MyCity » Ambulanta -> Arhiva Ambulante » Da li je virus u pitanju?

Da li je virus u pitanju?

Napisano na dan: 11.9.2017

Da li je virus u pitanju?

Odgovori

Ljilja Hnovi Poslao: 11 Sep 2017 17:38 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ne znam šta se dešava sa ovim laptopom, što ga manje uključujem, on je šašaviji. Sad sam jedva uradila izvještaje, polje od Farbara je nekoliko puta pocrnjelo sa porukom da se ne odaziva, onda sam nastavi skeniranje i ponovo pocrni. Tako i pretraživači, fajlovi, programi... baš sve. Prije neki dan mi je stigla poruka da se neko logovao na moj mejl... Promijenila sam lozinku, skenirala Avast-om, MBAR-om (nađeno je + ovo) i uradila defragmentaciju. Evo izvještaji dok nije potpuno blokirao. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017 Ran by Ljilja (administrator) on LJILJA-PC (11-09-2017 17:00:25) Running from C:\Users\Ljilja\Desktop Loaded Profiles: Ljilja (Available Profiles: Ljilja) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-27] (AVAST Software) HKLM Group Policy restriction on software: .pdf.com <==== ATTENTION HKLM Group Policy restriction on software: .pdf.bat <==== ATTENTION HKLM Group Policy restriction on software: .wma.com <==== ATTENTION HKLM Group Policy restriction on software: .wma.cmd <==== ATTENTION HKLM Group Policy restriction on software: .gif.bat <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.jse <==== ATTENTION HKLM Group Policy restriction on software: .zip.scr <==== ATTENTION HKLM Group Policy restriction on software: .divx.cmd <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.com <==== ATTENTION HKLM Group Policy restriction on software: .zip.jse <==== ATTENTION HKLM Group Policy restriction on software: .7z.scr <==== ATTENTION HKLM Group Policy restriction on software: .wmv.jse <==== ATTENTION HKLM Group Policy restriction on software: .bmp.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.jse <==== ATTENTION HKLM Group Policy restriction on software: .pub.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.scr <==== ATTENTION HKLM Group Policy restriction on software: .xls.js <==== ATTENTION HKLM Group Policy restriction on software: %programfiles%\\svchost.exe <==== ATTENTION HKLM Group Policy restriction on software: .jpeg.exe <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.jse <==== ATTENTION HKLM Group Policy restriction on software: .wmv.com <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\.js <==== ATTENTION HKLM Group Policy restriction on software: .avi.bat <==== ATTENTION HKLM Group Policy restriction on software: .jpg.cmd <==== ATTENTION HKLM Group Policy restriction on software: .rar.jse <==== ATTENTION HKLM Group Policy restriction on software: .xls.com <==== ATTENTION HKLM Group Policy restriction on software: .avi.scr <==== ATTENTION HKLM Group Policy restriction on software: .doc.jse <==== ATTENTION HKLM Group Policy restriction on software: .jpg.exe <==== ATTENTION HKLM Group Policy restriction on software: .gif.com <==== ATTENTION HKLM Group Policy restriction on software: .gif.js <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.pif <==== ATTENTION HKLM Group Policy restriction on software: .mp4.com <==== ATTENTION HKLM Group Policy restriction on software: .rtf.cmd <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.js <==== ATTENTION HKLM Group Policy restriction on software: .txt.com <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.exe <==== ATTENTION HKLM Group Policy restriction on software: .wmv.bat <==== ATTENTION HKLM Group Policy restriction on software: .pptx.js <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\.scr <==== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION HKLM Group Policy restriction on software: .xlsx.exe <==== ATTENTION HKLM Group Policy restriction on software: .mp3.exe <==== ATTENTION HKLM Group Policy restriction on software: .mp3.js <==== ATTENTION HKLM Group Policy restriction on software: .doc.bat <==== ATTENTION HKLM Group Policy restriction on software: .docx.exe <==== ATTENTION HKLM Group Policy restriction on software: .gif.pif <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.scr <==== ATTENTION HKLM Group Policy restriction on software: .mp3.scr <==== ATTENTION HKLM Group Policy restriction on software: .png.bat <==== ATTENTION HKLM Group Policy restriction on software: .jpeg.scr <==== ATTENTION HKLM Group Policy restriction on software: .wav.com <==== ATTENTION HKLM Group Policy restriction on software: .pptx.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.pif <==== ATTENTION HKLM Group Policy restriction on software: .ppt.scr <==== ATTENTION HKLM Group Policy restriction on software: .xls.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .rar.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.js <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.pif <==== ATTENTION HKLM Group Policy restriction on software: .ppt.pif <==== ATTENTION HKLM Group Policy restriction on software: .wav.exe <==== ATTENTION HKLM Group Policy restriction on software: .rtf.pif <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .bmp.js <==== ATTENTION HKLM Group Policy restriction on software: .pptx.cmd <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\.jse <==== ATTENTION HKLM Group Policy restriction on software: .pub.pif <==== ATTENTION HKLM Group Policy restriction on software: .divx.com <==== ATTENTION HKLM Group Policy restriction on software: .rar.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.js <==== ATTENTION HKLM Group Policy restriction on software: .divx.pif <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.bat <==== ATTENTION HKLM Group Policy restriction on software: .bmp.pif <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.com <==== ATTENTION HKLM Group Policy restriction on software: .wma.pif <==== ATTENTION HKLM Group Policy restriction on software: .docx.cmd <==== ATTENTION HKLM Group Policy restriction on software: .jpeg.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .xlsx.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.cmd <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.pif <==== ATTENTION HKLM Group Policy restriction on software: .xls.scr <==== ATTENTION HKLM Group Policy restriction on software: .7z.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.exe <==== ATTENTION HKLM Group Policy restriction on software: .gif.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.com <==== ATTENTION HKLM Group Policy restriction on software: .ppt.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.bat <==== ATTENTION HKLM Group Policy restriction on software: .mp3.pif <==== ATTENTION HKLM Group Policy restriction on software: .xlsx.scr <==== ATTENTION HKLM Group Policy restriction on software: .jpeg.pif <==== ATTENTION HKLM Group Policy restriction on software: .wma.bat <==== ATTENTION HKLM Group Policy restriction on software: .doc.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.bat <==== ATTENTION HKLM Group Policy restriction on software: .bmp.jse <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .pptx.exe <==== ATTENTION HKLM Group Policy restriction on software: .wma.exe <==== ATTENTION HKLM Group Policy restriction on software: .jpg.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.com <==== ATTENTION HKLM Group Policy restriction on software: .wma.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.js <==== ATTENTION HKLM Group Policy restriction on software: :\$Recycle.Bin <==== ATTENTION HKLM Group Policy restriction on software: .txt.cmd <==== ATTENTION HKLM Group Policy restriction on software: .wav.js <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.bat <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.pif <==== ATTENTION HKLM Group Policy restriction on software: .wav.cmd <==== ATTENTION HKLM Group Policy restriction on software: .xlsx.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.exe <==== ATTENTION HKLM Group Policy restriction on software: .jpeg.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.bat <==== ATTENTION HKLM Group Policy restriction on software: .jpg.pif <==== ATTENTION HKLM Group Policy restriction on software: .ppt.jse <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\.cmd <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.com <==== ATTENTION HKLM Group Policy restriction on software: .wmv.pif <==== ATTENTION HKLM Group Policy restriction on software: .7z.cmd <==== ATTENTION HKLM Group Policy restriction on software: .wma.scr <==== ATTENTION HKLM Group Policy restriction on software: .7z.com <==== ATTENTION HKLM Group Policy restriction on software: .avi.exe <==== ATTENTION HKLM Group Policy restriction on software: .docx.scr <==== ATTENTION HKLM Group Policy restriction on software: .txt.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\.exe <==== ATTENTION HKLM Group Policy restriction on software: .jpg.jse <==== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\\svchost.exe <==== ATTENTION HKLM Group Policy restriction on software: .avi.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.pif <==== ATTENTION HKLM Group Policy restriction on software: .docx.com <==== ATTENTION HKLM Group Policy restriction on software: ** <==== ATTENTION HKLM Group Policy restriction on software: .mp3.bat <==== ATTENTION HKLM Group Policy restriction on software: .png.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.jse <==== ATTENTION HKLM Group Policy restriction on software: .wav.bat <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\.pif <==== ATTENTION HKLM Group Policy restriction on software: .bmp.com <==== ATTENTION HKLM Group Policy restriction on software: .txt.exe <==== ATTENTION HKLM Group Policy restriction on software: .rar.cmd <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.scr <==== ATTENTION HKLM Group Policy restriction on software: .mp4.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.com <==== ATTENTION HKLM Group Policy restriction on software: .rtf.com <==== ATTENTION HKLM Group Policy restriction on software: .doc.js <==== ATTENTION HKLM Group Policy restriction on software: .avi.pif <==== ATTENTION HKLM Group Policy restriction on software: .png.cmd <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\.com <==== ATTENTION HKLM Group Policy restriction on software: .xlsx.bat <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\.bat <==== ATTENTION HKLM Group Policy restriction on software: .zip.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.exe <==== ATTENTION HKLM Group Policy restriction on software: .pptx.com <==== ATTENTION HKLM Group Policy restriction on software: .rar.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.scr <==== ATTENTION HKLM Group Policy restriction on software: .jpeg.js <==== ATTENTION HKLM Group Policy restriction on software: .zip.exe <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.jse <==== ATTENTION HKLM Group Policy restriction on software: .mp3.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.com <==== ATTENTION HKLM Group Policy restriction on software: .doc.cmd <==== ATTENTION HKLM Group Policy restriction on software: .pub.jse <==== ATTENTION HKLM Group Policy restriction on software: .doc.scr <==== ATTENTION HKLM Group Policy restriction on software: .png.com <==== ATTENTION HKLM Group Policy restriction on software: .avi.cmd <==== ATTENTION HKLM Group Policy restriction on software: .txt.jse <==== ATTENTION HKLM Group Policy restriction on software: .zip.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.bat <==== ATTENTION HKLM Group Policy restriction on software: .rtf.js <==== ATTENTION HKLM Group Policy restriction on software: .jpg.js <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.js <==== ATTENTION HKLM Group Policy restriction on software: .ppt.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.jse <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\.scr <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.js <==== ATTENTION HKLM Group Policy restriction on software: .txt.bat <==== ATTENTION HKLM Group Policy restriction on software: .7z.pif <==== ATTENTION HKLM Group Policy restriction on software: .pub.exe <==== ATTENTION HKLM Group Policy restriction on software: .jpeg.jse <==== ATTENTION HKLM Group Policy restriction on software: .doc.com <==== ATTENTION HKLM Group Policy restriction on software: .pdf.scr <==== ATTENTION HKLM Group Policy restriction on software: .jpg.com <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\.exe <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.exe <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.jse <==== ATTENTION HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.exe <==== ATTENTION HKLM Group Policy restriction on software: .avi.jse <==== ATTENTION HKLM Group Policy restriction on software: .bmp.cmd <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\.com <==== ATTENTION HKLM Group Policy restriction on software: .rar.bat <==== ATTENTION HKLM Group Policy restriction on software: .pptx.jse <==== ATTENTION HKLM Group Policy restriction on software: .gif.exe <==== ATTENTION HKLM Group Policy restriction on software: .mp4.jse <==== ATTENTION HKLM Group Policy restriction on software: .gif.scr <==== ATTENTION HKLM Group Policy restriction on software: .png.exe <==== ATTENTION HKLM Group Policy restriction on software: .gif.cmd <==== ATTENTION HKLM Group Policy restriction on software: .mp4.pif <==== ATTENTION HKLM Group Policy restriction on software: .wav.pif <==== ATTENTION HKLM Group Policy restriction on software: .png.jse <==== ATTENTION HKLM Group Policy restriction on software: .7z.js <==== ATTENTION HKLM Group Policy restriction on software: .divx.exe <==== ATTENTION HKLM Group Policy restriction on software: .png.js <==== ATTENTION HKLM Group Policy restriction on software: .pdf.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.scr <==== ATTENTION HKLM Group Policy restriction on software: .rtf.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.js <==== ATTENTION HKLM Group Policy restriction on software: .xls.bat <==== ATTENTION HKLM Group Policy restriction on software: .rtf.scr <==== ATTENTION HKLM Group Policy restriction on software: %programfiles(x86)%\\svchost.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.js <==== ATTENTION HKLM Group Policy restriction on software: .pdf.exe <==== ATTENTION HKLM Group Policy restriction on software: .png.pif <==== ATTENTION HKLM Group Policy restriction on software: .divx.scr <==== ATTENTION HKLM Group Policy restriction on software: .wma.jse <==== ATTENTION HKLM Group Policy restriction on software: .ppt.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .wmv.scr <==== ATTENTION HKLM Group Policy restriction on software: .pptx.scr <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.scr <==== ATTENTION HKLM Group Policy restriction on software: .xls.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.pif <==== ATTENTION HKLM Group Policy restriction on software: .7z.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.pif <==== ATTENTION HKLM Group Policy restriction on software: .mp4.cmd <==== ATTENTION HKLM Group Policy restriction on software: .pub.js <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.com <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\\svchost.exe <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.bat <==== ATTENTION HKLM Group Policy restriction on software: .mp4.exe <==== ATTENTION HKLM Group Policy restriction on software: .rar.exe <==== ATTENTION HKLM Group Policy restriction on software: .pub.com <==== ATTENTION HKLM Group Policy restriction on software: .wmv.exe <==== ATTENTION HKLM Group Policy restriction on software: .doc.exe <==== ATTENTION HKLM Group Policy restriction on software: .zip.pif <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.jse <==== ATTENTION HKLM Group Policy restriction on software: .mp3.com <==== ATTENTION HKLM Group Policy restriction on software: .ppt.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.bat <==== ATTENTION HKLM Group Policy restriction on software: .docx.jse <==== ATTENTION HKLM Group Policy restriction on software: .xls.pif <==== ATTENTION HKLM Group Policy restriction on software: .xlsx.cmd <==== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION HKLM Group Policy restriction on software: .pdf.js <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .rar.scr <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.pif <==== ATTENTION HKLM Group Policy restriction on software: .rtf.jse <==== ATTENTION HKLM Group Policy restriction on software: .zip.bat <==== ATTENTION HKLM Group Policy restriction on software: .jpg.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.jse <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.exe <==== ATTENTION HKLM Group Policy restriction on software: .xls.cmd <==== ATTENTION HKLM Group Policy restriction on software: .txt.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .ppt.bat <==== ATTENTION HKLM Group Policy restriction on software: .docx.bat <==== ATTENTION HKLM Group Policy restriction on software: .wav.scr <==== ATTENTION HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION HKLM Group Policy restriction on software: .7z.bat <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\.bat <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.scr <==== ATTENTION HKLM Group Policy restriction on software: .xlsx.pif <==== ATTENTION HKLM Group Policy restriction on software: .avi.com <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\.exe <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\.js <==== ATTENTION HKLM Group Policy restriction on software: .docx.pif <==== ATTENTION HKLM Group Policy restriction on software: .bmp.exe <==== ATTENTION HKLM Group Policy restriction on software: .wmv.cmd <==== ATTENTION HKLM Group Policy restriction on software: .txt.pif <==== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.scr <==== ATTENTION HKLM Group Policy restriction on software: .rtf.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .pub.cmd <==== ATTENTION HKLM Group Policy restriction on software: .divx.jse <==== ATTENTION HKLM Group Policy restriction on software: .wmv.js <==== ATTENTION HKLM Group Policy restriction on software: .zip.js <==== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION HKLM Group Policy restriction on software: .docx.js <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.exe <==== ATTENTION HKLM Group Policy restriction on software: .pub.bat <==== ATTENTION HKLM Group Policy restriction on software: .pdf.pif <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.com <==== ATTENTION HKLM Group Policy restriction on software: .mp4.scr <==== ATTENTION HKLM Group Policy restriction on software: .wav.jse <==== ATTENTION HKLM Group Policy restriction on software: .divx.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.com <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\.cmd <==== ATTENTION HKLM Group Policy restriction on software: .pdf.cmd <==== ATTENTION HKLM Group Policy restriction on software: .mp4.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.com <==== ATTENTION HKLM Group Policy restriction on software: .bmp.bat <==== ATTENTION HKLM Group Policy restriction on software: .jpeg.cmd <==== ATTENTION HKLM Group Policy restriction on software: .xlsx.js <==== ATTENTION HKLM Group Policy restriction on software: .pptx.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.exe <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\.bat <==== ATTENTION HKLM Group Policy restriction on software: .mp3.jse <==== ATTENTION HKLM Group Policy restriction on software: .divx.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\Run: [GoogleChromeAutoLaunch_AE2C712981C67602D63C90F9347623AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.) HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\MountPoints2: {71ce00fa-b6c7-11e6-a9ca-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.ultimatebootcd.com/ HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\MountPoints2: {7d21e9d0-54ea-11e7-8ce4-88ae1df86fa6} - F:\Startme.exe HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\MountPoints2: {d3c9111c-be41-11e6-8743-88ae1df86fa6} - F:\AutoRun.exe HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\MountPoints2: {d3c9112a-be41-11e6-8743-88ae1df86fa6} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 213.133.3.5 212.200.246.8 8.8.8.8 192.168.1.1 Tcpip\..\Interfaces\{4BD635EC-FF0B-4C11-AFD4-F65053B119CB}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{7C2F006E-707D-4DAE-B310-B95E9C64D750}: [DhcpNameServer] 213.133.3.5 212.200.246.8 8.8.8.8 192.168.1.1 Tcpip\..\Interfaces\{9AEC18AF-D4B3-4764-A175-93EC933E0DF6}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} SearchScopes: HKU\S-1-5-21-2074189543-3294617753-2427880266-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-27] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-27] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation) FireFox: ======== FF DefaultProfile: z16lxt41.default FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default [2017-09-11] FF NewTab: Mozilla\Firefox\Profiles\z16lxt41.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\z16lxt41.default -> Avast Search FF DefaultSearchUrl: Mozilla\Firefox\Profiles\z16lxt41.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms} FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\z16lxt41.default -> Avast Search FF SelectedSearchEngine: Mozilla\Firefox\Profiles\z16lxt41.default -> Avast Search FF Homepage: Mozilla\Firefox\Profiles\z16lxt41.default -> hxxps://www.google.me/ FF Keyword.URL: Mozilla\Firefox\Profiles\z16lxt41.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms} FF Extension: (EHTip) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\ehtip@robertkatic [2017-02-27] FF Extension: (Panel View for Google™ Translate) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpack.xpi [2017-07-20] FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2017-06-24] FF Extension: (Translate This!) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2016-12-01] FF Extension: (uBlock Origin) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-20] FF Extension: (Video DownloadHelper) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-06-24] FF Extension: (Adblock Plus) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-24] FF SearchPlugin: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\searchplugins\avast-search.xml [2017-02-27] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-06-24] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-06-24] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => not found FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default [2017-09-11] CHR Extension: (Google преводилац) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-13] CHR Extension: (Google диск) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-13] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-18] CHR Extension: (YouTube) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-13] CHR Extension: (Google+) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2017-01-13] CHR Extension: (AdBlock) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-14] CHR Extension: (Avast Online Security) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-29] CHR Extension: (Flash Control) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgadgplbbdjlbjgdociahdlmbglfeen [2017-06-23] CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-24] CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29] CHR Extension: (Click&Clean App) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-09-10] CHR Extension: (Speedtest by Ookla) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-08-31] CHR Extension: (Gmail) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-13] CHR Extension: (Chrome Media Router) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10] CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-10] CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-10] CHR HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-02-27] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-27] (AVAST Software) S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [384512 2016-06-27] (Digital Wave Ltd.) [File not signed] R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd) S3 EFS; C:\Windows\System32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation) S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-07-14] (Microsoft Corporation) S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2016-12-09] () R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation) S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation) S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation) S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation) R2 SamSs; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation) R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH) S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation) S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) R3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation) S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare) R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2017-07-14] (Microsoft Corporation) R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2017-07-14] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-02-27] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-27] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-27] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-27] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-27] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-27] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-02-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-27] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-02-27] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-02-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-24] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-27] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2016-12-09] (Bytemobile, Inc.) [File not signed] S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] () U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2016-12-09] (Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-11] (Malwarebytes) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3731672 2016-09-16] (Realtek Semiconductor Corporation ) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2016-12-09] (Bytemobile, Inc.) [File not signed] R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-02-28] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-02-28] (Zemana Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-11 17:00 - 2017-09-11 17:10 - 000047631 _____ C:\Users\Ljilja\Desktop\FRST.txt 2017-09-11 16:58 - 2017-09-11 17:00 - 000000000 ____D C:\FRST 2017-09-11 16:47 - 2017-09-11 16:49 - 002396672 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe 2017-09-11 16:01 - 2017-09-11 16:18 - 000000000 ____D C:\Users\Ljilja\Desktop\Originals 2017-09-11 08:45 - 2017-09-11 08:45 - 000000000 ____D C:\Program Files\Common Files\Adobe 2017-09-11 08:33 - 2017-09-11 16:39 - 000145408 ___SH C:\Users\Ljilja\Desktop\Thumbs.db 2017-09-11 07:35 - 2017-09-11 07:35 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-09-07 21:57 - 2017-09-07 21:57 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2017-09-07 21:57 - 2017-09-07 21:57 - 000002132 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2017-09-07 21:48 - 2017-09-07 21:49 - 000000000 ____D C:\Users\Ljilja\AppData\Local\Viber 2017-08-17 12:09 - 2017-08-17 12:09 - 000000000 ____D C:\Users\Ljilja\Documents\OneNote Notebooks 2017-08-15 21:59 - 2017-08-15 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2017-08-15 21:59 - 2017-08-15 21:59 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft 2017-08-15 16:55 - 2017-08-15 16:55 - 000003415 _____ C:\Users\Ljilja\AppData\Local\recently-used.xbel 2017-08-15 16:07 - 2017-08-15 16:07 - 000034972 _____ C:\Users\Ljilja\Documents\BANKOKN.ttf 2017-08-15 14:33 - 2017-08-15 14:33 - 000024192 _____ C:\Users\Ljilja\Documents\TIMESI.ttf 2017-08-15 14:00 - 2017-08-15 14:00 - 000026012 _____ C:\Users\Ljilja\Documents\BEKERB.ttf 2017-08-15 13:20 - 2017-08-15 13:20 - 000023208 _____ C:\Users\Ljilja\Documents\MIROSLN.ttf 2017-08-14 09:56 - 2017-08-14 09:56 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-11 17:10 - 2017-02-28 08:13 - 000089484 _____ C:\Windows\ZAM.krnl.trace 2017-09-11 17:10 - 2017-02-28 08:13 - 000062410 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-09-11 16:18 - 2017-02-27 18:53 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-11 16:01 - 2016-10-21 17:25 - 000017408 ____H C:\Users\Ljilja\Desktop\photothumb.db 2017-09-11 15:53 - 2016-09-17 21:34 - 000000000 ____D C:\Users\Ljilja\AppData\Roaming\PhotoScape 2017-09-11 14:38 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-11 14:38 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-11 14:28 - 2016-09-17 20:52 - 000000000 ____D C:\ProgramData\MCShield 2017-09-11 14:28 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-11 09:46 - 2016-11-30 18:57 - 000000000 ____D C:\Users\Ljilja\AppData\LocalLow\Mozilla 2017-09-11 08:46 - 2017-06-20 06:42 - 000000000 ____D C:\Users\Ljilja\AppData\Roaming\Adobe 2017-09-11 08:45 - 2017-03-12 23:45 - 000000000 ____D C:\ProgramData\Adobe 2017-09-11 08:45 - 2017-03-12 21:29 - 000000000 ____D C:\Users\Ljilja\AppData\Local\Adobe 2017-09-11 07:57 - 2009-07-14 07:13 - 000787758 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-11 07:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2017-09-11 07:35 - 2009-07-14 05:20 - 000000000 __RHD C:\Users\Public\Libraries 2017-09-11 07:29 - 2017-02-26 18:33 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-09-10 10:42 - 2017-07-20 00:25 - 000000000 ____D C:\Users\Ljilja\AppData\Roaming\DVDVideoSoft 2017-09-10 09:14 - 2016-09-16 17:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-09-10 09:08 - 2016-09-17 20:38 - 000000000 ____D C:\Users\Ljilja\Documents\ViberDownloads 2017-09-10 09:06 - 2016-09-16 19:35 - 000000000 ____D C:\Users\Ljilja\AppData\Roaming\ViberPC 2017-09-07 22:06 - 2017-03-16 16:31 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-09-07 22:06 - 2016-09-16 18:42 - 000000000 ____D C:\ProgramData\Skype 2017-09-07 21:57 - 2016-09-16 18:43 - 000000000 ____D C:\Program Files (x86)\Google 2017-08-31 22:44 - 2016-10-29 15:20 - 000000000 ____D C:\Users\Ljilja\AppData\Local\CrashDumps 2017-08-31 10:33 - 2017-08-10 21:47 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-29 16:25 - 2016-11-30 18:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-08-29 13:50 - 2017-01-13 16:44 - 000002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-27 13:42 - 2017-02-27 13:47 - 000000000 ____D C:\Users\Ljilja\AppData\Local\ElevatedDiagnostics 2017-08-19 08:23 - 2016-09-16 19:10 - 000000000 ____D C:\Windows\pss 2017-08-15 21:35 - 2009-07-14 06:45 - 000425112 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-15 16:56 - 2016-09-18 09:37 - 000000000 ____D C:\Users\Ljilja\.gimp-2.8 2017-08-15 16:56 - 2016-09-16 16:45 - 000116760 _____ C:\Users\Ljilja\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-15 16:55 - 2016-11-08 19:00 - 000000000 ____D C:\Users\Ljilja\AppData\Local\gtk-2.0 ==================== Files in the root of some directories ======= 2016-11-14 13:56 - 2014-12-04 17:44 - 016061256 _____ (SAMSUNG Electronics Co., Ltd.) C:\Program Files\SAMSUNG_USB_Driver_for_Mobile_Phones.exe 2017-06-24 21:04 - 2010-03-16 13:55 - 033462296 _____ () C:\Program Files (x86)\TC40116100C.exe 2017-02-12 00:56 - 2017-03-03 23:19 - 318912029 _____ () C:\Users\Ljilja\AppData\Local\ACCCx3_9_5_353.zip.aamdownload 2017-02-12 00:56 - 2017-03-03 23:19 - 000003560 _____ () C:\Users\Ljilja\AppData\Local\ACCCx3_9_5_353.zip.aamdownload.aamd 2017-08-06 09:24 - 2017-08-06 09:24 - 000003584 _____ () C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-08-15 16:55 - 2017-08-15 16:55 - 000003415 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel 2016-09-16 17:21 - 2016-09-16 17:21 - 000000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-10 12:39 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 11 Sep 2017 19:26 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	1Ovo se svidja korisniku: Ljilja Hnovi Registruj se da bi pohvalio/la poruku! Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju. Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor. Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja. • Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju. • Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje. Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart. • Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report. Izvezi log na Desktop; - Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)' # U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save. - Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor. • U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

Profil

Ljilja Hnovi Poslao: 11 Sep 2017 20:55 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skeniranje je završeno, nije ništa našao. https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 11 Sep 2017 22:00 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	1Ovo se svidja korisniku: Ljilja Hnovi Registruj se da bi pohvalio/la poruku! Sudeći po FRST logovima, ssitem je čist što se malwarea tiče. • Sledeća procedura će implementirati završno čišćenje. Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop. Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija; Remove disinfection tools Create registry backup Purge System Restore Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad. Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani. Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt) Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Profil

Ljilja Hnovi Poslao: 12 Sep 2017 05:35 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve mi je ovo nejasno, MBAM nije našao ništa, a laptop je nešto brži. Poslije sam skenirala sa Zemanom, bilo je obaveštenje da postoji prijetnja u pretraživaču Mozilla (preko koje je bilo logovanje na moj mejl) home. Sass Drake, hvala!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Da li je virus u pitanju?

Ko je trenutno na forumu

Ukupno su 990 korisnika na forumu :: 31 registrovanih, 1 sakriven i 958 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anta, borya90, BraneS, brundo65, DejanCG, DonRumataEstorski, filiphr, Frunze, GORDI, Griffon vulture, Koridor, Krusarac, m0nstrum_, Metanoja, mikki jons, milenko crazy north, Miškić, moldway, nebkv, nemkea71, Nikolaa11, Panter, Recce, ruger357, sombrero, SR-3m, tubular, VJ, vranjanac29, zhuki8, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by