C:\Users\Nikola Pejovic\Downloads\FSSePubReaderSetup.exe
2016-07-11 16:40 - 2016-07-11 16:40 - 00354816 _____ C:\Users\Nikola Pejovic\Downloads\John Kenneth Galbraith-The Anatomy of Power -Houghton Mifflin (1983).epub
2016-07-11 16:39 - 2016-07-11 16:39 - 00500695 _____ C:\Users\Nikola Pejovic\Downloads\John Kenneth Galbraith-A Journey Through Economic Time_ A Firsthand View-Houghton Mifflin (1994).epub
2016-07-11 16:37 - 2016-07-11 16:37 - 01052872 _____ C:\Users\Nikola Pejovic\Downloads\John Kenneth Galbraith-The Affluent Society-Mariner Books (1998).epub
2016-07-11 15:52 - 2016-07-11 15:52 - 03482889 _____ C:\Users\Nikola Pejovic\Desktop\Za-Pametnu-Hrvatsku-JLH-za-web.pdf
2016-07-11 15:16 - 2016-07-11 15:16 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\BlueStacks
2016-07-11 11:35 - 2016-07-11 11:35 - 00459740 _____ C:\Users\Nikola Pejovic\Downloads\2095-Vozni_red_letalisce_2015_verzija_5_5_2015 (1).pdf
2016-07-11 11:28 - 2016-07-11 11:28 - 00459740 _____ C:\Users\Nikola Pejovic\Downloads\2095-Vozni_red_letalisce_2015_verzija_5_5_2015.pdf
2016-07-09 19:52 - 2016-07-09 19:52 - 00105771 _____ C:\Users\Nikola Pejovic\Downloads\ZIZEK-AND-THE-REAL-3-.pdf
2016-07-09 19:52 - 2016-07-09 19:52 - 00105771 _____ C:\Users\Nikola Pejovic\Downloads\ZIZEK-AND-THE-REAL-3- (1).pdf
2016-07-08 18:48 - 2016-07-08 18:48 - 01958127 _____ C:\Users\Nikola Pejovic\Downloads\3_164_07_07_2016.pdf
2016-07-08 18:06 - 2016-07-08 18:06 - 06607747 _____ C:\Users\Nikola Pejovic\Downloads\Allan H. Meltzer-A History of the Federal Reserve, Vol. 1_ 1913-1951-University of Chicago Press (2003).epub
2016-07-08 09:37 - 2016-07-08 09:37 - 00116108 _____ C:\Users\Nikola Pejovic\Downloads\Pejovic.pdf
2016-06-30 16:40 - 2016-06-30 16:40 - 00861934 _____ C:\Users\Nikola Pejovic\Downloads\Barry Eichengreen-Globalizing Capital_ A History of the International Monetary System (Second Edition) (2008).pdf
2016-06-30 00:04 - 2016-06-30 00:04 - 00017892 _____ C:\Users\Nikola Pejovic\Downloads\157994-drive.2011.720p.bdrip.xvid.ac3vision.zip
2016-06-29 19:49 - 2016-06-29 19:49 - 00163524 _____ C:\Users\Nikola Pejovic\Downloads\Bitcoin.pdf
2016-06-29 16:07 - 2016-06-29 16:07 - 00163524 _____ C:\Users\Nikola Pejovic\Desktop\Bitcoin .pdf
2016-06-28 03:12 - 2016-06-28 03:12 - 00314434 ____N C:\Users\Nikola Pejovic\AppData\Roaming\EYapp.apk
2016-06-24 15:11 - 2016-06-24 15:11 - 00030720 _____ C:\Users\Nikola Pejovic\Downloads\rezultati_24_6_2016_.xls
2016-06-24 11:19 - 2016-06-24 11:19 - 11518293 _____ C:\Users\Nikola Pejovic\Downloads\JF2016_Croatia Booklet-180-508-180-534.pdf
2016-06-23 18:32 - 2016-06-23 18:32 - 00100469 _____ C:\Users\Nikola Pejovic\Downloads\ReI_for_Evaluators for scholarships_Master.pdf
2016-06-22 13:42 - 2016-06-22 13:42 - 00009756 _____ C:\Users\Nikola Pejovic\Downloads\1466586365.zip
2016-06-22 08:44 - 2016-06-22 08:44 - 00000862 _____ C:\Users\Nikola Pejovic\Downloads\stream
2016-06-17 14:41 - 2016-06-17 14:41 - 00130102 _____ C:\Users\Nikola Pejovic\Downloads\1466148566.zip
2016-06-16 11:55 - 2016-06-16 11:55 - 00113205 _____ C:\Users\Nikola Pejovic\Downloads\EP-KA1-HE-Int-Studies_7914fe55-7824-4d66-9a29-b7ad207a4c33.pdf
2016-06-15 22:02 - 2016-06-15 22:02 - 00000000 ____D C:\Users\Nikola Pejovic\Desktop\pics
2016-06-15 18:01 - 2016-06-20 14:06 - 00052192 _____ C:\Users\Nikola Pejovic\Desktop\New Journal Document.jnt
2016-06-15 18:01 - 2016-06-15 18:01 - 00000000 ___RD C:\Users\Nikola Pejovic\Documents\Notes
2016-06-15 17:27 - 2016-06-15 17:27 - 00010076 _____ C:\Users\Nikola Pejovic\Downloads\1465995064.zip
2016-06-14 22:27 - 2016-06-14 22:27 - 00030573 _____ C:\Users\Nikola Pejovic\Downloads\235155-thebrothersgrimsby2016.zip
2016-06-14 22:26 - 2016-06-14 22:26 - 00030810 _____ C:\Users\Nikola Pejovic\Downloads\234851-the.brothers.grimsby.2016subrip.srt.zip
2016-06-13 13:51 - 2016-06-13 13:51 - 00037160 _____ C:\Users\Nikola Pejovic\Downloads\HW12[1].pdf
2016-06-13 13:50 - 2016-06-13 13:50 - 00023152 _____ C:\Users\Nikola Pejovic\Downloads\HW_FinalPoints_Year_15_16.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-13 11:48 - 2014-06-12 02:38 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2864281891-3376825052-3278056506-1001
2016-07-13 11:46 - 2015-06-02 14:11 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\ViberPC
2016-07-13 11:46 - 2014-06-13 21:38 - 00000000 ___RD C:\Users\Nikola Pejovic\Dropbox
2016-07-13 11:45 - 2015-09-22 12:16 - 00002345 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-07-13 11:43 - 2016-02-06 12:50 - 00001200 _____ C:\Users\Public\Desktop\Free MP3 Cutter Joiner.lnk
2016-07-13 11:43 - 2016-01-07 00:30 - 00000862 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-07-13 11:43 - 2015-09-18 15:57 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-07-13 11:43 - 2015-09-18 15:57 - 00002149 _____ C:\Users\Public\Desktop\Opera.lnk
2016-07-13 11:43 - 2015-08-08 20:09 - 00000299 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2016-07-13 11:43 - 2015-07-05 19:27 - 00002747 _____ C:\Users\Public\Desktop\Nero Burning ROM 2014.lnk
2016-07-13 11:43 - 2015-06-22 20:04 - 00001096 _____ C:\Users\Public\Desktop\BS.Player FREE.lnk
2016-07-13 11:43 - 2015-06-02 14:11 - 00001053 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2016-07-13 11:43 - 2015-04-21 15:06 - 00001255 _____ C:\Users\Public\Desktop\Internet Manager.lnk
2016-07-13 11:43 - 2014-12-28 15:24 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-07-13 11:43 - 2014-11-21 22:15 - 00002267 _____ C:\Users\Public\Desktop\ACDSee Pro 7.lnk
2016-07-13 11:43 - 2014-10-24 22:20 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2016-07-13 11:43 - 2014-10-24 22:20 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2016-07-13 11:43 - 2014-10-24 22:20 - 00002154 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2016-07-13 11:43 - 2014-10-24 22:20 - 00002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2016-07-13 11:43 - 2014-10-24 22:20 - 00002040 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2016-07-13 11:43 - 2014-10-16 13:49 - 00001365 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-07-13 11:43 - 2014-08-04 10:54 - 00001103 _____ C:\Users\Public\Desktop\Mobi File Reader.lnk
2016-07-13 11:43 - 2014-07-25 21:47 - 00001099 _____ C:\Users\Public\Desktop\HSPA USB MODEM.lnk
2016-07-13 11:43 - 2014-06-29 00:29 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-07-13 11:43 - 2014-06-29 00:29 - 00002033 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-07-13 11:43 - 2014-06-13 07:36 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-13 11:43 - 2014-06-12 02:43 - 00002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-13 11:43 - 2014-06-12 02:43 - 00002157 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-13 11:43 - 2014-06-12 02:32 - 00001422 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-13 11:42 - 2016-03-05 17:10 - 00004994 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NikolaPC-Nikola Pejovic NikolaPC
2016-07-13 11:42 - 2015-09-15 23:45 - 00002676 _____ C:\Users\Nikola Pejovic\Desktop\µTorrent.lnk
2016-07-13 11:42 - 2015-06-22 20:04 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2016-07-13 11:42 - 2015-06-02 14:11 - 00001047 _____ C:\Users\Nikola Pejovic\Desktop\Viber.lnk
2016-07-13 11:42 - 2015-02-06 22:07 - 00002330 _____ C:\Users\Nikola Pejovic\Desktop\Kindle.lnk
2016-07-13 11:42 - 2014-06-30 00:17 - 00000660 _____ C:\Users\Nikola Pejovic\Desktop\LAFF - Shortcut.lnk
2016-07-13 11:39 - 2015-12-20 19:04 - 00000000 ____D C:\ProgramData\OnlineUpdate
2016-07-13 11:39 - 2014-06-12 02:43 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-13 11:38 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-13 11:25 - 2015-06-23 12:50 - 00000000 ____D C:\Program Files (x86)\Video Resumer
2016-07-13 11:25 - 2015-06-23 12:48 - 00000000 ____D C:\Program Files (x86)\50Couppons
2016-07-13 11:25 - 2015-06-03 08:49 - 00000000 ____D C:\Program Files (x86)\NetoCOUpaonn
2016-07-13 11:25 - 2015-03-21 18:03 - 00000000 ____D C:\Program Files (x86)\SSAoLePlus
2016-07-13 11:17 - 2015-09-18 12:50 - 00000000 ____D C:\Users\Nikola Pejovic\Downloads\Lana Del Rey - Honeymoon (2015)
2016-07-13 11:16 - 2014-06-19 02:54 - 03278848 ___SH C:\Users\Nikola Pejovic\Downloads\Thumbs.db
2016-07-13 10:59 - 2014-06-12 02:41 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{05485734-D435-4311-95F2-4238E740C9B6}
2016-07-13 10:56 - 2015-09-18 15:54 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-13 10:56 - 2014-07-23 22:27 - 00000000 ____D C:\Users\Nikola Pejovic\Documents\ViberDownloads
2016-07-13 10:53 - 2014-06-12 02:43 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-13 10:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2016-07-13 10:49 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-13 10:40 - 2015-06-17 15:30 - 00000972 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2864281891-3376825052-3278056506-1001UA.job
2016-07-13 10:40 - 2014-06-13 06:46 - 03898368 ___SH C:\Users\Nikola Pejovic\Desktop\Thumbs.db
2016-07-13 10:38 - 2014-06-13 07:23 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\uTorrent
2016-07-13 10:38 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-13 10:33 - 2016-05-23 17:04 - 00000000 ____D C:\ProgramData\Avg
2016-07-13 10:32 - 2016-05-23 17:03 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\AvgSetupLog
2016-07-13 00:27 - 2016-05-23 17:15 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Mozilla
2016-07-13 00:17 - 2016-01-07 00:23 - 00000000 ____D C:\Program Files\Pismo File Mount Audit Package
2016-07-13 00:14 - 2014-06-12 03:01 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Skype
2016-07-12 18:05 - 2014-06-27 08:25 - 00003742 _____ C:\Windows\System32\Tasks\AutoKMS
2016-07-12 18:03 - 2015-06-02 14:10 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Viber
2016-07-12 11:40 - 2015-06-17 15:30 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2864281891-3376825052-3278056506-1001Core.job
2016-07-12 11:16 - 2014-07-31 14:49 - 00265216 ___SH C:\Users\Nikola Pejovic\Documents\Thumbs.db
2016-07-11 23:35 - 2014-06-13 21:33 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox
2016-07-11 16:42 - 2015-02-06 22:07 - 00000000 ____D C:\Users\Nikola Pejovic\Documents\My Kindle Content
2016-07-11 15:43 - 2016-05-22 23:11 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\LocalLow\uTorrent
2016-07-11 15:16 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-10 13:34 - 2014-06-13 07:36 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\vlc
2016-07-09 23:17 - 2015-06-23 00:03 - 00000000 ____D C:\Users\Nikola Pejovic\Downloads\Taleb
2016-07-08 13:01 - 2014-06-12 02:32 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Packages
2016-07-07 21:28 - 2015-09-18 15:57 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1442584658
2016-07-04 10:22 - 2016-05-18 17:13 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-06-30 18:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-19 23:39 - 2016-05-23 00:36 - 00001683 _____ C:\Users\Nikola Pejovic\Desktop\New Text Document.txt
2016-06-18 15:59 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps

==================== Files in the root of some directories =======

2016-04-26 14:24 - 2016-04-26 14:24 - 0000009 ____N () C:\Users\Nikola Pejovic\AppData\Roaming\a.bat
2010-08-28 22:43 - 2010-08-28 22:43 - 0577335 ____N () C:\Users\Nikola Pejovic\AppData\Roaming\adb.exe
2010-08-28 22:43 - 2010-08-28 22:43 - 0096256 ____N (Google, inc) C:\Users\Nikola Pejovic\AppData\Roaming\AdbWinApi.dll
2010-08-28 22:43 - 2010-08-28 22:43 - 0060928 ____N (Google, inc) C:\Users\Nikola Pejovic\AppData\Roaming\AdbWinUsbApi.dll
2016-07-13 00:25 - 2016-07-13 00:25 - 7102976 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\agent.dat
2015-08-21 17:04 - 2015-08-21 17:23 - 0000024 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\appdataFr25.bin
2016-07-13 10:56 - 2016-07-04 07:53 - 51376752 _____ (UCWeb Inc.) C:\Users\Nikola Pejovic\AppData\Roaming\Browser_V5.6.14087.7_r_4681_(Build1607010949).exe
2016-07-13 10:56 - 2016-07-04 07:38 - 51373168 _____ (UCWeb Inc.) C:\Users\Nikola Pejovic\AppData\Roaming\Browser_V5.6.14087.7_r_4700_(Build1607010949).exe
2016-06-28 03:12 - 2016-06-28 03:12 - 0314434 ____N () C:\Users\Nikola Pejovic\AppData\Roaming\EYapp.apk
2010-08-28 22:43 - 2010-08-28 22:43 - 0356009 ____N () C:\Users\Nikola Pejovic\AppData\Roaming\fastboot.exe
2016-07-13 00:24 - 2016-07-13 00:24 - 0128512 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\Installer.dat
2016-07-13 00:26 - 2016-07-13 00:26 - 0018432 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\Main.dat
2016-07-13 00:20 - 2016-07-01 11:19 - 8284704 _____ (深圳市伟创科技软件有限公司) C:\Users\Nikola Pejovic\AppData\Roaming\MaoHaWiFiSetup_263.exe
2016-07-13 00:25 - 2016-07-13 00:24 - 0709120 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\New-Fresh.exe
2016-07-13 00:16 - 2016-07-13 04:29 - 0344576 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\RandomDelJiheReg.exe
2016-07-13 00:30 - 2016-07-13 11:44 - 7616340 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\setup.apk
2016-07-13 00:37 - 2016-06-23 14:47 - 8300392 _____ (重庆悦微捷科技有限公司) C:\Users\Nikola Pejovic\AppData\Roaming\Setup.exe
2016-07-13 00:25 - 2016-07-13 00:24 - 0709120 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\Softis.exe
2016-07-13 10:54 - 2016-07-05 07:58 - 9216000 _____ (eee) C:\Users\Nikola Pejovic\AppData\Roaming\THREADAPP.exe
2016-07-13 00:21 - 2016-05-26 10:51 - 4761392 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\usbboxlite_4001_o_8209_hn.exe
2016-07-13 00:09 - 2016-07-11 15:34 - 0036494 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\UZYFMBEaaYgNhFSDVKR
2016-07-13 00:09 - 2016-07-11 15:34 - 0936960 ___SH (AutoIt Team) C:\Users\Nikola Pejovic\AppData\Roaming\UZYFMBEaaYgNhFSDVKRGN.txt
2016-07-13 00:09 - 2016-07-11 15:34 - 0653328 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\VVShWZTYTVHH
2016-07-13 00:30 - 2016-07-13 11:43 - 0732869 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\xdo.zip
2016-07-13 00:22 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\ziptool_wc-9015_setup.exe
2015-12-23 23:39 - 2015-12-23 23:39 - 0969852 _____ () C:\Users\Nikola Pejovic\AppData\Local\DjVu-Reader-_1116.rar
2015-09-18 15:55 - 2015-09-18 15:55 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\Nikola Pejovic\AppData\Local\Temp\1468362678V0RDXtmp.exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\1B33.tmp.exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\6DEE.tmp.exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\72D2.tmp.exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\acc.exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\Browser_V5.6.12150.8_r_4726_(Build1604251144).exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\DoubleClick.exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\F239.tmp.exe
C:\Users\Nikola Pejovic\AppData\Local\Temp\setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-07 23:19

==================== End of FRST.txt ============================

Dopuna: 13 Jul 2016 12:03

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop.


Arrow Kada preuzimanje bude zavrseno:

Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija.
Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan.
Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke.
Ako ti zatrazi da restartujes racunar, klikni na Reboot.
Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje.


Arrow Nakon toga, potrebno je da dostavis izvestaj/e:

Na tastaturi pritisni + R u isto vreme.
Kopiraj sledecu komandu i potvrdi sa OK:
%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports
Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Napisano: 13 Jul 2016 12:45

mycity.rs/must-login.png

Dopuna: 13 Jul 2016 13:28

Deep scan koji je sam pokrenut


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno. Sada ponovo pokreni FRST, obelezi Addition.txt, klikni na Scan i prikaci oba izvestaja.

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Za pocetak deinstaliraj sledece programe:
Body Text Feathering
ByteFence Anti-Malware
Compress



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
hosts:
Task: {0ABE61ED-F3BC-4A05-AF71-E9AE32C2AC13} - System32\Tasks\KMS Server OnLogon Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-14] (MDL)
C:\Windows\AutoKMS_VL_ALL
C:\WINDOWS\AutoKMS
Task: {937BFB4D-B6DC-4769-8D1C-32056919EEE3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-06-27] ()
Task: {B4432B9B-D374-401A-B20F-56AB128FBEB6} - System32\Tasks\KMS Server Daily Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-14] (MDL)
Shortcut: C:\Users\Nikola Pejovic\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1231538620_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=value+line&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=768%2C1366&CVID=C27A8277CCC5447B8DDFDA651303E27B (No File)
AlternateDataStreams: C:\Users\Nikola Pejovic\Desktop\little man.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Nikola Pejovic\Desktop\randy.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Nikola Pejovic\Desktop\Screenshot 2016-06-14 17.50.14.png:com.dropbox.attributes [168]
FirewallRules: [{15DB4460-686B-4390-AA5F-AF5E2CC501D3}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{9D971666-E9EA-4CD1-A50C-D8690E94AC79}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{8233649B-9DD9-4068-B3BE-66C9C9C4DB4F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: D - "D:\autorun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {06ffbd2c-e5fb-11e4-827d-60d819ea6866} - "G:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {06ffbd7f-e5fb-11e4-827d-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {1c2b1253-13c8-11e4-825a-60d819ea6866} - "D:\autorun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {403db24f-c8f7-11e5-82b9-60d819ea6866} - "G:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {46966f1b-2cac-11e5-8285-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {4c352bcc-f3da-11e4-827e-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {8f3306ca-33bd-11e4-825e-60d819ea6866} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {8f3306d8-33bd-11e4-825e-60d819ea6866} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {e4e87462-9b4c-11e5-82ac-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {e4e87525-9b4c-11e5-82ac-60d819ea6866} - "D:\AutoRun.exe"
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} =>  No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2864281891-3376825052-3278056506-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: pruvchshzedomhalgh -> hxxp://www.google.com/
S2 FastCompress; C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe [X]
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S1 MpKsl209e431b; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D12B0855-EECF-4B7D-9690-D53D32B4F929}\MpKsl209e431b.sys [X]
2016-07-13 00:13 - 2016-07-13 00:13 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\UCBrowser
2016-07-13 00:12 - 2016-07-13 11:01 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-07-13 12:22 - 2014-06-27 08:25 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
Task: {30DAD72C-FF99-4CE7-889E-77D4B1057DC9} - System32\Tasks\Phuktherjerzodom Helper => C:\Program Files (x86)\Clmoied\Phuktherjerzodomhelperkozerck.exe
C:\Program Files (x86)\Clmoied
C:\Program Files\YueweijieNetTrans
2016-07-13 10:54 - 2016-07-13 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress
2016-07-13 10:53 - 2016-07-13 13:24 - 00000000 ____D C:\Program Files\ZipTool
2016-07-13 00:37 - 2016-06-23 14:47 - 08300392 _____ (重庆悦微捷科技有限公司) C:\Users\Nikola Pejovic\AppData\Roaming\Setup.exe
2016-07-13 00:34 - 2016-07-13 10:36 - 00000000 ____D C:\Program Files\¿ìѹ
2016-07-13 00:33 - 2016-07-13 10:50 - 00000000 ____D C:\Program Files\YueweijieNetTrans
2016-07-13 00:30 - 2016-07-13 11:43 - 00732869 _____ C:\Users\Nikola Pejovic\AppData\Roaming\xdo.zip
2016-07-13 00:30 - 2016-07-13 00:45 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Kuaizip
2016-07-13 00:30 - 2016-07-13 00:30 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Softlink
2016-07-13 00:27 - 2016-07-13 11:38 - 00000000 ____D C:\Program Files\BitTorrent
2016-07-13 00:26 - 2016-07-13 00:26 - 00018432 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Main.dat
2016-07-13 00:25 - 2016-07-13 00:25 - 07102976 _____ C:\Users\Nikola Pejovic\AppData\Roaming\agent.dat
2016-07-13 00:24 - 2016-07-13 00:24 - 00128512 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Installer.dat
2016-07-13 00:22 - 2016-07-13 13:25 - 00000000 ____D C:\Program Files (x86)\USBBoxLite
2016-07-13 00:21 - 2016-07-13 00:21 - 00000000 ____D C:\Program Files (x86)\GreatMaker
2016-07-13 00:19 - 2016-07-13 13:26 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-07-13 00:19 - 2016-07-13 00:20 - 00001520 _____ C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2016-07-13 00:16 - 2016-07-13 13:24 - 00000000 ____D C:\Program Files (x86)\Tholigetermught
2016-07-13 00:16 - 2016-07-13 04:29 - 00344576 _____ C:\Users\Nikola Pejovic\AppData\Roaming\RandomDelJiheReg.exe
2016-07-13 00:16 - 2016-07-13 00:16 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\levispmenoycazuk
2016-07-13 00:13 - 2016-07-13 00:13 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\UCBrowser
2016-07-13 00:12 - 2016-07-13 11:01 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-07-13 00:11 - 2016-07-13 00:11 - 00009024 _____ C:\Windows\System32\Tasks\Phuktherjerzodom Helper
2016-07-13 00:11 - 2016-07-13 00:09 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-07-13 00:10 - 2016-07-13 00:12 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\thuboshsorotvedety
2016-07-13 00:09 - 2016-07-13 11:25 - 00000000 ____D C:\Program Files (x86)\ContentPush
2016-07-13 00:09 - 2016-07-13 11:25 - 00000000 ____D C:\Program Files (x86)\Clmoied
2016-07-13 00:09 - 2016-07-13 00:19 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Local\app
2016-07-13 00:09 - 2016-07-13 00:09 - 00000000 ____D C:\Program Files (x86)\WeatherChickn
2016-07-13 00:09 - 2016-07-13 00:09 - 00000000 ____D C:\extensions
2016-07-13 00:09 - 2016-07-11 15:34 - 00936960 ___SH (AutoIt Team) C:\Users\Nikola Pejovic\AppData\Roaming\UZYFMBEaaYgNhFSDVKRGN.txt
2016-07-13 00:09 - 2016-07-11 15:34 - 00653328 ___SH C:\Users\Nikola Pejovic\AppData\Roaming\VVShWZTYTVHH
2016-07-13 00:09 - 2016-07-11 15:34 - 00036494 ___SH C:\Users\Nikola Pejovic\AppData\Roaming\UZYFMBEaaYgNhFSDVKR
2016-07-11 23:34 - 2016-07-11 23:34 - 00000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-11 16:45 - 2016-07-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSmartSoft
2016-07-11 16:45 - 2016-07-11 16:45 - 00000000 ____D C:\Program Files (x86)\FreeSmartSoft
2016-07-11 16:44 - 2016-07-11 16:44 - 02099385 _____ (FreeSmartSoft ) C:\Users\Nikola Pejovic\Downloads\FSSePubReaderSetup.exe
2016-04-26 14:24 - 2016-04-26 14:24 - 0000009 ____N () C:\Users\Nikola Pejovic\AppData\Roaming\a.bat
2010-08-28 22:43 - 2010-08-28 22:43 - 0577335 ____N () C:\Users\Nikola Pejovic\AppData\Roaming\adb.exe
2010-08-28 22:43 - 2010-08-28 22:43 - 0096256 ____N (Google, inc) C:\Users\Nikola Pejovic\AppData\Roaming\AdbWinApi.dll
2010-08-28 22:43 - 2010-08-28 22:43 - 0060928 ____N (Google, inc) C:\Users\Nikola Pejovic\AppData\Roaming\AdbWinUsbApi.dll
2016-07-13 00:25 - 2016-07-13 00:25 - 7102976 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\agent.dat
2015-08-21 17:04 - 2015-08-21 17:23 - 0000024 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\appdataFr25.bin
2016-06-28 03:12 - 2016-06-28 03:12 - 0314434 ____N () C:\Users\Nikola Pejovic\AppData\Roaming\EYapp.apk
2010-08-28 22:43 - 2010-08-28 22:43 - 0356009 ____N () C:\Users\Nikola Pejovic\AppData\Roaming\fastboot.exe
2016-07-13 00:24 - 2016-07-13 00:24 - 0128512 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\Installer.dat
2016-07-13 00:26 - 2016-07-13 00:26 - 0018432 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\Main.dat
2016-07-13 00:16 - 2016-07-13 04:29 - 0344576 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\RandomDelJiheReg.exe
2016-07-13 00:37 - 2016-06-23 14:47 - 8300392 _____ (重庆悦微捷科技有限公司) C:\Users\Nikola Pejovic\AppData\Roaming\Setup.exe
2016-07-13 00:09 - 2016-07-11 15:34 - 0036494 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\UZYFMBEaaYgNhFSDVKR
2016-07-13 00:09 - 2016-07-11 15:34 - 0936960 ___SH (AutoIt Team) C:\Users\Nikola Pejovic\AppData\Roaming\UZYFMBEaaYgNhFSDVKRGN.txt
2016-07-13 00:09 - 2016-07-11 15:34 - 0653328 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\VVShWZTYTVHH
2016-07-13 00:30 - 2016-07-13 11:43 - 0732869 _____ () C:\Users\Nikola Pejovic\AppData\Roaming\xdo.zip
2015-12-23 23:39 - 2015-12-23 23:39 - 0969852 _____ () C:\Users\Nikola Pejovic\AppData\Local\DjVu-Reader-_1116.rar
2015-09-18 15:55 - 2015-09-18 15:55 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Skeniranje sa AdwCleaner

Preuzmi AdwCleaner i sacuvaj ga na Desktop.

Pokreni alat i sacekaj da se izvrši ažuriranje.
Prihvati Terms of use tako što ceš kliknuti na I Agree.
Klikni Scan i sacekaj da se skeniranje završi.
Kada je gotovo, klikni Clean.
Pojavice se poruka da ce svi programi biti zaustavljeni nakon što klikneš OK, tako da ako imaš nešto da sacuvaš, sada je vreme da to uradiš.
Pojaviše se još dve poruke gde je potrebno kliknuti OK. Racunar ce se restartovati.
Nakon restarta, otvorice se izveštaj, ciji sadržaj možeš kopirati u sledecu poruku.

Napomena: Izveštaji ce biti sacuvani na tvoju sistemsku particiju, obicno je to folder C:\AdwCleaner

Ko je trenutno na forumu
 

Ukupno su 764 korisnika na forumu :: 29 registrovanih, 4 sakrivenih i 731 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., altec.gs, bata melenčan, chica, dexter300, Djokislav, FOX, goxin, GveX, ikan, janezek67, kulus, kybonacci, lekso, Milan A. Nikolic, Mlav, Mugy, NoOneEver Dreams, perica5, Pohovani_00, riva, royst33, ruseskij, Snorks, suton, Tas011, Toper, vasa.93, Vlada1389