Provera sistema

1

Provera sistema

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Juce sam skidao Wondershare Filmora program i posle instalacije kada sam pokusao da ga registrujem nastao je pakao . Umesto slike pozadune pojavila se crna pozadina sa istumbanim ikonama a posle toga iskocio je neki browser koji je poceo da stancuje stranice kao na traci. Nisam mogao da ga zaustavim niti obrisem nego sam presao u safe mod i sa MBAM skenirao sistem i on je nasao 2650 zarazenih fajlova. Smestio sam ih u karantin i posle restara cini mi se da je u redu ali bi ipak zamolio da strucno proverite . Koristim Win7 i Telekom ADSL konekciju
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2017
Ran by miroslav (administrator) on MIROSLAV-PC (19-07-2017 15:52:45)
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-15] (Microsoft Corporation)
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [90112 2008-12-11] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [162304 2008-09-27] (ArcSoft Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\RunOnce: [OMEWPRODUCT_VY3QK] => C:\Program Files\qjkmhcxx1lj\3WP8JHDK07QO4UD.exe [53248 2017-07-18] (%CJ) <==== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2908160 2008-12-19] (Leadtek Research Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [uTorrent] => C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Viber] => C:\Users\miroslav\AppData\Local\Viber\Viber.exe [31344720 2017-06-26] (Viber Media S.à r.l.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [AceStream] => C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2017-03-20] (Innovative Digital Technologies)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Aplfone.vbs] => C:\Users\miroslav\AppData\Roaming\Aplfone\Aplfone.vbs [277 2017-07-18] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [YeaDesktop] => C:\Program Files\YeaDesktop\YeaDesktop.exe [2694144 2017-07-04] () <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [J4QUFTAXK5WRAYZ] => C:\Program Files\KDE6ZJSI8T\KDE6ZJSI8.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [k5vzyy22j4t] => C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu\vvxl5l5sfbv.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [zvz2xyuma2g] => C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk\hmb3ntzyisj.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [7T1ZXF7AU9KNOQY] => C:\Program Files\6XZ9BXVEF7\K4BIA3NI3.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [msiql] => C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe [2072576 2017-07-18] () <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [QDQTXPBS5LR1018] => C:\Program Files\qjkmhcxx1lj\WGN5N.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [qdsmth0awuw] => C:\Users\miroslav\AppData\Roaming\ggyz52iycpc\0rzgz21bv25.exe [8192 2017-07-03] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [daqmgn22m2i] => C:\Users\miroslav\AppData\Roaming\0esq5wdznmu\cb45irw22kz.exe [8192 2017-07-03] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [JQHSFGP3UKI9CA2] => C:\Program Files\9AAA71OGWH\BU7MVFMA0.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3JCTNIROOW5YNQY] => C:\Program Files\95MQJL4777\015DRQ2CU.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [yjthpjlh3ln] => C:\Users\miroslav\AppData\Roaming\p5ndefeqeot\230cdw4uvzt.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [GQ76I4NT06VA1LU] => C:\Program Files\Y70NGKWUL1\Y70NGKWUL.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [2CKFFJWL7LKDWRC] => C:\Program Files\56389F51QN\JDGH8MX5E.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [txukyhdvgg4] => C:\Users\miroslav\AppData\Roaming\5pvvg2niu50\jgmcrtqywml.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [4mplm31tzlm] => C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p\w3andrpve0t.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [1O4LXPA5DC54LXE] => C:\Program Files\YOP79OR9BM\YOP79OR9B.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [0tugovjkqks] => C:\Users\miroslav\AppData\Roaming\jcr2gntx13v\b2itpyz35ic.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [BAFKBP32G3MF7KM] => C:\Program Files\9PWIUK5Z7B\9PWIUK5Z7.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [rb4ce3afx30] => C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a\np4k22q0xw4.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [gqnfskfbp0c] => C:\Users\miroslav\AppData\Roaming\joqcbb41mh5\wgnuoixx2va.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [LJJT8BKT823DUHU] => C:\Program Files\BL00F7MQSA\BO675I7SZ.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [JQ1MJZEMU01Z9R9] => C:\Program Files\0ZPZ91A8JV\COVEH1G9I.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [6U7TIV83IDQHFO5] => C:\Program Files\EH50CN39CR\JKZWKZTIO.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [n2eky4oiprh] => C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw\dwo14bcwexo.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [q4hhmj1y3jq] => C:\Users\miroslav\AppData\Roaming\uybn4p1voba\4vftglojss5.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [ZZSTF24Z1VKNBN8] => C:\Program Files\J9OT8PAW8M\J9OT8PAW8.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [7MGC271MGBU1PE6] => C:\Program Files\J6QA9XQI4R\J6QA9XQI4.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [1gglzonvbig] => C:\Users\miroslav\AppData\Roaming\p0phnppvtie\1d0ftqoxtjk.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [12vyyu10244] => C:\Users\miroslav\AppData\Roaming\oauqw3o5hib\1tbuq4buu02.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [DCMPYJVCA2MYLKX] => C:\Program Files\HM3XXSC872\HM3XXSC87.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [v0f5ndmskhm] => C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs\r1gafzdnpzv.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [10jeocfrzxc] => C:\Users\miroslav\AppData\Roaming\div0bnnteuh\ctbdeqviaak.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [VTYC9H7P0EPXNOP] => C:\Program Files\TNTHMCBYFX\IIIE2R4SJ.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [5rzcdtyr2d1] => C:\Users\miroslav\AppData\Roaming\bl5npweanjg\r1of3r3bt50.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [J81VWGXHWEK99M7] => C:\Program Files\CMWCUTNSN0\CMWCUTNSN.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [AO22QC1BEK8CNLL] => C:\Program Files\HXN6PKGT6N\8D9FRD7GF.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [d5nuhkgozyy] => C:\Users\miroslav\AppData\Roaming\o0evtnfwc14\41sibiqgzk0.exe [8704 2017-07-19] (hvbqsdlfgaluifjgqsflyhf)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: J - J:\AutoRun.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: {e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} - J:\AutoRun.exe
AppInit_DLLs: C:\ProgramData\Voyasollam\Hotsing.dll => C:\ProgramData\Voyasollam\Hotsing.dll [246784 2017-07-18] ()
ShellExecuteHooks: No Name - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Windows\C_02iu57.dat [5843456 2017-07-10] (Micrasaft Carparation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{A1DE0E0E-1595-4216-B22A-8F4F035F1AB3}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131449095583799293&GUID=E22CA7AF-851A-4071-A6B1-3A2C6C6EBEF0
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961669800-890686474-1414387024-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961669800-890686474-1414387024-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-28] (Oracle Corporation)
BHO: º£ÌÔÄ£¿éÖúÊÖ -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> C:\Users\miroslav\AppData\Local\htyh\application\HTDataView.dll [2017-07-04] (上海子丑六合网络科技有限公司)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-28] (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7ostk6yx.default
FF ProfilePath: C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default [2017-07-19]
FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\user.js [2017-07-12]
FF NewTab: Mozilla\Firefox\Profiles\7ostk6yx.default -> C:\\ProgramData\\Voyasollams\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\7ostk6yx.default -> C:\\ProgramData\\Voyasollams\\ff.HP
FF Keyword.URL: Mozilla\Firefox\Profiles\7ostk6yx.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BA1319EBC-C2B0-4125-B64C-C7348CA2A55D%7D&gp=811037
FF Extension: (Tables) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\300414@extcorp.com.xpi [2017-07-12]
FF Extension: (Fast search) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\amcontextmenu@loucypher [2017-07-18]
FF Extension: (S3.Google Translator) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\s3google@translator.xpi [2017-06-04]
FF Extension: (FlashGot) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-28]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2017-05-06]
FF Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF Extension: (User Agent Switcher) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-05-13]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-06-29] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-06-26] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-06-26] [not signed]
FF HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\miroslav\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\miroslav\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-07-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @haitao.com/npHaitaoPlugin -> C:\Users\miroslav\AppData\Local\htyh\application\htwebHelper.dll [2017-07-04] (上海子丑六合网络科技有限公司)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-28] (Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-961669800-890686474-1414387024-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\miroslav\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex","hxxp://mail.ru/cnt/10445?gp=811040"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default [2017-07-19]
CHR Extension: (海淘1号) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh [2017-07-03]
CHR Extension: (Google диск) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-28]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-17]
CHR Extension: (Turtle) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjoabbgdgocpncdlhlfhbaocdddffjf [2016-12-28]
CHR Extension: (YouTube) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28]
CHR Extension: (Gmail ван мреже) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-12-28]
CHR Extension: (Tables) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-18]
CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-06-02]
CHR Extension: (New Tab - Winter Animation) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2017-06-02]
CHR Extension: (Ace Stream Web Extension) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-05-04]
CHR Extension: (Onlive Clock) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2016-12-28]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - <not found>
CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 acd0687e90cb646ef8bdb5fe31fea57d; C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d\f17cfadd2fb8474ddf8c5873949d903b.exe [2058752 2017-07-18] () [File not signed] <==== ATTENTION
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-09-23] (ArcSoft Inc.)
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-07-17] () [File not signed] <==== ATTENTION
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-15] (Microsoft Corporation)
S2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2017-07-12] () [File not signed] <==== ATTENTION
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-15] (Microsoft Corporation)
S2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-10-07] (Nitro PDF Software)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
S2 Unchecky; C:\Program Files\Unchecky\bin\Unchecky_svc.exe [160208 2016-12-28] (RaMMicHaeL) [File not signed]
S2 Voyasollam; C:\ProgramData\\Voyasollam\\Voyasollam.exe [2554368 2017-07-03] (TODO: <Company name>) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 515d0d6d457e280dd2a00b0fe61de159; C:\Windows\system32\drivers\515d0d6d457e280dd2a00b0fe61de159.sys [60680 2017-07-18] (6P0S35) <==== ATTENTION
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-27] (Logitech Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [220088 2017-07-19] (Malwarebytes)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-27] (Logitech Inc.)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [561920 2008-11-19] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [455168 2008-11-19] (eMPIA Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 15:52 - 2017-07-19 15:53 - 00025069 _____ C:\Users\miroslav\Desktop\FRST.txt
2017-07-19 15:52 - 2017-07-19 15:52 - 00000000 ____D C:\ProgramData\dbg
2017-07-19 15:50 - 2017-07-19 15:53 - 00185416 _____ C:\Windows\ntbtlog.txt
2017-07-19 13:01 - 2017-07-19 13:02 - 00000000 ____D C:\Program Files\HXN6PKGT6N
2017-07-19 13:00 - 2017-07-19 13:02 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\o0evtnfwc14
2017-07-19 09:55 - 2017-07-19 09:56 - 00000000 ____D C:\Program Files\CMWCUTNSN0
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\div0bnnteuh
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\bl5npweanjg
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Program Files\TNTHMCBYFX
2017-07-19 09:54 - 2017-07-19 09:54 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs
2017-07-19 09:54 - 2017-07-19 09:54 - 00000000 ____D C:\Program Files\HM3XXSC872
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\oauqw3o5hib
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\fv5b0iz1bbz
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Program Files\WS9P43EU10
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Program Files\M288WOS9V0
2017-07-19 09:36 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Local\SrvInetInfo
2017-07-19 09:36 - 2017-07-19 09:36 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\p0phnppvtie
2017-07-19 09:36 - 2017-07-19 09:36 - 00000000 ____D C:\Program Files\J6QA9XQI4R
2017-07-19 08:31 - 2017-07-19 08:32 - 01778176 _____ (Farbar) C:\Users\miroslav\Desktop\FRST.exe
2017-07-19 07:44 - 2017-07-19 07:45 - 00000000 ____D C:\Program Files\J9OT8PAW8M
2017-07-19 07:44 - 2017-07-19 07:44 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw
2017-07-19 07:43 - 2017-07-19 07:44 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\uybn4p1voba
2017-07-19 07:43 - 2017-07-19 07:44 - 00000000 ____D C:\Program Files\EH50CN39CR
2017-07-19 07:08 - 2017-07-19 07:08 - 00000000 ____D C:\Program Files\0ZPZ91A8JV
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\joqcbb41mh5
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Program Files\BL00F7MQSA
2017-07-19 06:33 - 2017-07-19 06:33 - 00000000 ____D C:\Program Files\9PWIUK5Z7B
2017-07-19 06:31 - 2017-07-19 06:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\jcr2gntx13v
2017-07-19 06:31 - 2017-07-19 06:31 - 00000000 ____D C:\Program Files\YOP79OR9BM
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\5pvvg2niu50
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Program Files\56389F51QN
2017-07-19 00:40 - 2017-07-19 00:46 - 08162248 _____ (Malwarebytes) C:\Users\miroslav\Desktop\adwcleaner_7.0.0.0.exe
2017-07-18 23:42 - 2017-07-18 23:42 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\p5ndefeqeot
2017-07-18 23:42 - 2017-07-18 23:42 - 00000000 ____D C:\Program Files\Y70NGKWUL1
2017-07-18 23:32 - 2017-07-18 23:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Nygi
2017-07-18 23:32 - 2017-07-18 23:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Nutyv
2017-07-18 23:14 - 2017-07-18 23:14 - 00015610 _____ C:\Windows\system32\findit.xml
2017-07-18 23:14 - 2017-07-18 23:14 - 00000000 ____D C:\ProgramData\Voyasollams
2017-07-18 23:13 - 2017-07-19 13:50 - 00000000 ____D C:\Program Files\Common Files\LabRantech
2017-07-18 23:12 - 2017-07-19 15:22 - 00000000 ____D C:\ProgramData\Voyasollam
2017-07-18 23:12 - 2017-07-18 23:13 - 00000000 ____D C:\ProgramData\Logic Cramble
2017-07-18 23:12 - 2017-07-18 23:12 - 07320064 _____ C:\Users\miroslav\AppData\Local\agent.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 01898550 _____ C:\Users\miroslav\AppData\Local\Stringqvosoft.tst
2017-07-18 23:12 - 2017-07-18 23:12 - 01895383 _____ C:\Users\miroslav\AppData\Local\YearHome.bin
2017-07-18 23:12 - 2017-07-18 23:12 - 00126464 _____ C:\Users\miroslav\AppData\Local\noah.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 00070800 _____ C:\Users\miroslav\AppData\Local\Config.xml
2017-07-18 23:12 - 2017-07-18 23:12 - 00018432 _____ C:\Users\miroslav\AppData\Local\Main.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 00005568 _____ C:\Users\miroslav\AppData\Local\md.xml
2017-07-18 23:12 - 2017-07-03 23:08 - 02554368 _____ (TODO: <Company name>) C:\Users\miroslav\AppData\Local\Stringqvosoft.exe
2017-07-18 23:11 - 2017-07-18 23:11 - 00278510 _____ C:\Users\miroslav\AppData\Local\Lighthome.bin
2017-07-18 23:11 - 2017-07-18 23:11 - 00000000 ____D C:\ProgramData\PrefsSecure
2017-07-18 23:08 - 2017-07-18 23:29 - 00000000 ____D C:\Program Files\AVBoost
2017-07-18 23:08 - 2017-07-18 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk
2017-07-18 23:08 - 2017-07-18 23:08 - 00000000 ____D C:\Program Files\6XZ9BXVEF7
2017-07-18 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Program Files\qjkmhcxx1lj
2017-07-18 23:07 - 2017-07-19 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
2017-07-18 23:07 - 2017-07-19 10:03 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Aplfone
2017-07-18 23:07 - 2017-07-18 23:19 - 00000000 ____D C:\Program Files\YeaDesktop
2017-07-18 23:07 - 2017-07-18 23:11 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\UCChannel
2017-07-18 23:07 - 2017-07-18 23:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu
2017-07-18 23:07 - 2017-07-18 23:07 - 00000000 ____D C:\Program Files\KDE6ZJSI8T
2017-07-18 23:07 - 2017-07-10 09:28 - 05843456 ___SH (Micrasaft Carparation) C:\Windows\C_02iu57.dat
2017-07-18 23:06 - 2017-07-19 09:35 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-18 23:04 - 2017-07-18 23:04 - 00992009 _____ C:\Users\miroslav\Desktop\Wondershare_Filmora_8_2.zip
2017-07-18 23:01 - 2017-07-19 00:39 - 00000000 ____D C:\Windows\system32\SSL
2017-07-18 23:01 - 2017-07-18 23:01 - 00000000 ____D C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d
2017-07-18 23:00 - 2017-07-18 23:00 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\BrowserModule
2017-07-18 21:19 - 2017-07-18 21:19 - 00000000 ____D C:\ProgramData\Wondershare
2017-07-18 21:18 - 2017-07-18 22:27 - 00015817 _____ C:\Users\miroslav\Documents\starburn.txt
2017-07-18 21:14 - 2017-07-18 21:14 - 00000000 ____D C:\Users\miroslav\AppData\Local\Wondershare
2017-07-18 21:14 - 2017-07-18 21:14 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2017-07-18 21:13 - 2017-07-18 21:13 - 00000000 ____D C:\Users\miroslav\Desktop\tsMuxeR_2.6.12
2017-07-18 21:13 - 2017-07-18 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-07-18 21:12 - 2017-07-18 21:31 - 00000000 ____D C:\Users\miroslav\Documents\Wondershare Filmora
2017-07-18 21:12 - 2017-07-18 21:12 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2017-07-18 21:12 - 2017-07-18 21:12 - 00000000 ____D C:\Program Files\Wondershare
2017-07-18 21:08 - 2017-07-18 21:11 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-07-18 19:27 - 2017-07-18 19:28 - 01066128 _____ C:\Users\miroslav\Desktop\filmora_setup_full846.exe
2017-07-18 11:13 - 2017-07-18 11:09 - 04537010 _____ C:\Users\miroslav\Desktop\0-02-04-d230889c583442b8bc5d2a2462da7fe446623431b85bd20c867b960774b63393_full.mp4
2017-07-18 11:07 - 2017-07-18 11:07 - 00060680 _____ (6P0S35) C:\Windows\system32\Drivers\515d0d6d457e280dd2a00b0fe61de159.sys
2017-07-18 11:07 - 2017-07-18 11:07 - 00051641 _____ C:\Windows\uninstaller.dat
2017-07-17 23:00 - 2017-07-17 23:00 - 02825369 _____ C:\Users\miroslav\Desktop\tsMuxeR_2.6.12.zip
2017-07-16 20:44 - 2017-07-16 20:44 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2017-07-14 21:09 - 2017-07-14 21:09 - 04436589 _____ C:\Users\miroslav\Desktop\BOSANAC_UHAPŠEN_U_SLOVENIJI_Snimao_odnos_sa_djevojkom_pa_ga_objavio_na_internet_VIDEO_My_Video2_slovenci.mp4
2017-07-12 18:50 - 2017-07-12 18:50 - 00407116 _____ C:\Users\miroslav\Desktop\giphy.mp4
2017-07-12 09:35 - 2017-06-30 04:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 09:35 - 2017-06-30 04:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 09:35 - 2017-06-30 04:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 09:35 - 2017-06-30 04:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 09:35 - 2017-06-30 04:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 09:35 - 2017-06-22 16:50 - 02402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 09:35 - 2017-06-15 22:18 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 09:35 - 2017-06-13 00:32 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 09:35 - 2017-06-13 00:32 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 09:35 - 2017-06-13 00:32 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 09:35 - 2017-06-13 00:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 09:35 - 2017-06-13 00:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 09:35 - 2017-06-13 00:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 09:35 - 2017-06-13 00:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 09:35 - 2017-06-13 00:29 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 09:35 - 2017-06-13 00:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 09:35 - 2017-06-13 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 09:35 - 2017-06-13 00:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 09:35 - 2017-06-13 00:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 09:35 - 2017-06-13 00:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 09:35 - 2017-06-13 00:05 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 09:35 - 2017-06-13 00:05 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 09:35 - 2017-06-13 00:05 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 09:35 - 2017-06-13 00:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 09:35 - 2017-06-13 00:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 09:35 - 2017-06-13 00:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 09:35 - 2017-06-10 17:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 09:35 - 2017-06-09 17:17 - 01213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 09:35 - 2017-06-06 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 09:35 - 2017-05-30 06:39 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 09:35 - 2017-05-30 06:39 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 09:35 - 2017-05-30 06:39 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 09:35 - 2017-05-21 06:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 09:35 - 2017-05-16 17:16 - 00730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 09:35 - 2017-05-16 17:16 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 09:35 - 2017-05-16 17:12 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 09:34 - 2017-05-03 17:15 - 00081640 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 09:34 - 2017-05-03 17:10 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 01327616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 09:34 - 2017-03-23 04:06 - 01602048 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-12 09:25 - 2017-07-19 09:55 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\uTorrent
2017-07-04 22:28 - 2017-07-04 22:28 - 01914041 _____ C:\Users\miroslav\Desktop\video-1499184446.mp4
2017-07-04 10:51 - 2017-07-04 10:51 - 00030102 _____ C:\Users\miroslav\Desktop\Табела 1- База незаконито изграђених објеката.xlsx
2017-07-03 23:09 - 2017-07-19 13:47 - 01847296 _____ C:\Users\miroslav\AppData\Local\po.db
2017-07-03 23:09 - 2017-07-18 23:10 - 00016176 _____ C:\Users\miroslav\AppData\Local\InstallationConfiguration.xml
2017-07-03 23:09 - 2017-07-03 23:09 - 00140800 _____ C:\Users\miroslav\AppData\Local\installer.dat
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\baidu
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\0esq5wdznmu
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Local\UCBrowser
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Local\Tencent
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Local\2345explorer
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Program Files\9AAA71OGWH
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Program Files\95MQJL4777
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HT1H
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\ggyz52iycpc
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\360se6
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\htyh
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Local\htyh
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Local\360chrome
2017-07-03 08:40 - 2017-07-03 08:40 - 00000000 ____D C:\Users\miroslav\AppData\Local\Viber Media S.à r.l
2017-07-03 08:36 - 2017-07-03 08:37 - 00000000 ____D C:\Users\miroslav\AppData\Local\Viber
2017-06-28 13:31 - 2017-06-30 16:32 - 00000057 _____ C:\Windows\vms.dll
2017-06-28 11:36 - 2017-06-28 11:36 - 00000122 _____ C:\Users\miroslav\Desktop\Spijunski program.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 15:52 - 2016-12-28 11:52 - 00001002 _____ C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-19 15:50 - 2017-02-18 11:35 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-19 15:48 - 2017-01-02 11:19 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\uTorrent
2017-07-19 14:38 - 2017-04-21 14:27 - 00000000 ____D C:\ProgramData\TEMP
2017-07-19 11:08 - 2016-12-28 14:46 - 00000000 ____D C:\ProgramData\MCShield
2017-07-19 11:06 - 2016-12-28 12:18 - 00000000 ____D C:\Users\miroslav\Desktop\Precice
2017-07-19 10:13 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-19 10:13 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-19 10:04 - 2017-01-07 19:06 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\ViberPC
2017-07-19 10:03 - 2017-06-02 12:46 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\.ACEStream
2017-07-19 10:03 - 2016-12-28 12:11 - 00002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-19 09:52 - 2016-12-28 12:24 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-19 09:52 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-19 09:34 - 2017-06-11 18:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-19 09:34 - 2016-12-28 17:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-07-19 08:39 - 2017-06-02 16:31 - 00000000 ____D C:\FRST
2017-07-19 08:12 - 2017-04-22 11:29 - 00000000 ____D C:\AdwCleaner
2017-07-18 23:38 - 2009-07-14 06:33 - 00281520 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-18 23:15 - 2016-12-28 17:26 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-18 22:52 - 2017-01-07 19:06 - 00000000 ____D C:\Users\miroslav\Documents\ViberDownloads
2017-07-18 21:19 - 2016-12-28 13:48 - 00064328 _____ C:\Users\miroslav\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-18 20:56 - 2016-10-09 14:31 - 00000000 ___RD C:\Users\miroslav\Desktop\video
2017-07-17 16:01 - 2017-03-19 14:41 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\AVI ReComp
2017-07-16 20:43 - 2017-01-02 18:57 - 00000000 ____D C:\Program Files\FormatFactory
2017-07-15 18:42 - 2016-12-28 11:55 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-15 18:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-07-13 10:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-07-13 08:37 - 2017-01-22 10:40 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-13 00:21 - 2016-12-30 09:13 - 00000000 ____D C:\Windows\system32\MRT
2017-07-13 00:16 - 2016-12-30 09:13 - 132532600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 15:24 - 2017-02-24 15:34 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-11 15:24 - 2017-02-24 15:34 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-11 15:24 - 2017-02-24 15:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-10 15:28 - 2016-12-28 13:43 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\AIMP
2017-06-30 16:32 - 2009-07-14 04:04 - 00000462 _____ C:\Windows\win.ini
2017-06-29 22:55 - 2017-06-04 19:55 - 00000000 ___HD C:\_acestream_cache_
2017-06-26 20:25 - 2016-12-28 16:51 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\Mozilla
2017-06-25 21:59 - 2016-12-28 14:05 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Skype
2017-06-23 22:37 - 2016-12-28 13:44 - 00000000 ____D C:\Program Files\CDBurnerXP
2017-06-23 19:21 - 2016-12-28 13:44 - 00001805 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

==================== Files in the root of some directories =======

2017-07-18 23:12 - 2017-07-18 23:12 - 7320064 _____ () C:\Users\miroslav\AppData\Local\agent.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 0070800 _____ () C:\Users\miroslav\AppData\Local\Config.xml
2017-07-03 23:09 - 2017-07-18 23:10 - 0016176 _____ () C:\Users\miroslav\AppData\Local\InstallationConfiguration.xml
2017-07-03 23:09 - 2017-07-03 23:09 - 0140800 _____ () C:\Users\miroslav\AppData\Local\installer.dat
2017-07-18 23:11 - 2017-07-18 23:11 - 0278510 _____ () C:\Users\miroslav\AppData\Local\Lighthome.bin
2017-07-18 23:12 - 2017-07-18 23:12 - 0018432 _____ () C:\Users\miroslav\AppData\Local\Main.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 0005568 _____ () C:\Users\miroslav\AppData\Local\md.xml
2017-07-18 23:12 - 2017-07-18 23:12 - 0126464 _____ () C:\Users\miroslav\AppData\Local\noah.dat
2017-07-03 23:09 - 2017-07-19 13:47 - 1847296 _____ () C:\Users\miroslav\AppData\Local\po.db
2017-01-20 18:26 - 2017-01-20 18:26 - 0000017 _____ () C:\Users\miroslav\AppData\Local\resmon.resmoncfg
2017-07-18 23:12 - 2017-07-03 23:08 - 2554368 _____ (TODO: <Company name>) C:\Users\miroslav\AppData\Local\Stringqvosoft.exe
2017-07-18 23:12 - 2017-07-18 23:12 - 1898550 _____ () C:\Users\miroslav\AppData\Local\Stringqvosoft.tst
2017-07-18 23:13 - 2017-07-18 23:13 - 0032038 _____ () C:\Users\miroslav\AppData\Local\uninstall_temp.ico
2017-07-18 23:12 - 2017-07-18 23:12 - 1895383 _____ () C:\Users\miroslav\AppData\Local\YearHome.bin

Files to move or delete:
====================
C:\Program Files\qjkmhcxx1lj\3WP8JHDK07QO4UD.exe
C:\Program Files\YeaDesktop\YeaDesktop.exe
C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe


Some files in TEMP:
====================
2017-07-16 20:40 - 2017-07-16 20:41 - 48320824 _____ (Free Time Co., Ltd) C:\Users\miroslav\AppData\Local\Temp\FFSetupLatest.exe
2016-09-15 02:00 - 2016-09-15 02:00 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\miroslav\AppData\Local\Temp\libeay32.dll
2017-07-18 23:26 - 2017-07-18 23:26 - 0053248 _____ (%CJ) C:\Users\miroslav\AppData\Local\Temp\MPO4XVLEPBC8.exe
2016-09-15 02:00 - 2016-09-15 02:00 - 0970912 _____ (Microsoft Corporation) C:\Users\miroslav\AppData\Local\Temp\msvcr120.dll
2017-07-03 23:08 - 2017-07-18 23:08 - 0328160 _____ (WeMonetize ) C:\Users\miroslav\AppData\Local\Temp\NJEUF0E.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 0009728 _____ (JHNF) C:\Users\miroslav\AppData\Local\Temp\speedboostsetup.exe
2016-09-15 02:00 - 2016-09-15 02:00 - 0772672 _____ () C:\Users\miroslav\AppData\Local\Temp\sqlite3.dll
2017-07-18 23:06 - 2017-07-18 23:06 - 1199825 _____ () C:\Users\miroslav\AppData\Local\Temp\unins000.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 0680734 _____ (VideoBox ) C:\Users\miroslav\AppData\Local\Temp\vbinst.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 4205340 _____ ( ) C:\Users\miroslav\AppData\Local\Temp\Yeadesktop.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-12 10:17

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 525

Pozdrav,
molim te da ukloniš Ace Stream Media

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start

CreateRestorePoint:

HKLM\...\RunOnce: [OMEWPRODUCT_VY3QK] => C:\Program Files\qjkmhcxx1lj\3WP8JHDK07QO4UD.exe [53248 2017-07-18] (%CJ) <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Aplfone.vbs] => C:\Users\miroslav\AppData\Roaming\Aplfone\Aplfone.vbs [277 2017-07-18] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [YeaDesktop] => C:\Program Files\YeaDesktop\YeaDesktop.exe [2694144 2017-07-04] () <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [J4QUFTAXK5WRAYZ] => C:\Program Files\KDE6ZJSI8T\KDE6ZJSI8.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [k5vzyy22j4t] => C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu\vvxl5l5sfbv.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [zvz2xyuma2g] => C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk\hmb3ntzyisj.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [7T1ZXF7AU9KNOQY] => C:\Program Files\6XZ9BXVEF7\K4BIA3NI3.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [msiql] => C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe [2072576 2017-07-18] () <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [QDQTXPBS5LR1018] => C:\Program Files\qjkmhcxx1lj\WGN5N.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [qdsmth0awuw] => C:\Users\miroslav\AppData\Roaming\ggyz52iycpc\0rzgz21bv25.exe [8192 2017-07-03] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [daqmgn22m2i] => C:\Users\miroslav\AppData\Roaming\0esq5wdznmu\cb45irw22kz.exe [8192 2017-07-03] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [JQHSFGP3UKI9CA2] => C:\Program Files\9AAA71OGWH\BU7MVFMA0.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3JCTNIROOW5YNQY] => C:\Program Files\95MQJL4777\015DRQ2CU.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [yjthpjlh3ln] => C:\Users\miroslav\AppData\Roaming\p5ndefeqeot\230cdw4uvzt.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [GQ76I4NT06VA1LU] => C:\Program Files\Y70NGKWUL1\Y70NGKWUL.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [2CKFFJWL7LKDWRC] => C:\Program Files\56389F51QN\JDGH8MX5E.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [txukyhdvgg4] => C:\Users\miroslav\AppData\Roaming\5pvvg2niu50\jgmcrtqywml.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [4mplm31tzlm] => C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p\w3andrpve0t.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [1O4LXPA5DC54LXE] => C:\Program Files\YOP79OR9BM\YOP79OR9B.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [0tugovjkqks] => C:\Users\miroslav\AppData\Roaming\jcr2gntx13v\b2itpyz35ic.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [BAFKBP32G3MF7KM] => C:\Program Files\9PWIUK5Z7B\9PWIUK5Z7.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [rb4ce3afx30] => C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a\np4k22q0xw4.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [gqnfskfbp0c] => C:\Users\miroslav\AppData\Roaming\joqcbb41mh5\wgnuoixx2va.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [LJJT8BKT823DUHU] => C:\Program Files\BL00F7MQSA\BO675I7SZ.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [JQ1MJZEMU01Z9R9] => C:\Program Files\0ZPZ91A8JV\COVEH1G9I.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [6U7TIV83IDQHFO5] => C:\Program Files\EH50CN39CR\JKZWKZTIO.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [n2eky4oiprh] => C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw\dwo14bcwexo.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [q4hhmj1y3jq] => C:\Users\miroslav\AppData\Roaming\uybn4p1voba\4vftglojss5.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [ZZSTF24Z1VKNBN8] => C:\Program Files\J9OT8PAW8M\J9OT8PAW8.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [7MGC271MGBU1PE6] => C:\Program Files\J6QA9XQI4R\J6QA9XQI4.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [1gglzonvbig] => C:\Users\miroslav\AppData\Roaming\p0phnppvtie\1d0ftqoxtjk.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [12vyyu10244] => C:\Users\miroslav\AppData\Roaming\oauqw3o5hib\1tbuq4buu02.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [DCMPYJVCA2MYLKX] => C:\Program Files\HM3XXSC872\HM3XXSC87.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [v0f5ndmskhm] => C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs\r1gafzdnpzv.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [10jeocfrzxc] => C:\Users\miroslav\AppData\Roaming\div0bnnteuh\ctbdeqviaak.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [VTYC9H7P0EPXNOP] => C:\Program Files\TNTHMCBYFX\IIIE2R4SJ.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [5rzcdtyr2d1] => C:\Users\miroslav\AppData\Roaming\bl5npweanjg\r1of3r3bt50.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [J81VWGXHWEK99M7] => C:\Program Files\CMWCUTNSN0\CMWCUTNSN.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [AO22QC1BEK8CNLL] => C:\Program Files\HXN6PKGT6N\8D9FRD7GF.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [d5nuhkgozyy] => C:\Users\miroslav\AppData\Roaming\o0evtnfwc14\41sibiqgzk0.exe [8704 2017-07-19] (hvbqsdlfgaluifjgqsflyhf)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: {e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} - J:\AutoRun.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: {e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} - J:\AutoRun.exe
AppInit_DLLs: C:\ProgramData\Voyasollam\Hotsing.dll => C:\ProgramData\Voyasollam\Hotsing.dll [246784 2017-07-18] ()
ShellExecuteHooks: No Name - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Windows\C_02iu57.dat [5843456 2017-07-10] (Micrasaft Carparation)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131449095583799293&GUID=E22CA7AF-851A-4071-A6B1-3A2C6C6EBEF0
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961669800-890686474-1414387024-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961669800-890686474-1414387024-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
BHO: º£ÌÔÄ£¿éÖúÊÖ -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> C:\Users\miroslav\AppData\Local\htyh\application\HTDataView.dll [2017-07-04] (上海子丑六合网络科技有限公司)
FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\user.js [2017-07-12]
FF NewTab: Mozilla\Firefox\Profiles\7ostk6yx.default -> C:\\ProgramData\\Voyasollams\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\7ostk6yx.default -> C:\\ProgramData\\Voyasollams\\ff.HP
FF Keyword.URL: Mozilla\Firefox\Profiles\7ostk6yx.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BA1319EBC-C2B0-4125-B64C-C7348CA2A55D%7D&gp=811037
FF Extension: (Tables) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\300414@extcorp.com.xpi [2017-07-12]
FF Extension: (Fast search) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\amcontextmenu@loucypher [2017-07-18]
FF HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\miroslav\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\miroslav\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-07-12]
FF Plugin: @haitao.com/npHaitaoPlugin -> C:\Users\miroslav\AppData\Local\htyh\application\htwebHelper.dll [2017-07-04] (上海子丑六合网络科技有限公司)
FF Plugin HKU\S-1-5-21-961669800-890686474-1414387024-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\miroslav\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex","hxxp://mail.ru/cnt/10445?gp=811040"
CHR Extension: (海淘1号) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh [2017-07-03]
CHR Extension: (Tables) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-18]
CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-06-02]
CHR Extension: (Ace Stream Web Extension) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-05-04]
CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - <not found>
CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
S2 acd0687e90cb646ef8bdb5fe31fea57d; C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d\f17cfadd2fb8474ddf8c5873949d903b.exe [2058752 2017-07-18] () [File not signed] <==== ATTENTION
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-07-17] () [File not signed] <==== ATTENTION
S2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2017-07-12] () [File not signed] <==== ATTENTION
S2 Voyasollam; C:\ProgramData\\Voyasollam\\Voyasollam.exe [2554368 2017-07-03] (TODO: <Company name>) [File not signed]
S1 515d0d6d457e280dd2a00b0fe61de159; C:\Windows\system32\drivers\515d0d6d457e280dd2a00b0fe61de159.sys [60680 2017-07-18] (6P0S35) <==== ATTENTION
Task: {2F396D00-40F2-47C3-87AC-C28BB2D5A512} - System32\Tasks\Extract Assares and Bell Pad => C:\Windows\system32\rundll32.exe "C:\Program Files\Extract Assares and Bell Pad\Extract Assares and Bell Pad.dll",pPFBMJQZ <==== ATTENTION
Task: {73B0937E-EA1D-4DD6-906C-AC115DECDCF0} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\ProgramData\\WindowsErrorReporting\\wvermgr.exe [2017-07-18] ()
Task: {86A3605A-87CA-4443-9E0A-49A780C46B2A} - System32\Tasks\psv_Freshtrax => cmd.exe /c regedit.exe /s "C:\ProgramData\Voyasollam\SaltHold.reg" & del "C:\ProgramData\Voyasollam\SaltHold.reg" & SCHTASKS /Delete /TN "psv_Freshtrax" /F <==== ATTENTION
Task: {C7159E2F-2E6C-44FA-B416-BBAB21497F69} - System32\Tasks\acd0687e90cb646ef8bdb5fe31fea57d => sc start acd0687e90cb646ef8bdb5fe31fea57d <==== ATTENTION
Shortcut: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
ShortcutWithArgument: C:\Users\miroslav\Desktop\Precice\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [127]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]

C:\Program Files\qjkmhcxx1lj
C:\Program Files\YeaDesktop
C:\Program Files\KDE6ZJSI8T
C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu
C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk
C:\Program Files\6XZ9BXVEF7
C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe
C:\Program Files\qjkmhcxx1lj
C:\Users\miroslav\AppData\Roaming\ggyz52iycpc
C:\Users\miroslav\AppData\Roaming\0esq5wdznmu
C:\Program Files\9AAA71OGWH
C:\Program Files\95MQJL4777
C:\Users\miroslav\AppData\Roaming\p5ndefeqeot
C:\Program Files\Y70NGKWUL1
C:\Program Files\56389F51QN
C:\Users\miroslav\AppData\Roaming\5pvvg2niu50
C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p
C:\Program Files\YOP79OR9BM
C:\Users\miroslav\AppData\Roaming\jcr2gntx13v
C:\Program Files\9PWIUK5Z7B
C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a
C:\Users\miroslav\AppData\Roaming\joqcbb41mh5
C:\Program Files\BL00F7MQSA
C:\Program Files\0ZPZ91A8JV
C:\Program Files\EH50CN39CR
C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw
C:\Users\miroslav\AppData\Roaming\uybn4p1voba
C:\Program Files\J9OT8PAW8M
C:\Program Files\J6QA9XQI4R
C:\Users\miroslav\AppData\Roaming\p0phnppvtie
C:\Users\miroslav\AppData\Roaming\oauqw3o5hib
C:\Program Files\HM3XXSC872
C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs
C:\Users\miroslav\AppData\Roaming\div0bnnteuh
C:\Program Files\TNTHMCBYFX
C:\Users\miroslav\AppData\Roaming\bl5npweanjg
C:\Program Files\CMWCUTNSN0
C:\Program Files\HXN6PKGT6N
C:\Users\miroslav\AppData\Roaming\o0evtnfwc14
C:\ProgramData\Voyasollam
C:\Windows\C_02iu57.dat
C:\Users\miroslav\AppData\Roaming\ACEStream
C:\Users\miroslav\AppData\Local\htyh
C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d
C:\ProgramData\Logic Cramble
C:\ProgramData\PrefsSecure
C:\ProgramData\Voyasollam
C:\Windows\system32\drivers\515d0d6d457e280dd2a00b0fe61de159.sys
2017-07-19 13:01 - 2017-07-19 13:02 - 00000000 ____D C:\Program Files\HXN6PKGT6N
2017-07-19 13:00 - 2017-07-19 13:02 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\o0evtnfwc14
2017-07-19 09:55 - 2017-07-19 09:56 - 00000000 ____D C:\Program Files\CMWCUTNSN0
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\div0bnnteuh
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\bl5npweanjg
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Program Files\TNTHMCBYFX
2017-07-19 09:54 - 2017-07-19 09:54 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs
2017-07-19 09:54 - 2017-07-19 09:54 - 00000000 ____D C:\Program Files\HM3XXSC872
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\oauqw3o5hib
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\fv5b0iz1bbz
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Program Files\WS9P43EU10
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Program Files\M288WOS9V0
2017-07-19 09:36 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Local\SrvInetInfo
2017-07-19 09:36 - 2017-07-19 09:36 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\p0phnppvtie
2017-07-19 09:36 - 2017-07-19 09:36 - 00000000 ____D C:\Program Files\J6QA9XQI4R
2017-07-19 07:44 - 2017-07-19 07:45 - 00000000 ____D C:\Program Files\J9OT8PAW8M
2017-07-19 07:44 - 2017-07-19 07:44 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw
2017-07-19 07:43 - 2017-07-19 07:44 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\uybn4p1voba
2017-07-19 07:43 - 2017-07-19 07:44 - 00000000 ____D C:\Program Files\EH50CN39CR
2017-07-19 07:08 - 2017-07-19 07:08 - 00000000 ____D C:\Program Files\0ZPZ91A8JV
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\joqcbb41mh5
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Program Files\BL00F7MQSA
2017-07-19 06:33 - 2017-07-19 06:33 - 00000000 ____D C:\Program Files\9PWIUK5Z7B
2017-07-19 06:31 - 2017-07-19 06:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\jcr2gntx13v
2017-07-19 06:31 - 2017-07-19 06:31 - 00000000 ____D C:\Program Files\YOP79OR9BM
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\5pvvg2niu50
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Program Files\56389F51QN
2017-07-18 23:42 - 2017-07-18 23:42 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\p5ndefeqeot
2017-07-18 23:42 - 2017-07-18 23:42 - 00000000 ____D C:\Program Files\Y70NGKWUL1
2017-07-18 23:32 - 2017-07-18 23:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Nygi
2017-07-18 23:32 - 2017-07-18 23:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Nutyv
2017-07-18 23:14 - 2017-07-18 23:14 - 00015610 _____ C:\Windows\system32\findit.xml
2017-07-18 23:14 - 2017-07-18 23:14 - 00000000 ____D C:\ProgramData\Voyasollams
2017-07-18 23:13 - 2017-07-19 13:50 - 00000000 ____D C:\Program Files\Common Files\LabRantech
2017-07-18 23:12 - 2017-07-19 15:22 - 00000000 ____D C:\ProgramData\Voyasollam
2017-07-18 23:12 - 2017-07-18 23:13 - 00000000 ____D C:\ProgramData\Logic Cramble
2017-07-18 23:12 - 2017-07-18 23:12 - 07320064 _____ C:\Users\miroslav\AppData\Local\agent.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 01898550 _____ C:\Users\miroslav\AppData\Local\Stringqvosoft.tst
2017-07-18 23:12 - 2017-07-18 23:12 - 01895383 _____ C:\Users\miroslav\AppData\Local\YearHome.bin
2017-07-18 23:12 - 2017-07-18 23:12 - 00126464 _____ C:\Users\miroslav\AppData\Local\noah.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 00070800 _____ C:\Users\miroslav\AppData\Local\Config.xml
2017-07-18 23:12 - 2017-07-18 23:12 - 00018432 _____ C:\Users\miroslav\AppData\Local\Main.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 00005568 _____ C:\Users\miroslav\AppData\Local\md.xml
2017-07-18 23:12 - 2017-07-03 23:08 - 02554368 _____ (TODO: <Company name>) C:\Users\miroslav\AppData\Local\Stringqvosoft.exe
2017-07-18 23:11 - 2017-07-18 23:11 - 00278510 _____ C:\Users\miroslav\AppData\Local\Lighthome.bin
2017-07-18 23:11 - 2017-07-18 23:11 - 00000000 ____D C:\ProgramData\PrefsSecure
2017-07-18 23:08 - 2017-07-18 23:29 - 00000000 ____D C:\Program Files\AVBoost
2017-07-18 23:08 - 2017-07-18 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk
2017-07-18 23:08 - 2017-07-18 23:08 - 00000000 ____D C:\Program Files\6XZ9BXVEF7
2017-07-18 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Program Files\qjkmhcxx1lj
2017-07-18 23:07 - 2017-07-19 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
2017-07-18 23:07 - 2017-07-19 10:03 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Aplfone
2017-07-18 23:07 - 2017-07-18 23:19 - 00000000 ____D C:\Program Files\YeaDesktop
2017-07-18 23:07 - 2017-07-18 23:11 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\UCChannel
2017-07-18 23:07 - 2017-07-18 23:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu
2017-07-18 23:07 - 2017-07-18 23:07 - 00000000 ____D C:\Program Files\KDE6ZJSI8T
2017-07-18 23:07 - 2017-07-10 09:28 - 05843456 ___SH (Micrasaft Carparation) C:\Windows\C_02iu57.dat
2017-07-18 23:01 - 2017-07-18 23:01 - 00000000 ____D C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d
2017-07-18 23:00 - 2017-07-18 23:00 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\BrowserModule
2017-07-18 23:12 - 2017-07-18 23:12 - 7320064 _____ () C:\Users\miroslav\AppData\Local\agent.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 0070800 _____ () C:\Users\miroslav\AppData\Local\Config.xml
2017-07-03 23:09 - 2017-07-18 23:10 - 0016176 _____ () C:\Users\miroslav\AppData\Local\InstallationConfiguration.xml
2017-07-03 23:09 - 2017-07-03 23:09 - 0140800 _____ () C:\Users\miroslav\AppData\Local\installer.dat
2017-07-18 23:11 - 2017-07-18 23:11 - 0278510 _____ () C:\Users\miroslav\AppData\Local\Lighthome.bin
2017-07-18 23:12 - 2017-07-18 23:12 - 0018432 _____ () C:\Users\miroslav\AppData\Local\Main.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 0005568 _____ () C:\Users\miroslav\AppData\Local\md.xml
2017-07-18 23:12 - 2017-07-18 23:12 - 0126464 _____ () C:\Users\miroslav\AppData\Local\noah.dat
2017-07-03 23:09 - 2017-07-19 13:47 - 1847296 _____ () C:\Users\miroslav\AppData\Local\po.db
2017-01-20 18:26 - 2017-01-20 18:26 - 0000017 _____ () C:\Users\miroslav\AppData\Local\resmon.resmoncfg
2017-07-18 23:12 - 2017-07-03 23:08 - 2554368 _____ (TODO: <Company name>) C:\Users\miroslav\AppData\Local\Stringqvosoft.exe
2017-07-18 23:12 - 2017-07-18 23:12 - 1898550 _____ () C:\Users\miroslav\AppData\Local\Stringqvosoft.tst
2017-07-18 23:13 - 2017-07-18 23:13 - 0032038 _____ () C:\Users\miroslav\AppData\Local\uninstall_temp.ico
2017-07-18 23:12 - 2017-07-18 23:12 - 1895383 _____ () C:\Users\miroslav\AppData\Local\YearHome.bin
C:\Program Files\qjkmhcxx1lj\3WP8JHDK07QO4UD.exe
C:\Program Files\YeaDesktop\YeaDesktop.exe
C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe
2017-07-16 20:40 - 2017-07-16 20:41 - 48320824 _____ (Free Time Co., Ltd) C:\Users\miroslav\AppData\Local\Temp\FFSetupLatest.exe
2017-07-18 23:26 - 2017-07-18 23:26 - 0053248 _____ (%CJ) C:\Users\miroslav\AppData\Local\Temp\MPO4XVLEPBC8.exe
2017-07-03 23:08 - 2017-07-18 23:08 - 0328160 _____ (WeMonetize ) C:\Users\miroslav\AppData\Local\Temp\NJEUF0E.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 0009728 _____ (JHNF) C:\Users\miroslav\AppData\Local\Temp\speedboostsetup.exe
2016-09-15 02:00 - 2016-09-15 02:00 - 0772672 _____ () C:\Users\miroslav\AppData\Local\Temp\sqlite3.dll
2017-07-18 23:06 - 2017-07-18 23:06 - 1199825 _____ () C:\Users\miroslav\AppData\Local\Temp\unins000.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 0680734 _____ (VideoBox ) C:\Users\miroslav\AppData\Local\Temp\vbinst.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 4205340 _____ ( ) C:\Users\miroslav\AppData\Local\Temp\Yeadesktop.exe
C:\Program Files\Extract Assares and Bell Pad
 
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by miroslav (20-07-2017 09:58:05) Run:2
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:

HKLM\...\RunOnce: [OMEWPRODUCT_VY3QK] => C:\Program Files\qjkmhcxx1lj\3WP8JHDK07QO4UD.exe [53248 2017-07-18] (%CJ) <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Aplfone.vbs] => C:\Users\miroslav\AppData\Roaming\Aplfone\Aplfone.vbs [277 2017-07-18] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [YeaDesktop] => C:\Program Files\YeaDesktop\YeaDesktop.exe [2694144 2017-07-04] () <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [J4QUFTAXK5WRAYZ] => C:\Program Files\KDE6ZJSI8T\KDE6ZJSI8.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [k5vzyy22j4t] => C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu\vvxl5l5sfbv.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [zvz2xyuma2g] => C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk\hmb3ntzyisj.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [7T1ZXF7AU9KNOQY] => C:\Program Files\6XZ9BXVEF7\K4BIA3NI3.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [msiql] => C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe [2072576 2017-07-18] () <==== ATTENTION
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [QDQTXPBS5LR1018] => C:\Program Files\qjkmhcxx1lj\WGN5N.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [qdsmth0awuw] => C:\Users\miroslav\AppData\Roaming\ggyz52iycpc\0rzgz21bv25.exe [8192 2017-07-03] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [daqmgn22m2i] => C:\Users\miroslav\AppData\Roaming\0esq5wdznmu\cb45irw22kz.exe [8192 2017-07-03] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [JQHSFGP3UKI9CA2] => C:\Program Files\9AAA71OGWH\BU7MVFMA0.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3JCTNIROOW5YNQY] => C:\Program Files\95MQJL4777\015DRQ2CU.exe [1040896 2017-07-03] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [yjthpjlh3ln] => C:\Users\miroslav\AppData\Roaming\p5ndefeqeot\230cdw4uvzt.exe [8192 2017-07-18] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [GQ76I4NT06VA1LU] => C:\Program Files\Y70NGKWUL1\Y70NGKWUL.exe [1040896 2017-07-18] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [2CKFFJWL7LKDWRC] => C:\Program Files\56389F51QN\JDGH8MX5E.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [txukyhdvgg4] => C:\Users\miroslav\AppData\Roaming\5pvvg2niu50\jgmcrtqywml.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [4mplm31tzlm] => C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p\w3andrpve0t.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [1O4LXPA5DC54LXE] => C:\Program Files\YOP79OR9BM\YOP79OR9B.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [0tugovjkqks] => C:\Users\miroslav\AppData\Roaming\jcr2gntx13v\b2itpyz35ic.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [BAFKBP32G3MF7KM] => C:\Program Files\9PWIUK5Z7B\9PWIUK5Z7.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [rb4ce3afx30] => C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a\np4k22q0xw4.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [gqnfskfbp0c] => C:\Users\miroslav\AppData\Roaming\joqcbb41mh5\wgnuoixx2va.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [LJJT8BKT823DUHU] => C:\Program Files\BL00F7MQSA\BO675I7SZ.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [JQ1MJZEMU01Z9R9] => C:\Program Files\0ZPZ91A8JV\COVEH1G9I.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [6U7TIV83IDQHFO5] => C:\Program Files\EH50CN39CR\JKZWKZTIO.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [n2eky4oiprh] => C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw\dwo14bcwexo.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [q4hhmj1y3jq] => C:\Users\miroslav\AppData\Roaming\uybn4p1voba\4vftglojss5.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [ZZSTF24Z1VKNBN8] => C:\Program Files\J9OT8PAW8M\J9OT8PAW8.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [7MGC271MGBU1PE6] => C:\Program Files\J6QA9XQI4R\J6QA9XQI4.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [1gglzonvbig] => C:\Users\miroslav\AppData\Roaming\p0phnppvtie\1d0ftqoxtjk.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [12vyyu10244] => C:\Users\miroslav\AppData\Roaming\oauqw3o5hib\1tbuq4buu02.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [DCMPYJVCA2MYLKX] => C:\Program Files\HM3XXSC872\HM3XXSC87.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [v0f5ndmskhm] => C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs\r1gafzdnpzv.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [10jeocfrzxc] => C:\Users\miroslav\AppData\Roaming\div0bnnteuh\ctbdeqviaak.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [VTYC9H7P0EPXNOP] => C:\Program Files\TNTHMCBYFX\IIIE2R4SJ.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [5rzcdtyr2d1] => C:\Users\miroslav\AppData\Roaming\bl5npweanjg\r1of3r3bt50.exe [8192 2017-07-19] (ZboubiTek)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [J81VWGXHWEK99M7] => C:\Program Files\CMWCUTNSN0\CMWCUTNSN.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [AO22QC1BEK8CNLL] => C:\Program Files\HXN6PKGT6N\8D9FRD7GF.exe [1040896 2017-07-19] (%CJ)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [d5nuhkgozyy] => C:\Users\miroslav\AppData\Roaming\o0evtnfwc14\41sibiqgzk0.exe [8704 2017-07-19] (hvbqsdlfgaluifjgqsflyhf)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: {e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} - J:\AutoRun.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: {e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} - J:\AutoRun.exe
AppInit_DLLs: C:\ProgramData\Voyasollam\Hotsing.dll => C:\ProgramData\Voyasollam\Hotsing.dll [246784 2017-07-18] ()
ShellExecuteHooks: No Name - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Windows\C_02iu57.dat [5843456 2017-07-10] (Micrasaft Carparation)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131449095583799293&GUID=E22CA7AF-851A-4071-A6B1-3A2C6C6EBEF0
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961669800-890686474-1414387024-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961669800-890686474-1414387024-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlVIEw5_dV9Ifb3pLMff5N8i05-TAu_mSqs8TVtSdRC_v9TFscOdubWpr579sccQazWeQEQJNFCPU4pBP5zlw82k6kxin8vT9Rq0EXTWd8sH76pNeFuP9GW3ASX9nsHzFnrACeAL5NvP8L0ReaBlrmJWQyRXrhBjEqLkIxsV0Q,,&q={searchTerms}
BHO: ����ģ������ -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> C:\Users\miroslav\AppData\Local\htyh\application\HTDataView.dll [2017-07-04] (??????????????)
FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\user.js [2017-07-12]
FF NewTab: Mozilla\Firefox\Profiles\7ostk6yx.default -> C:\\ProgramData\\Voyasollams\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\7ostk6yx.default -> C:\\ProgramData\\Voyasollams\\ff.HP
FF Keyword.URL: Mozilla\Firefox\Profiles\7ostk6yx.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BA1319EBC-C2B0-4125-B64C-C7348CA2A55D%7D&gp=811037
FF Extension: (Tables) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\300414@extcorp.com.xpi [2017-07-12]
FF Extension: (Fast search) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\amcontextmenu@loucypher [2017-07-18]
FF HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\miroslav\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\miroslav\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-07-12]
FF Plugin: @haitao.com/npHaitaoPlugin -> C:\Users\miroslav\AppData\Local\htyh\application\htwebHelper.dll [2017-07-04] (??????????????)
FF Plugin HKU\S-1-5-21-961669800-890686474-1414387024-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\miroslav\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
CHR StartupUrls: Default -> "hxxp://www.claro-search.com/?affID=117452&tt=4812_7&babsrc=HP_ss&mntrId=9c787c4a000000000000001fd05f9e25","hxxp://isearch.avg.com/?cid={29BC7CDB-729D-4483-B773-73CA6F4BD511}&mid=c994f77a538f47d0bf44d145283988b0-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-31 12:31:18&v=14.0.0.14&pid=avg&sg=&sap=hp","hxxp://websearch.webisgreat.info/?pid=1091&r=2014/02/17&hid=2250913263268509384&lg=EN&cc=RS&unqvl=48","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=2D6018F6F4FA8F14A0A6FEC1F9FF1FAC&v=20160121&ts=AHEpB38kBX8rCE..","hxxp://www.yoursearching.com/?type=hp&ts=1455556444&z=a05017565e470d00cdf37e0g2zdw3wbw9w5q6z9z3z&from=exp1&uid=hitachixhdt725025vla380_vfl111r9cgjxpecgjxpex","hxxp://mail.ru/cnt/10445?gp=811040"
CHR Extension: (??1?) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh [2017-07-03]
CHR Extension: (Tables) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-18]
CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-06-02]
CHR Extension: (Ace Stream Web Extension) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-05-04]
CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - <not found>
CHR HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
S2 acd0687e90cb646ef8bdb5fe31fea57d; C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d\f17cfadd2fb8474ddf8c5873949d903b.exe [2058752 2017-07-18] () [File not signed] <==== ATTENTION
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-07-17] () [File not signed] <==== ATTENTION
S2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2017-07-12] () [File not signed] <==== ATTENTION
S2 Voyasollam; C:\ProgramData\\Voyasollam\\Voyasollam.exe [2554368 2017-07-03] (TODO: <Company name>) [File not signed]
S1 515d0d6d457e280dd2a00b0fe61de159; C:\Windows\system32\drivers\515d0d6d457e280dd2a00b0fe61de159.sys [60680 2017-07-18] (6P0S35) <==== ATTENTION
Task: {2F396D00-40F2-47C3-87AC-C28BB2D5A512} - System32\Tasks\Extract Assares and Bell Pad => C:\Windows\system32\rundll32.exe "C:\Program Files\Extract Assares and Bell Pad\Extract Assares and Bell Pad.dll",pPFBMJQZ <==== ATTENTION
Task: {73B0937E-EA1D-4DD6-906C-AC115DECDCF0} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\ProgramData\\WindowsErrorReporting\\wvermgr.exe [2017-07-18] ()
Task: {86A3605A-87CA-4443-9E0A-49A780C46B2A} - System32\Tasks\psv_Freshtrax => cmd.exe /c regedit.exe /s "C:\ProgramData\Voyasollam\SaltHold.reg" & del "C:\ProgramData\Voyasollam\SaltHold.reg" & SCHTASKS /Delete /TN "psv_Freshtrax" /F <==== ATTENTION
Task: {C7159E2F-2E6C-44FA-B416-BBAB21497F69} - System32\Tasks\acd0687e90cb646ef8bdb5fe31fea57d => sc start acd0687e90cb646ef8bdb5fe31fea57d <==== ATTENTION
Shortcut: C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
ShortcutWithArgument: C:\Users\miroslav\Desktop\Precice\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [127]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]

C:\Program Files\qjkmhcxx1lj
C:\Program Files\YeaDesktop
C:\Program Files\KDE6ZJSI8T
C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu
C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk
C:\Program Files\6XZ9BXVEF7
C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe
C:\Program Files\qjkmhcxx1lj
C:\Users\miroslav\AppData\Roaming\ggyz52iycpc
C:\Users\miroslav\AppData\Roaming\0esq5wdznmu
C:\Program Files\9AAA71OGWH
C:\Program Files\95MQJL4777
C:\Users\miroslav\AppData\Roaming\p5ndefeqeot
C:\Program Files\Y70NGKWUL1
C:\Program Files\56389F51QN
C:\Users\miroslav\AppData\Roaming\5pvvg2niu50
C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p
C:\Program Files\YOP79OR9BM
C:\Users\miroslav\AppData\Roaming\jcr2gntx13v
C:\Program Files\9PWIUK5Z7B
C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a
C:\Users\miroslav\AppData\Roaming\joqcbb41mh5
C:\Program Files\BL00F7MQSA
C:\Program Files\0ZPZ91A8JV
C:\Program Files\EH50CN39CR
C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw
C:\Users\miroslav\AppData\Roaming\uybn4p1voba
C:\Program Files\J9OT8PAW8M
C:\Program Files\J6QA9XQI4R
C:\Users\miroslav\AppData\Roaming\p0phnppvtie
C:\Users\miroslav\AppData\Roaming\oauqw3o5hib
C:\Program Files\HM3XXSC872
C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs
C:\Users\miroslav\AppData\Roaming\div0bnnteuh
C:\Program Files\TNTHMCBYFX
C:\Users\miroslav\AppData\Roaming\bl5npweanjg
C:\Program Files\CMWCUTNSN0
C:\Program Files\HXN6PKGT6N
C:\Users\miroslav\AppData\Roaming\o0evtnfwc14
C:\ProgramData\Voyasollam
C:\Windows\C_02iu57.dat
C:\Users\miroslav\AppData\Roaming\ACEStream
C:\Users\miroslav\AppData\Local\htyh
C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d
C:\ProgramData\Logic Cramble
C:\ProgramData\PrefsSecure
C:\ProgramData\Voyasollam
C:\Windows\system32\drivers\515d0d6d457e280dd2a00b0fe61de159.sys
2017-07-19 13:01 - 2017-07-19 13:02 - 00000000 ____D C:\Program Files\HXN6PKGT6N
2017-07-19 13:00 - 2017-07-19 13:02 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\o0evtnfwc14
2017-07-19 09:55 - 2017-07-19 09:56 - 00000000 ____D C:\Program Files\CMWCUTNSN0
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\div0bnnteuh
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\bl5npweanjg
2017-07-19 09:55 - 2017-07-19 09:55 - 00000000 ____D C:\Program Files\TNTHMCBYFX
2017-07-19 09:54 - 2017-07-19 09:54 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs
2017-07-19 09:54 - 2017-07-19 09:54 - 00000000 ____D C:\Program Files\HM3XXSC872
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\oauqw3o5hib
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\fv5b0iz1bbz
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Program Files\WS9P43EU10
2017-07-19 09:37 - 2017-07-19 09:37 - 00000000 ____D C:\Program Files\M288WOS9V0
2017-07-19 09:36 - 2017-07-19 09:37 - 00000000 ____D C:\Users\miroslav\AppData\Local\SrvInetInfo
2017-07-19 09:36 - 2017-07-19 09:36 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\p0phnppvtie
2017-07-19 09:36 - 2017-07-19 09:36 - 00000000 ____D C:\Program Files\J6QA9XQI4R
2017-07-19 07:44 - 2017-07-19 07:45 - 00000000 ____D C:\Program Files\J9OT8PAW8M
2017-07-19 07:44 - 2017-07-19 07:44 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw
2017-07-19 07:43 - 2017-07-19 07:44 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\uybn4p1voba
2017-07-19 07:43 - 2017-07-19 07:44 - 00000000 ____D C:\Program Files\EH50CN39CR
2017-07-19 07:08 - 2017-07-19 07:08 - 00000000 ____D C:\Program Files\0ZPZ91A8JV
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\joqcbb41mh5
2017-07-19 07:07 - 2017-07-19 07:07 - 00000000 ____D C:\Program Files\BL00F7MQSA
2017-07-19 06:33 - 2017-07-19 06:33 - 00000000 ____D C:\Program Files\9PWIUK5Z7B
2017-07-19 06:31 - 2017-07-19 06:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\jcr2gntx13v
2017-07-19 06:31 - 2017-07-19 06:31 - 00000000 ____D C:\Program Files\YOP79OR9BM
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\5pvvg2niu50
2017-07-19 06:30 - 2017-07-19 06:30 - 00000000 ____D C:\Program Files\56389F51QN
2017-07-18 23:42 - 2017-07-18 23:42 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\p5ndefeqeot
2017-07-18 23:42 - 2017-07-18 23:42 - 00000000 ____D C:\Program Files\Y70NGKWUL1
2017-07-18 23:32 - 2017-07-18 23:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Nygi
2017-07-18 23:32 - 2017-07-18 23:32 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Nutyv
2017-07-18 23:14 - 2017-07-18 23:14 - 00015610 _____ C:\Windows\system32\findit.xml
2017-07-18 23:14 - 2017-07-18 23:14 - 00000000 ____D C:\ProgramData\Voyasollams
2017-07-18 23:13 - 2017-07-19 13:50 - 00000000 ____D C:\Program Files\Common Files\LabRantech
2017-07-18 23:12 - 2017-07-19 15:22 - 00000000 ____D C:\ProgramData\Voyasollam
2017-07-18 23:12 - 2017-07-18 23:13 - 00000000 ____D C:\ProgramData\Logic Cramble
2017-07-18 23:12 - 2017-07-18 23:12 - 07320064 _____ C:\Users\miroslav\AppData\Local\agent.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 01898550 _____ C:\Users\miroslav\AppData\Local\Stringqvosoft.tst
2017-07-18 23:12 - 2017-07-18 23:12 - 01895383 _____ C:\Users\miroslav\AppData\Local\YearHome.bin
2017-07-18 23:12 - 2017-07-18 23:12 - 00126464 _____ C:\Users\miroslav\AppData\Local\noah.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 00070800 _____ C:\Users\miroslav\AppData\Local\Config.xml
2017-07-18 23:12 - 2017-07-18 23:12 - 00018432 _____ C:\Users\miroslav\AppData\Local\Main.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 00005568 _____ C:\Users\miroslav\AppData\Local\md.xml
2017-07-18 23:12 - 2017-07-03 23:08 - 02554368 _____ (TODO: <Company name>) C:\Users\miroslav\AppData\Local\Stringqvosoft.exe
2017-07-18 23:11 - 2017-07-18 23:11 - 00278510 _____ C:\Users\miroslav\AppData\Local\Lighthome.bin
2017-07-18 23:11 - 2017-07-18 23:11 - 00000000 ____D C:\ProgramData\PrefsSecure
2017-07-18 23:08 - 2017-07-18 23:29 - 00000000 ____D C:\Program Files\AVBoost
2017-07-18 23:08 - 2017-07-18 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk
2017-07-18 23:08 - 2017-07-18 23:08 - 00000000 ____D C:\Program Files\6XZ9BXVEF7
2017-07-18 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Program Files\qjkmhcxx1lj
2017-07-18 23:07 - 2017-07-19 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
2017-07-18 23:07 - 2017-07-19 10:03 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Aplfone
2017-07-18 23:07 - 2017-07-18 23:19 - 00000000 ____D C:\Program Files\YeaDesktop
2017-07-18 23:07 - 2017-07-18 23:11 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\UCChannel
2017-07-18 23:07 - 2017-07-18 23:07 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu
2017-07-18 23:07 - 2017-07-18 23:07 - 00000000 ____D C:\Program Files\KDE6ZJSI8T
2017-07-18 23:07 - 2017-07-10 09:28 - 05843456 ___SH (Micrasaft Carparation) C:\Windows\C_02iu57.dat
2017-07-18 23:01 - 2017-07-18 23:01 - 00000000 ____D C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d
2017-07-18 23:00 - 2017-07-18 23:00 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\BrowserModule
2017-07-18 23:12 - 2017-07-18 23:12 - 7320064 _____ () C:\Users\miroslav\AppData\Local\agent.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 0070800 _____ () C:\Users\miroslav\AppData\Local\Config.xml
2017-07-03 23:09 - 2017-07-18 23:10 - 0016176 _____ () C:\Users\miroslav\AppData\Local\InstallationConfiguration.xml
2017-07-03 23:09 - 2017-07-03 23:09 - 0140800 _____ () C:\Users\miroslav\AppData\Local\installer.dat
2017-07-18 23:11 - 2017-07-18 23:11 - 0278510 _____ () C:\Users\miroslav\AppData\Local\Lighthome.bin
2017-07-18 23:12 - 2017-07-18 23:12 - 0018432 _____ () C:\Users\miroslav\AppData\Local\Main.dat
2017-07-18 23:12 - 2017-07-18 23:12 - 0005568 _____ () C:\Users\miroslav\AppData\Local\md.xml
2017-07-18 23:12 - 2017-07-18 23:12 - 0126464 _____ () C:\Users\miroslav\AppData\Local\noah.dat
2017-07-03 23:09 - 2017-07-19 13:47 - 1847296 _____ () C:\Users\miroslav\AppData\Local\po.db
2017-01-20 18:26 - 2017-01-20 18:26 - 0000017 _____ () C:\Users\miroslav\AppData\Local\resmon.resmoncfg
2017-07-18 23:12 - 2017-07-03 23:08 - 2554368 _____ (TODO: <Company name>) C:\Users\miroslav\AppData\Local\Stringqvosoft.exe
2017-07-18 23:12 - 2017-07-18 23:12 - 1898550 _____ () C:\Users\miroslav\AppData\Local\Stringqvosoft.tst
2017-07-18 23:13 - 2017-07-18 23:13 - 0032038 _____ () C:\Users\miroslav\AppData\Local\uninstall_temp.ico
2017-07-18 23:12 - 2017-07-18 23:12 - 1895383 _____ () C:\Users\miroslav\AppData\Local\YearHome.bin
C:\Program Files\qjkmhcxx1lj\3WP8JHDK07QO4UD.exe
C:\Program Files\YeaDesktop\YeaDesktop.exe
C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe
2017-07-16 20:40 - 2017-07-16 20:41 - 48320824 _____ (Free Time Co., Ltd) C:\Users\miroslav\AppData\Local\Temp\FFSetupLatest.exe
2017-07-18 23:26 - 2017-07-18 23:26 - 0053248 _____ (%CJ) C:\Users\miroslav\AppData\Local\Temp\MPO4XVLEPBC8.exe
2017-07-03 23:08 - 2017-07-18 23:08 - 0328160 _____ (WeMonetize ) C:\Users\miroslav\AppData\Local\Temp\NJEUF0E.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 0009728 _____ (JHNF) C:\Users\miroslav\AppData\Local\Temp\speedboostsetup.exe
2016-09-15 02:00 - 2016-09-15 02:00 - 0772672 _____ () C:\Users\miroslav\AppData\Local\Temp\sqlite3.dll
2017-07-18 23:06 - 2017-07-18 23:06 - 1199825 _____ () C:\Users\miroslav\AppData\Local\Temp\unins000.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 0680734 _____ (VideoBox ) C:\Users\miroslav\AppData\Local\Temp\vbinst.exe
2017-07-18 23:06 - 2017-07-18 23:06 - 4205340 _____ ( ) C:\Users\miroslav\AppData\Local\Temp\Yeadesktop.exe
C:\Program Files\Extract Assares and Bell Pad

End
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_VY3QK => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Aplfone.vbs => value removed successfully.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YeaDesktop => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\J4QUFTAXK5WRAYZ => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\k5vzyy22j4t => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\zvz2xyuma2g => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\7T1ZXF7AU9KNOQY => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\QDQTXPBS5LR1018 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qdsmth0awuw => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\daqmgn22m2i => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\JQHSFGP3UKI9CA2 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3JCTNIROOW5YNQY => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\yjthpjlh3ln => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GQ76I4NT06VA1LU => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\2CKFFJWL7LKDWRC => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\txukyhdvgg4 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\4mplm31tzlm => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\1O4LXPA5DC54LXE => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\0tugovjkqks => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BAFKBP32G3MF7KM => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\rb4ce3afx30 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\gqnfskfbp0c => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\LJJT8BKT823DUHU => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\JQ1MJZEMU01Z9R9 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\6U7TIV83IDQHFO5 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\n2eky4oiprh => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\q4hhmj1y3jq => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ZZSTF24Z1VKNBN8 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\7MGC271MGBU1PE6 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\1gglzonvbig => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\12vyyu10244 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DCMPYJVCA2MYLKX => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\v0f5ndmskhm => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\10jeocfrzxc => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\VTYC9H7P0EPXNOP => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\5rzcdtyr2d1 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\J81VWGXHWEK99M7 => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AO22QC1BEK8CNLL => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\d5nuhkgozyy => value not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} => key removed successfully.
HKLM\Software\Classes\CLSID\{e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} => key not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} => key not found.
HKLM\Software\Classes\CLSID\{e6de9fe4-16f7-11e7-bdcc-001fd05f9e25} => key not found.
"C:\ProgramData\Voyasollam\Hotsing.dll" => Value data not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => value not found.
HKLM\Software\Classes\CLSID\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => key not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key not found.
HKLM\Software\Classes\CLSID\ielnksrch => key not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key not found.
HKLM\Software\Classes\CLSID\{ielnksrch} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97510FAC-ED50-46BF-B2A1-25F434BF1030} => key removed successfully.
HKLM\Software\Classes\CLSID\{97510FAC-ED50-46BF-B2A1-25F434BF1030} => key removed successfully.
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\user.js => moved successfully
Firefox "newtab" removed successfully.
Firefox "homepage" removed successfully.
Firefox "Keyword.URL" removed successfully.
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\300414@extcorp.com.xpi => moved successfully
C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\amcontextmenu@loucypher => not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value removed successfully.
C:\Users\miroslav\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => moved successfully
HKLM\Software\MozillaPlugins\@haitao.com/npHaitaoPlugin => key removed successfully.
C:\Users\miroslav\AppData\Local\htyh\application\htwebHelper.dll => moved successfully
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.16.1 => key removed successfully.
C:\Users\miroslav\AppData\Roaming\ACEStream\player\npace_plugin.dll => moved successfully
Chrome StartupUrls => removed successfully.
CHR Extension: (??1?) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh [2017-07-03] => Error: No automatic fix found for this entry.
CHR Extension: (Tables) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-18] => Error: No automatic fix found for this entry.
CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-06-02] => Error: No automatic fix found for this entry.
CHR Extension: (Ace Stream Web Extension) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-05-04] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh => key removed successfully.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => key removed successfully.
acd0687e90cb646ef8bdb5fe31fea57d => service not found.
backlh => service not found.
Nettrans => service not found.
Voyasollam => service not found.
515d0d6d457e280dd2a00b0fe61de159 => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2F396D00-40F2-47C3-87AC-C28BB2D5A512} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F396D00-40F2-47C3-87AC-C28BB2D5A512} => key removed successfully.
C:\Windows\System32\Tasks\Extract Assares and Bell Pad => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Extract Assares and Bell Pad => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73B0937E-EA1D-4DD6-906C-AC115DECDCF0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73B0937E-EA1D-4DD6-906C-AC115DECDCF0} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\ErrorReporting => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86A3605A-87CA-4443-9E0A-49A780C46B2A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86A3605A-87CA-4443-9E0A-49A780C46B2A} => key not found.
C:\Windows\System32\Tasks\psv_Freshtrax => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Freshtrax => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C7159E2F-2E6C-44FA-B416-BBAB21497F69} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7159E2F-2E6C-44FA-B416-BBAB21497F69} => key removed successfully.
C:\Windows\System32\Tasks\acd0687e90cb646ef8bdb5fe31fea57d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\acd0687e90cb646ef8bdb5fe31fea57d => key removed successfully.
C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk => moved successfully
C:\Users\miroslav\Desktop\Precice\Google Chrome.lnk => Shortcut argument removed successfully..
C:\Users\miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully..
C:\Users\miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\Windows => ":nlsPreferences" ADS removed successfully..
C:\ProgramData\TEMP => ":1AAB2E68" ADS removed successfully..
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully..
"C:\Program Files\qjkmhcxx1lj" => not found.
"C:\Program Files\YeaDesktop" => not found.
"C:\Program Files\KDE6ZJSI8T" => not found.
C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu => moved successfully
C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk => moved successfully
"C:\Program Files\6XZ9BXVEF7" => not found.
"C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe" => not found.
"C:\Program Files\qjkmhcxx1lj" => not found.
C:\Users\miroslav\AppData\Roaming\ggyz52iycpc => moved successfully
C:\Users\miroslav\AppData\Roaming\0esq5wdznmu => moved successfully
"C:\Program Files\9AAA71OGWH" => not found.
"C:\Program Files\95MQJL4777" => not found.
C:\Users\miroslav\AppData\Roaming\p5ndefeqeot => moved successfully
"C:\Program Files\Y70NGKWUL1" => not found.
"C:\Program Files\56389F51QN" => not found.
C:\Users\miroslav\AppData\Roaming\5pvvg2niu50 => moved successfully
C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p => moved successfully
"C:\Program Files\YOP79OR9BM" => not found.
C:\Users\miroslav\AppData\Roaming\jcr2gntx13v => moved successfully
"C:\Program Files\9PWIUK5Z7B" => not found.
C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a => moved successfully
C:\Users\miroslav\AppData\Roaming\joqcbb41mh5 => moved successfully
"C:\Program Files\BL00F7MQSA" => not found.
"C:\Program Files\0ZPZ91A8JV" => not found.
"C:\Program Files\EH50CN39CR" => not found.
C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw => moved successfully
C:\Users\miroslav\AppData\Roaming\uybn4p1voba => moved successfully
"C:\Program Files\J9OT8PAW8M" => not found.
"C:\Program Files\J6QA9XQI4R" => not found.
C:\Users\miroslav\AppData\Roaming\p0phnppvtie => moved successfully
C:\Users\miroslav\AppData\Roaming\oauqw3o5hib => moved successfully
"C:\Program Files\HM3XXSC872" => not found.
C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs => moved successfully
C:\Users\miroslav\AppData\Roaming\div0bnnteuh => moved successfully
"C:\Program Files\TNTHMCBYFX" => not found.
C:\Users\miroslav\AppData\Roaming\bl5npweanjg => moved successfully
"C:\Program Files\CMWCUTNSN0" => not found.
"C:\Program Files\HXN6PKGT6N" => not found.
C:\Users\miroslav\AppData\Roaming\o0evtnfwc14 => moved successfully
"C:\ProgramData\Voyasollam" => not found.
C:\Windows\C_02iu57.dat => moved successfully

"C:\Users\miroslav\AppData\Roaming\ACEStream" folder move:

Could not move "C:\Users\miroslav\AppData\Roaming\ACEStream" => Scheduled to move on reboot.

C:\Users\miroslav\AppData\Local\htyh => moved successfully
"C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d" => not found.
C:\ProgramData\Logic Cramble => moved successfully
"C:\ProgramData\PrefsSecure" => not found.
"C:\ProgramData\Voyasollam" => not found.
C:\Windows\system32\drivers\515d0d6d457e280dd2a00b0fe61de159.sys => moved successfully
"C:\Program Files\HXN6PKGT6N" => not found.
"C:\Users\miroslav\AppData\Roaming\o0evtnfwc14" => not found.
"C:\Program Files\CMWCUTNSN0" => not found.
"C:\Users\miroslav\AppData\Roaming\div0bnnteuh" => not found.
"C:\Users\miroslav\AppData\Roaming\bl5npweanjg" => not found.
"C:\Program Files\TNTHMCBYFX" => not found.
"C:\Users\miroslav\AppData\Roaming\mdy1cin1jfs" => not found.
"C:\Program Files\HM3XXSC872" => not found.
"C:\Users\miroslav\AppData\Roaming\oauqw3o5hib" => not found.
C:\Users\miroslav\AppData\Roaming\fv5b0iz1bbz => moved successfully
"C:\Program Files\WS9P43EU10" => not found.
"C:\Program Files\M288WOS9V0" => not found.
C:\Users\miroslav\AppData\Local\SrvInetInfo => moved successfully
"C:\Users\miroslav\AppData\Roaming\p0phnppvtie" => not found.
"C:\Program Files\J6QA9XQI4R" => not found.
"C:\Program Files\J9OT8PAW8M" => not found.
"C:\Users\miroslav\AppData\Roaming\i3v3cbfwoxw" => not found.
"C:\Users\miroslav\AppData\Roaming\uybn4p1voba" => not found.
"C:\Program Files\EH50CN39CR" => not found.
"C:\Program Files\0ZPZ91A8JV" => not found.
"C:\Users\miroslav\AppData\Roaming\l0pw1lpj30a" => not found.
"C:\Users\miroslav\AppData\Roaming\joqcbb41mh5" => not found.
"C:\Program Files\BL00F7MQSA" => not found.
"C:\Program Files\9PWIUK5Z7B" => not found.
"C:\Users\miroslav\AppData\Roaming\jcr2gntx13v" => not found.
"C:\Program Files\YOP79OR9BM" => not found.
"C:\Users\miroslav\AppData\Roaming\ic4qe5mx54p" => not found.
"C:\Users\miroslav\AppData\Roaming\5pvvg2niu50" => not found.
"C:\Program Files\56389F51QN" => not found.
"C:\Users\miroslav\AppData\Roaming\p5ndefeqeot" => not found.
"C:\Program Files\Y70NGKWUL1" => not found.
C:\Users\miroslav\AppData\Roaming\Nygi => moved successfully
C:\Users\miroslav\AppData\Roaming\Nutyv => moved successfully
C:\Windows\system32\findit.xml => moved successfully
"C:\ProgramData\Voyasollams" => not found.
C:\Program Files\Common Files\LabRantech => moved successfully
"C:\ProgramData\Voyasollam" => not found.
"C:\ProgramData\Logic Cramble" => not found.
C:\Users\miroslav\AppData\Local\agent.dat => moved successfully
C:\Users\miroslav\AppData\Local\Stringqvosoft.tst => moved successfully
C:\Users\miroslav\AppData\Local\YearHome.bin => moved successfully
C:\Users\miroslav\AppData\Local\noah.dat => moved successfully
C:\Users\miroslav\AppData\Local\Config.xml => moved successfully
C:\Users\miroslav\AppData\Local\Main.dat => moved successfully
C:\Users\miroslav\AppData\Local\md.xml => moved successfully
C:\Users\miroslav\AppData\Local\Stringqvosoft.exe => moved successfully
C:\Users\miroslav\AppData\Local\Lighthome.bin => moved successfully
"C:\ProgramData\PrefsSecure" => not found.
C:\Program Files\AVBoost => moved successfully
"C:\Users\miroslav\AppData\Roaming\gjq2n32kwzk" => not found.
"C:\Program Files\6XZ9BXVEF7" => not found.
"C:\Program Files\qjkmhcxx1lj" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop" => not found.
C:\Users\miroslav\AppData\Roaming\Aplfone => moved successfully
"C:\Program Files\YeaDesktop" => not found.
"C:\Users\miroslav\AppData\Roaming\UCChannel" => not found.
"C:\Users\miroslav\AppData\Roaming\dpo5bqg34eu" => not found.
"C:\Program Files\KDE6ZJSI8T" => not found.
"C:\Windows\C_02iu57.dat" => not found.
"C:\Program Files\acd0687e90cb646ef8bdb5fe31fea57d" => not found.
"C:\Users\miroslav\AppData\Roaming\BrowserModule" => not found.
"C:\Users\miroslav\AppData\Local\agent.dat" => not found.
"C:\Users\miroslav\AppData\Local\Config.xml" => not found.
C:\Users\miroslav\AppData\Local\InstallationConfiguration.xml => moved successfully
C:\Users\miroslav\AppData\Local\installer.dat => moved successfully
"C:\Users\miroslav\AppData\Local\Lighthome.bin" => not found.
"C:\Users\miroslav\AppData\Local\Main.dat" => not found.
"C:\Users\miroslav\AppData\Local\md.xml" => not found.
"C:\Users\miroslav\AppData\Local\noah.dat" => not found.
C:\Users\miroslav\AppData\Local\po.db => moved successfully
C:\Users\miroslav\AppData\Local\resmon.resmoncfg => moved successfully
"C:\Users\miroslav\AppData\Local\Stringqvosoft.exe" => not found.
"C:\Users\miroslav\AppData\Local\Stringqvosoft.tst" => not found.
C:\Users\miroslav\AppData\Local\uninstall_temp.ico => moved successfully
"C:\Users\miroslav\AppData\Local\YearHome.bin" => not found.
"C:\Program Files\qjkmhcxx1lj\3WP8JHDK07QO4UD.exe" => not found.
"C:\Program Files\YeaDesktop\YeaDesktop.exe" => not found.
"C:\Users\miroslav\AppData\Local\Temp\00013909\msiql.exe" => not found.
C:\Users\miroslav\AppData\Local\Temp\FFSetupLatest.exe => moved successfully
C:\Users\miroslav\AppData\Local\Temp\MPO4XVLEPBC8.exe => moved successfully
C:\Users\miroslav\AppData\Local\Temp\NJEUF0E.exe => moved successfully
C:\Users\miroslav\AppData\Local\Temp\speedboostsetup.exe => moved successfully
C:\Users\miroslav\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\miroslav\AppData\Local\Temp\unins000.exe => moved successfully
C:\Users\miroslav\AppData\Local\Temp\vbinst.exe => moved successfully
C:\Users\miroslav\AppData\Local\Temp\Yeadesktop.exe => moved successfully
C:\Program Files\Extract Assares and Bell Pad => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-07-2017 10:07:25)

C:\Users\miroslav\AppData\Roaming\ACEStream => moved successfully

==== End of Fixlog 10:07:26 ====

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 525

Pozdrav,

zamolio bih te da mi dostaviš sveže izveštaje. Pazi da prije klikanja na tipku Scan bude označen i Addition.txt a ne samo FRST.txt

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2017
Ran by miroslav (administrator) on MIROSLAV-PC (20-07-2017 11:43:04)
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe
(Viber Media S.à r.l.) C:\Users\miroslav\AppData\Local\Viber\Viber.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-15] (Microsoft Corporation)
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [90112 2008-12-11] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [162304 2008-09-27] (ArcSoft Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2908160 2008-12-19] (Leadtek Research Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [uTorrent] => C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Viber] => C:\Users\miroslav\AppData\Local\Viber\Viber.exe [31344720 2017-06-26] (Viber Media S.à r.l.)
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [AceStream] => C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: J - J:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{A1DE0E0E-1595-4216-B22A-8F4F035F1AB3}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-28] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-28] (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7ostk6yx.default
FF ProfilePath: C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default [2017-07-20]
FF Extension: (S3.Google Translator) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\s3google@translator.xpi [2017-06-04]
FF Extension: (FlashGot) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-28]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2017-05-06]
FF Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF Extension: (User Agent Switcher) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7ostk6yx.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-05-13]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-06-29] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-06-26] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-06-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-28] (Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR NewTab: Default -> Active:"chrome-extension://leenkjhmbcgekojlkimcbodmniopgfnp/views/index.html"
CHR Profile: C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google диск) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-28]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-17]
CHR Extension: (Turtle) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjoabbgdgocpncdlhlfhbaocdddffjf [2016-12-28]
CHR Extension: (YouTube) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28]
CHR Extension: (Gmail ван мреже) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-12-28]
CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-06-02]
CHR Extension: (New Tab - Winter Animation) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\leenkjhmbcgekojlkimcbodmniopgfnp [2017-06-02]
CHR Extension: (Onlive Clock) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2016-12-28]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-09-23] (ArcSoft Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-15] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-15] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-10-07] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\Unchecky_svc.exe [160208 2016-12-28] (RaMMicHaeL) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-27] (Logitech Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [220088 2017-07-20] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-27] (Logitech Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation)
R3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [561920 2008-11-19] (eMPIA Technology, Inc.)
R3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [455168 2008-11-19] (eMPIA Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 11:43 - 2017-07-20 11:44 - 00015531 _____ C:\Users\miroslav\Desktop\FRST.txt
2017-07-19 19:21 - 2017-07-19 19:21 - 08162248 _____ (Malwarebytes) C:\Users\miroslav\Desktop\adwcleaner_7.0.0.0.exe
2017-07-19 16:17 - 2017-07-19 16:17 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\tvqplb0bihc
2017-07-19 15:52 - 2017-07-19 15:52 - 00000000 ____D C:\ProgramData\dbg
2017-07-19 15:50 - 2017-07-19 17:05 - 00777670 _____ C:\Windows\ntbtlog.txt
2017-07-19 08:31 - 2017-07-19 08:32 - 01778176 _____ (Farbar) C:\Users\miroslav\Desktop\FRST.exe
2017-07-18 23:06 - 2017-07-19 09:35 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-18 23:01 - 2017-07-19 00:39 - 00000000 ____D C:\Windows\system32\SSL
2017-07-18 21:19 - 2017-07-18 21:19 - 00000000 ____D C:\ProgramData\Wondershare
2017-07-18 21:18 - 2017-07-18 22:27 - 00015817 _____ C:\Users\miroslav\Documents\starburn.txt
2017-07-18 21:14 - 2017-07-18 21:14 - 00000000 ____D C:\Users\miroslav\AppData\Local\Wondershare
2017-07-18 21:14 - 2017-07-18 21:14 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2017-07-18 21:13 - 2017-07-18 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-07-18 21:12 - 2017-07-18 21:31 - 00000000 ____D C:\Users\miroslav\Documents\Wondershare Filmora
2017-07-18 21:12 - 2017-07-18 21:12 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2017-07-18 21:12 - 2017-07-18 21:12 - 00000000 ____D C:\Program Files\Wondershare
2017-07-18 21:08 - 2017-07-18 21:11 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-07-18 11:07 - 2017-07-18 11:07 - 00051641 _____ C:\Windows\uninstaller.dat
2017-07-16 20:44 - 2017-07-16 20:44 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2017-07-12 18:50 - 2017-07-12 18:50 - 00407116 _____ C:\Users\miroslav\Desktop\giphy.mp4
2017-07-12 09:35 - 2017-06-30 04:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 09:35 - 2017-06-30 04:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 09:35 - 2017-06-30 04:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 09:35 - 2017-06-30 04:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 09:35 - 2017-06-30 04:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 09:35 - 2017-06-30 04:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 09:35 - 2017-06-22 16:50 - 02402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 09:35 - 2017-06-15 22:18 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 09:35 - 2017-06-13 00:32 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 09:35 - 2017-06-13 00:32 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 09:35 - 2017-06-13 00:32 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 09:35 - 2017-06-13 00:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 09:35 - 2017-06-13 00:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 09:35 - 2017-06-13 00:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 09:35 - 2017-06-13 00:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 09:35 - 2017-06-13 00:29 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 09:35 - 2017-06-13 00:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 09:35 - 2017-06-13 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 09:35 - 2017-06-13 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 09:35 - 2017-06-13 00:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 09:35 - 2017-06-13 00:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 09:35 - 2017-06-13 00:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 09:35 - 2017-06-13 00:05 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 09:35 - 2017-06-13 00:05 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 09:35 - 2017-06-13 00:05 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 09:35 - 2017-06-13 00:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 09:35 - 2017-06-13 00:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 09:35 - 2017-06-13 00:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 09:35 - 2017-06-10 17:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 09:35 - 2017-06-09 17:17 - 01213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 09:35 - 2017-06-06 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 09:35 - 2017-05-30 06:39 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 09:35 - 2017-05-30 06:39 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 09:35 - 2017-05-30 06:39 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 09:35 - 2017-05-21 06:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 09:35 - 2017-05-16 17:16 - 00730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 09:35 - 2017-05-16 17:16 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 09:35 - 2017-05-16 17:12 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 09:34 - 2017-05-03 17:15 - 00081640 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 09:34 - 2017-05-03 17:10 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 01327616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 09:34 - 2017-05-03 15:05 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 09:34 - 2017-03-23 04:06 - 01602048 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-12 09:25 - 2017-07-20 10:07 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\uTorrent
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\baidu
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Local\Tencent
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HT1H
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\360se6
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\htyh
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Local\360chrome
2017-07-03 08:40 - 2017-07-03 08:40 - 00000000 ____D C:\Users\miroslav\AppData\Local\Viber Media S.à r.l
2017-07-03 08:36 - 2017-07-03 08:37 - 00000000 ____D C:\Users\miroslav\AppData\Local\Viber
2017-06-28 13:31 - 2017-06-30 16:32 - 00000057 _____ C:\Windows\vms.dll
2017-06-28 11:36 - 2017-06-28 11:36 - 00000122 _____ C:\Users\miroslav\Desktop\Spijunski program.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 11:44 - 2017-01-02 11:19 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\uTorrent
2017-07-20 11:43 - 2017-06-02 16:31 - 00000000 ____D C:\FRST
2017-07-20 10:14 - 2016-12-28 14:46 - 00000000 ____D C:\ProgramData\MCShield
2017-07-20 10:12 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-20 10:12 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-20 10:09 - 2017-01-07 19:06 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\ViberPC
2017-07-20 10:04 - 2017-02-18 11:35 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-20 10:03 - 2016-12-28 12:24 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-20 10:03 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 10:00 - 2016-12-28 17:26 - 00000979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-20 10:00 - 2016-12-28 12:18 - 00000000 ____D C:\Users\miroslav\Desktop\Precice
2017-07-20 10:00 - 2016-12-28 12:11 - 00002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-20 09:58 - 2017-01-07 19:06 - 00000000 ____D C:\Users\miroslav\Documents\ViberDownloads
2017-07-20 09:56 - 2017-06-02 12:46 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\.ACEStream
2017-07-19 19:27 - 2017-04-22 11:29 - 00000000 ____D C:\AdwCleaner
2017-07-19 16:16 - 2016-12-28 11:52 - 00001002 _____ C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-19 14:38 - 2017-04-21 14:27 - 00000000 ____D C:\ProgramData\TEMP
2017-07-19 09:34 - 2017-06-11 18:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-19 09:34 - 2016-12-28 17:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-07-18 23:38 - 2009-07-14 06:33 - 00281520 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-18 21:19 - 2016-12-28 13:48 - 00064328 _____ C:\Users\miroslav\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-18 20:56 - 2016-10-09 14:31 - 00000000 ___RD C:\Users\miroslav\Desktop\video
2017-07-17 16:01 - 2017-03-19 14:41 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\AVI ReComp
2017-07-16 20:43 - 2017-01-02 18:57 - 00000000 ____D C:\Program Files\FormatFactory
2017-07-15 18:42 - 2016-12-28 11:55 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-15 18:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-07-13 10:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-07-13 08:37 - 2017-01-22 10:40 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-13 00:21 - 2016-12-30 09:13 - 00000000 ____D C:\Windows\system32\MRT
2017-07-13 00:16 - 2016-12-30 09:13 - 132532600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 15:24 - 2017-02-24 15:34 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-11 15:24 - 2017-02-24 15:34 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-11 15:24 - 2017-02-24 15:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-10 15:28 - 2016-12-28 13:43 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\AIMP
2017-06-30 16:32 - 2009-07-14 04:04 - 00000462 _____ C:\Windows\win.ini
2017-06-29 22:55 - 2017-06-04 19:55 - 00000000 ___HD C:\_acestream_cache_
2017-06-26 20:25 - 2016-12-28 16:51 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\Mozilla
2017-06-25 21:59 - 2016-12-28 14:05 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Skype
2017-06-23 22:37 - 2016-12-28 13:44 - 00000000 ____D C:\Program Files\CDBurnerXP
2017-06-23 19:21 - 2016-12-28 13:44 - 00001805 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

Some files in TEMP:
====================
2016-09-15 02:00 - 2016-09-15 02:00 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\miroslav\AppData\Local\Temp\libeay32.dll
2016-09-15 02:00 - 2016-09-15 02:00 - 0970912 _____ (Microsoft Corporation) C:\Users\miroslav\AppData\Local\Temp\msvcr120.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-12 10:17

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 525

Pozdrav,
nisi ispratio moja uputstva. Treba da ukloniš ovaj dolje program preko Control Panela:

Ace Stream Media


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [AceStream] => C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: J - J:\AutoRun.exe
J:\AutoRun.exe
CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-06-02]
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\baidu
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Local\Tencent
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HT1H
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\360se6
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\htyh
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Local\360chrome
2017-07-20 09:56 - 2017-06-02 12:46 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\.ACEStream
2017-06-29 22:55 - 2017-06-04 19:55 - 00000000 ___HD C:\_acestream_cache_
CustomCLSID: HKU\S-1-5-21-961669800-890686474-1414387024-1001_Classes\CLSID\{6EDBD2F5-77F3-F6B3-834A-BB06588D99C9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-961669800-890686474-1414387024-1001_Classes\CLSID\{978AF723-C123-B9C7-F903-A77FC5B5B3A7}\InprocServer32 -> no filepath
FirewallRules: [{6A40B777-0F49-47AA-9681-36F06F3D637C}] => (Allow) C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{ACADFA84-5F49-4757-B17F-90B9DD198884}] => (Allow) C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Javi kakvo je stanje.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Napisano: 20 Jul 2017 20:49

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by miroslav (20-07-2017 20:46:31) Run:3
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [AceStream] => C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe
HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\MountPoints2: J - J:\AutoRun.exe
J:\AutoRun.exe
CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-06-02]
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\baidu
2017-07-03 23:09 - 2017-07-03 23:09 - 00000000 ____D C:\Users\miroslav\AppData\Local\Tencent
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HT1H
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\360se6
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\LocalLow\htyh
2017-07-03 23:08 - 2017-07-03 23:08 - 00000000 ____D C:\Users\miroslav\AppData\Local\360chrome
2017-07-20 09:56 - 2017-06-02 12:46 - 00000000 ____D C:\Users\miroslav\AppData\Roaming\.ACEStream
2017-06-29 22:55 - 2017-06-04 19:55 - 00000000 ___HD C:\_acestream_cache_
CustomCLSID: HKU\S-1-5-21-961669800-890686474-1414387024-1001_Classes\CLSID\{6EDBD2F5-77F3-F6B3-834A-BB06588D99C9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-961669800-890686474-1414387024-1001_Classes\CLSID\{978AF723-C123-B9C7-F903-A77FC5B5B3A7}\InprocServer32 -> no filepath
FirewallRules: [{6A40B777-0F49-47AA-9681-36F06F3D637C}] => (Allow) C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{ACADFA84-5F49-4757-B17F-90B9DD198884}] => (Allow) C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe
*****************

Restore point was successfully created.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AceStream => value removed successfully.
"C:\Users\miroslav\AppData\Roaming\ACEStream\engine\ace_engine.exe" => not found.
HKU\S-1-5-21-961669800-890686474-1414387024-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J => key removed successfully.
"J:\AutoRun.exe" => not found.
CHR Extension: (the flying farm game) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdedilofmokfljapebnapjilnajgbhgm [2017-06-02] => Error: No automatic fix found for this entry.
C:\Users\miroslav\AppData\Roaming\baidu => moved successfully
C:\Users\miroslav\AppData\Local\Tencent => moved successfully
C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HT1H => moved successfully
C:\Users\miroslav\AppData\Roaming\360se6 => moved successfully
C:\Users\miroslav\AppData\LocalLow\htyh => moved successfully
C:\Users\miroslav\AppData\Local\360chrome => moved successfully
C:\Users\miroslav\AppData\Roaming\.ACEStream => moved successfully
C:\_acestream_cache_ => moved successfully
HKU\S-1-5-21-961669800-890686474-1414387024-1001_Classes\CLSID\{6EDBD2F5-77F3-F6B3-834A-BB06588D99C9} => key removed successfully.
HKU\S-1-5-21-961669800-890686474-1414387024-1001_Classes\CLSID\{978AF723-C123-B9C7-F903-A77FC5B5B3A7} => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A40B777-0F49-47AA-9681-36F06F3D637C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACADFA84-5F49-4757-B17F-90B9DD198884} => value removed successfully.

==== End of Fixlog 20:46:59 ====

Dopuna: 20 Jul 2017 21:45

Nisam izbrisao ace stream medija posto mi treba da gledam internet tv. Inace sto se tice stanja nije onako kako je bilo alise desava nesto sto nije pre. Kad markiram ovaj tekst koji si mi dao prvo otvara neku reklamnu stranicu pa tek u drugom pokusaju mogu da ga kopiram. Evo npr. sta se desava na forumu crna berza

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 525

Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga.

Uđi u folder C:\FRST
Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici



Kao Archive format izaberi RAR5 ili RAR
Za Compression method odaberi Best
U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona)
Na desnoj strani označi opciju Create Solid Archive (pogledaj sliku dole)



Klikni na OK
Kada WinRAR završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na:
https://www.mycity.rs/ambulanta-upload.php



Zatim:
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CHR Extension: (Turtle) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjoabbgdgocpncdlhlfhbaocdddffjf [2016-12-28]


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Javi stanje.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by miroslav (21-07-2017 20:03:48) Run:5
Running from C:\Users\miroslav\Desktop
Loaded Profiles: miroslav (Available Profiles: miroslav)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CHR Extension: (Turtle) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjoabbgdgocpncdlhlfhbaocdddffjf [2016-12-28]
*****************

CHR Extension: (Turtle) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjoabbgdgocpncdlhlfhbaocdddffjf [2016-12-28] => Error: No automatic fix found for this entry.

==== End of Fixlog 20:03:48 ====
FRST Carantine sam arhivirao i ima 2500fajlova. Neznam kako da posaljem posto link koji ste mi dali nece da se otvori bez prijave, ali kada ukuca nik i pas kojim se logujem na mycity neprihvata prijavu. Sta dalje da uradim

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10445
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Izvinjavam se što upadam, ali moja je greška bila kod linka za upload. Ovaj je ispravan:
https://www.mycity.rs/ambulanta-upload.php

Ko je trenutno na forumu
 

Ukupno su 681 korisnika na forumu :: 10 registrovanih, 0 sakrivenih i 671 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1798 - dana 19 Sep 2019 18:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Dorcolac, goxin, havoc995, MarKhan, nenad812, Outis, S-lash, shsoft02, ShurikSST, stug