Provjera

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav, Defender mi detektuje Hacktool win32, skidao sam neki program i odmah mi je Defender pokazao da je virus usao, i reklame neke mi iskacu pa ne mogu iz hroma da izadjem nego moram preko task manadzera.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by AnunnakiFox (administrator) on DESKTOP-CFRJGIG (05-02-2017 12:00:11)
Running from C:\Users\AnunnakiFox\Desktop
Loaded Profiles: AnunnakiFox (Available Profiles: AnunnakiFox)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16403712 2015-08-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [uTorrent] => C:\Users\AnunnakiFox\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-20] (BitTorrent Inc.)
HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [Uninstall C:\Users\AnunnakiFox\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AnunnakiFox\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-06-25]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{97e2d7b9-0239-4080-8af7-607c7d8fcacc}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2028377596-1738238198-4291754873-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF DefaultProfile: mizzs6r0.default
FF ProfilePath: C:\Users\AnunnakiFox\AppData\Roaming\Mozilla\Firefox\Profiles\r1mj2ed7.default [2016-12-03]
FF NetworkProxy: Mozilla\Firefox\Profiles\r1mj2ed7.default -> type",
FF Homepage: Mozilla\Firefox\Profiles\r1mj2ed7.default -> [Link mogu videti samo ulogovani korisnici]
FF ProfilePath: C:\Users\AnunnakiFox\AppData\Roaming\Profiles\mizzs6r0.default [2017-01-27]
FF NewTab: Profiles\mizzs6r0.default -> about:newtab
FF DefaultSearchEngine: Profiles\mizzs6r0.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Profiles\mizzs6r0.default -> Поиск@Mail.Ru
FF Homepage: Profiles\mizzs6r0.default -> [Link mogu videti samo ulogovani korisnici]
FF Keyword.URL: Profiles\mizzs6r0.default -> [Link mogu videti samo ulogovani korisnici]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default [2017-02-05]
CHR Extension: (Google Drive) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]
CHR Extension: (YouTube) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]
CHR Extension: (AdBlock) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-24] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-24] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-09-23] (Power Admin LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-12-20] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-12-20] (Disc Soft Ltd)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-16] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\system32\DRIVERS\netr28ux.sys [2244944 2016-05-09] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-07-18] (Anchorfree Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-10-05] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 12:00 - 2017-02-05 12:00 - 00013948 _____ C:\Users\AnunnakiFox\Desktop\FRST.txt
2017-02-05 12:00 - 2017-02-05 12:00 - 00000000 ____D C:\FRST
2017-02-05 11:56 - 2017-02-05 11:56 - 02420736 _____ (Farbar) C:\Users\AnunnakiFox\Desktop\FRST64.exe
2017-02-03 22:45 - 2017-02-03 22:45 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Gracenote
2017-02-03 22:39 - 2017-02-03 22:45 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\VEGAS
2017-02-03 22:39 - 2017-02-03 22:39 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\VEGAS Pro
2017-02-03 22:39 - 2017-02-03 22:39 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\MAGIX
2017-02-03 22:39 - 2017-02-03 22:39 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\VEGAS Pro
2017-02-03 22:39 - 2017-02-03 22:39 - 00000000 ____D C:\ProgramData\VEGAS Pro
2017-02-03 22:39 - 2017-02-03 22:39 - 00000000 ____D C:\ProgramData\MAGIX
2017-02-03 22:38 - 2017-02-03 22:38 - 00001118 _____ C:\Users\Public\Desktop\Vegas Pro 14.0 (64-bit).lnk
2017-02-03 22:38 - 2017-02-03 22:38 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\VEGAS
2017-02-03 22:38 - 2017-02-03 22:38 - 00000000 ____D C:\ProgramData\VEGAS
2017-02-03 22:38 - 2017-02-03 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2017-02-03 22:38 - 2017-02-03 22:38 - 00000000 ____D C:\Program Files\VEGAS
2017-02-03 22:38 - 2017-02-03 22:38 - 00000000 ____D C:\Program Files (x86)\VEGAS
2017-02-03 22:37 - 2017-02-03 22:37 - 445137688 _____ C:\Users\AnunnakiFox\Downloads\Sony Vegas Pro 14.zip
2017-02-01 22:26 - 2017-02-01 22:26 - 00000000 ____D C:\WINDOWS\Panther
2017-02-01 21:58 - 2017-02-01 22:43 - 996775808 _____ C:\Users\AnunnakiFox\Downloads\windows10.0-kb3213986-x64_a1f5adacc28b56d7728c92e318d6596d9072aec4.msu
2017-02-01 15:36 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-01 15:36 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-31 03:15 - 2017-01-31 03:15 - 00000000 ____D C:\Users\AnunnakiFox\Downloads\Wallpapers
2017-01-25 15:51 - 2017-01-25 15:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-25 15:51 - 2017-01-20 15:07 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-25 15:51 - 2016-12-16 01:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-25 15:51 - 2016-12-16 01:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-25 15:51 - 2016-12-16 01:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-25 15:51 - 2016-12-16 01:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-25 15:49 - 2017-01-24 01:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-25 15:49 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-25 15:49 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-25 00:33 - 2017-01-25 00:59 - 00000000 ____D C:\Users\AnunnakiFox\Downloads\bato
2017-01-24 19:45 - 2017-01-24 19:45 - 00000000 ____D C:\Program Files\Samsung
2017-01-24 19:45 - 2016-07-22 08:21 - 01499408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2017-01-24 19:45 - 2016-07-22 08:21 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2017-01-24 19:45 - 2016-07-22 08:21 - 00164992 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-01-24 19:45 - 2016-07-22 08:21 - 00130688 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-01-24 19:43 - 2017-01-24 19:43 - 00000000 ____D C:\ProgramData\Samsung
2017-01-20 18:08 - 2017-02-03 10:32 - 00534264 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-01-20 18:08 - 2017-01-20 18:08 - 00000000 ____D C:\Users\AnunnakiFox\Documents\My Games
2017-01-20 18:08 - 2016-12-27 10:23 - 00395024 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-01-20 18:01 - 2017-02-03 10:46 - 00001017 _____ C:\Users\Public\Desktop\Watch Dogs 2.lnk
2017-01-20 18:01 - 2017-01-20 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watch_Dogs 2
2017-01-20 01:31 - 2017-01-20 02:13 - 00000000 ____D C:\Users\AnunnakiFox\Documents\FIFA 17
2017-01-18 14:43 - 2017-02-05 12:00 - 00201886 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-12 13:51 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-12 13:51 - 2017-01-06 02:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-12 13:51 - 2017-01-06 02:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-11 14:18 - 2017-01-13 04:36 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\Messenger for Desktop
2017-01-11 14:18 - 2017-01-11 14:18 - 00002485 _____ C:\Users\AnunnakiFox\Desktop\Messenger for Desktop.lnk
2017-01-11 14:17 - 2017-01-11 14:25 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\messengerfordesktop
2017-01-09 22:45 - 2017-01-11 23:54 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2017-01-09 22:41 - 2017-01-09 22:41 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MessengerForDesktop.com
2017-01-08 17:37 - 2017-01-11 14:25 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\SquirrelTemp
2017-01-08 17:37 - 2017-01-11 14:18 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alexandru Rosianu
2017-01-06 20:06 - 2017-01-06 20:06 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Steam
2017-01-06 20:00 - 2017-01-13 20:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-06 20:00 - 2017-01-06 20:00 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2017-01-06 20:00 - 2017-01-06 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 11:57 - 2016-06-25 13:32 - 03443486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-05 11:54 - 2016-09-25 21:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-05 06:54 - 2016-10-06 00:50 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F213B35-2911-406D-BF02-4EE7679EE333}
2017-02-04 19:59 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-04 19:39 - 2016-09-25 22:04 - 00000000 ____D C:\Users\AnunnakiFox
2017-02-04 12:25 - 2016-09-25 22:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-04 06:34 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-04 04:17 - 2016-12-08 01:26 - 00000000 ____D C:\ProgramData\MCShield
2017-02-04 04:16 - 2016-09-25 22:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-04 04:15 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-04 04:15 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-04 01:59 - 2016-10-15 13:47 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-04 01:59 - 2016-06-25 22:24 - 00406479 ____N C:\WINDOWS\Minidump\020417-21734-01.dmp
2017-02-03 22:39 - 2016-09-20 02:49 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Sony
2017-02-03 22:38 - 2016-09-20 02:48 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\Sony
2017-02-03 22:12 - 2016-06-25 13:38 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\VirtualStore
2017-02-03 21:48 - 2016-06-25 14:21 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\uTorrent
2017-02-03 19:09 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-02 17:58 - 2016-10-08 04:05 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\CrashDumps
2017-02-02 11:54 - 2016-12-19 22:49 - 00001257 _____ C:\Users\AnunnakiFox\Desktop\FIFA17.lnk
2017-02-02 03:59 - 2016-06-25 22:24 - 00417487 ____N C:\WINDOWS\Minidump\020217-15046-01.dmp
2017-02-01 23:07 - 2016-09-14 02:53 - 00001078 _____ C:\Users\Public\Desktop\Origin.lnk
2017-02-01 22:57 - 2016-07-11 11:57 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\JDownloader v2.0
2017-02-01 16:17 - 2016-06-25 13:38 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Packages
2017-02-01 16:03 - 2016-09-25 21:58 - 04954744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-31 03:15 - 2016-10-07 17:56 - 00000000 ____D C:\Users\AnunnakiFox\Downloads\GAMES
2017-01-30 20:50 - 2016-09-12 02:08 - 00000000 ____D C:\Games
2017-01-29 16:44 - 2016-06-25 13:45 - 00000000 __SHD C:\Users\AnunnakiFox\IntelGraphicsProfiles
2017-01-27 21:52 - 2016-12-04 20:09 - 00000000 ____D C:\Users\AnunnakiFox\AppData\LocalLow\Mozilla
2017-01-26 15:39 - 2016-09-25 22:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-25 16:00 - 2016-09-14 02:53 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-25 15:58 - 2016-09-09 18:28 - 00000000 ____D C:\ProgramData\Origin
2017-01-25 15:55 - 2016-09-14 02:54 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\Origin
2017-01-25 15:52 - 2016-09-23 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-25 15:50 - 2016-09-25 22:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-25 15:37 - 2016-12-20 15:57 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-25 15:37 - 2016-12-20 15:56 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 15:37 - 2016-09-25 22:20 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 15:36 - 2016-09-25 22:20 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 15:36 - 2016-09-25 22:20 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 15:36 - 2016-09-25 22:20 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 15:36 - 2016-09-25 22:20 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 15:36 - 2016-09-25 22:20 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 15:36 - 2016-09-25 22:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-24 12:50 - 2016-09-14 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-01-24 01:00 - 2016-08-26 23:30 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-01-24 01:00 - 2016-08-26 23:30 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-01-20 19:39 - 2016-09-23 18:12 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-20 19:39 - 2016-09-23 18:12 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-20 19:39 - 2016-09-23 18:12 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-20 19:39 - 2016-09-23 18:12 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-20 19:39 - 2016-09-23 18:12 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-20 17:38 - 2016-09-27 09:48 - 00514616 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-01-20 17:38 - 2016-09-23 19:07 - 04079032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-01-20 17:38 - 2016-09-23 19:07 - 03597640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-01-20 17:38 - 2016-09-23 19:07 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-01-20 17:38 - 2016-07-16 15:29 - 00420408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-01-20 16:13 - 2016-09-25 22:00 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-01-20 16:13 - 2016-09-25 22:00 - 02479160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-01-20 16:13 - 2016-09-25 22:00 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-01-20 16:13 - 2016-09-25 22:00 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-01-20 16:13 - 2016-09-25 22:00 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-01-20 16:13 - 2016-09-25 22:00 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-01-20 16:13 - 2016-09-25 22:00 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-01-20 15:04 - 2016-09-23 18:12 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-01-20 14:36 - 2016-12-20 15:56 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-18 19:27 - 2016-12-07 19:18 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Ubisoft Game Launcher
2017-01-18 13:57 - 2016-09-25 22:00 - 07755067 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-01-12 16:16 - 2016-06-25 14:11 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-12 16:16 - 2016-06-25 14:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 23:54 - 2016-12-22 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2017-01-11 13:11 - 2016-09-25 22:20 - 00003994 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-11 13:11 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 13:11 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-09 22:48 - 2016-06-25 14:25 - 00001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-01-09 22:48 - 2016-06-25 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-01-07 14:57 - 2016-12-20 15:57 - 00002938 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-06 02:10 - 2016-09-23 18:12 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

==================== Files in the root of some directories =======

2016-12-04 20:02 - 2016-12-04 20:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-20 15:57 - 2017-01-12 13:51 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-20 15:57 - 2017-01-07 14:57 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-01 22:30 - 2017-02-01 22:30 - 0040448 ____N () C:\Users\AnunnakiFox\AppData\Local\Temp\proxy_vole1276418714074215558.dll
2017-02-01 22:30 - 2017-02-01 22:30 - 0040448 ____N () C:\Users\AnunnakiFox\AppData\Local\Temp\proxy_vole2838375595636425909.dll
2017-02-01 22:12 - 2017-02-01 22:12 - 0040448 _____ () C:\Users\AnunnakiFox\AppData\Local\Temp\proxy_vole6475560623228989813.dll
2017-02-01 22:30 - 2017-02-01 22:30 - 0040448 ____N () C:\Users\AnunnakiFox\AppData\Local\Temp\proxy_vole8066976773427823762.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-26 22:34

==================== End of FRST.txt ============================

[Link mogu videti samo ulogovani korisnici]

Unaprijed Hvala

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stanje je da i dalje imam virus Hacktool win32/patcher

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Daj mi screenshot detekcije sa lokacijom.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sinoc je bilo ali danas nema tog virusa samo sam ga sad nasao kao sto je na slici, hvala puno

• 2Ovo se svidja korisnicima: magna86, Ričard
  
  Registruj se da bi pohvalio/la poruku!

Pa to defender detektuje taj tvoj patch za Sony Vegas, sta god to bilo. Valjda vidis da pise.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Vidim unistaliro sam ga, hvala puno jos jednom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obrisi alate rucno ili

• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.