MyCity » Ambulanta -> Arhiva Ambulante » Nekontrolisano otvaranje reklamnih stranica

Nekontrolisano otvaranje reklamnih stranica

Napisano na dan: 6.7.2016
1

Nekontrolisano otvaranje reklamnih stranica
Sledeća strana Pagination

Idi na vrh

Poslao: 06 Jul 2016 15:38
Idi na vrh
offline
  • Pridružio: 19 Feb 2007
  • Poruke: 1838

Док нисам био ко куће, супруга је дозволила рођаку да користи мој компјутер чиме је изазвао неред. Колико сам видио, скидао је неки крек, а тиме и нешто злонамјерно. Почеле су се неконтролисано отварати разне рекламне странице. Као антивирусни програм користим Комодо. Да ли га је био искључио или тај програм није био у стању да открије напад, нисам сигуран. Он тврди да га није искључивао.
Покушао сам да ријешим проблем помоћу AdwCleanera, али без успјеха. Нису помогли ни SUPERAntiSpyware, ни AVG Anti-Spyware, ни Zemana AntiMalware, ни SpyBoot-S&B. Сви ови програми би пронашли по неки малициозни елеменат, али на крају су се рекламне странице поново отварале.
Оперативни систем је Виндоус 7, 64 -битни. Интернет је ADSL (до 10Mb/s), а провајдер је Телеком.
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Mico (administrator) on MICO-PC (06-07-2016 16:25:27)
Running from C:\Users\Mico\Downloads
Loaded Profiles: Mico (Available Profiles: Mico)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(GRISOFT s.r.o.) C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Winstep Software Technologies) C:\Program Files (x86)\Winstep\WsxService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-06-16] (COMODO)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13716208 2016-06-30] (Zemana Ltd.)
HKLM-x32\...\Run: [!AVG Anti-Spyware] => C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2016-07-04] (GRISOFT s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2016-07-04] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [Zemana AntiMalware] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13716208 2016-06-30] (Zemana Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] ()
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53118080 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-04] (SUPERAntiSpyware)
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac5a-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac67-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac7a-d7d9-11e1-b73d-1c6f655b0ac6} - J:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918facd4-d7d9-11e1-b73d-1c6f655b0ac6} - I:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918face7-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
ShellExecuteHooks-x32: - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No File [ ]
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
Startup: C:\Users\Mico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2012-11-19]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{8817521A-EF1E-4666-A306-DE1B3FBCB61B}: [DhcpNameServer] 192.168.1.1 0.0.0.0
ManualProxies: [Link mogu videti samo ulogovani korisnici]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-09-27] (Tracker Software Products Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-09-27] (Tracker Software Products Ltd.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} [Link mogu videti samo ulogovani korisnici]
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553530000} [Link mogu videti samo ulogovani korisnici]
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Mico\AppData\Roaming\Profiles\nrf5twcz.default
FF Homepage: [Link mogu videti samo ulogovani korisnici]
FF Keyword.URL: [Link mogu videti samo ulogovani korisnici]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll [2013-02-26] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll [2013-02-26] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @huawei.com/NPPlugin -> C:\Program Files (x86)\Web_TV\WebTVPlugin\NPPlugin.dll [2015-04-23] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-06-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: [Link mogu videti samo ulogovani korisnici]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-1855833522-102534308-2718566630-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-1855833522-102534308-2718566630-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mico\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found

Chrome:
=======
CHR HomePage: areraiedchegoghqituty -> mysearch.avg.com/?rvt=1
CHR StartupUrls: areraiedchegoghqituty -> "hxxps://www.google.rs/"
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2016-07-04] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 AVG Anti-Spyware Guard; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2016-07-04] (GRISOFT s.r.o.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817712 2016-06-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-06-16] (COMODO)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2016-07-04] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2016-07-04] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2016-07-04] (Safer-Networking Ltd.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13716208 2016-06-30] (Zemana Ltd.)
S2 shnCldchr.exe; "C:\Program Files (x86)\Przaing\shnCldchr.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVG Anti-Spyware Driver; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys [12024 2007-05-30] ()
R1 AvgAsC64; C:\Windows\System32\DRIVERS\AvgAsC64.sys [14072 2007-05-30] (GRISOFT, s.r.o.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-06-15] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [829600 2016-06-15] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56472 2016-06-15] (COMODO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [130944 2014-11-10] (Gemalto)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-06-15] (COMODO)
R3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdm64.sys [543744 2009-06-10] (Agere Systems)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-07-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-07-04] (Zemana Ltd.)
S3 autorun; \??\C:\huadio.tmp [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 mapmem_dv; \??\C:\mapmem.tmp [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 PID_0928; system32\DRIVERS\LV561V64.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 16:25 - 2016-07-06 16:26 - 00019750 _____ C:\Users\Mico\Downloads\FRST.txt
2016-07-06 16:24 - 2016-07-06 16:25 - 00000000 ____D C:\FRST
2016-07-06 15:44 - 2016-07-06 15:44 - 03712064 _____ C:\Users\Mico\Downloads\AdwCleaner.exe
2016-07-06 15:43 - 2016-07-06 15:43 - 02390016 _____ (Farbar) C:\Users\Mico\Downloads\FRST64.exe
2016-07-06 10:43 - 2016-07-06 10:43 - 00400922 _____ C:\Users\Mico\Downloads\Racun JKP Infostan Јун 2016. (1).pdf
2016-07-06 10:42 - 2016-07-06 10:43 - 00402388 _____ C:\Users\Mico\Downloads\Racun JKP Infostan Јун 2016..pdf
2016-07-05 09:08 - 2016-07-05 09:11 - 00000000 ____D C:\Users\Mico\Desktop\SpyWare
2016-07-05 08:41 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160705-084137.backup
2016-07-04 21:58 - 2016-07-06 16:25 - 00436832 _____ C:\Windows\ZAM.krnl.trace
2016-07-04 21:58 - 2016-07-06 16:25 - 00347307 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-07-04 21:58 - 2016-07-04 21:58 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-07-04 21:58 - 2016-07-04 21:58 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-07-04 21:58 - 2016-07-04 21:58 - 00000000 ____D C:\Users\Mico\AppData\Local\Zemana
2016-07-04 21:58 - 2016-07-04 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-07-04 21:58 - 2016-07-04 21:58 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-07-04 18:27 - 2016-07-04 20:31 - 00789056 _____ C:\TDSSKiller.3.1.0.9_04.07.2016_18.27.54_log.txt
2016-07-04 18:26 - 2016-07-04 18:27 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Mico\Downloads\MyCity.exe
2016-07-04 17:13 - 2016-07-04 17:13 - 00000000 ____D C:\Users\Mico\Documents\ProcAlyzer Dumps
2016-07-04 16:42 - 2016-07-04 17:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-04 16:42 - 2016-07-04 16:42 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-07-04 16:42 - 2016-07-04 16:42 - 00001360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-07-04 16:42 - 2016-07-04 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-04 08:37 - 2016-07-04 08:37 - 00000000 ____D C:\Users\Mico\AppData\Roaming\Grisoft
2016-07-04 08:37 - 2016-07-04 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Anti-Spyware 7.5
2016-07-04 08:37 - 2016-07-04 08:37 - 00000000 ____D C:\ProgramData\Grisoft
2016-07-04 08:37 - 2016-07-04 08:37 - 00000000 ____D C:\Program Files (x86)\Grisoft
2016-07-04 08:37 - 2007-05-30 14:10 - 00014072 _____ (GRISOFT, s.r.o.) C:\Windows\system32\Drivers\AvgAsC64.sys
2016-07-04 08:35 - 2016-07-04 08:35 - 12413440 _____ C:\Users\Mico\Downloads\avgas-setup-7.5.1.43.exe
2016-07-04 08:28 - 2016-07-04 08:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-07-04 08:27 - 2016-07-05 08:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-04 08:25 - 2016-07-04 08:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mico\Downloads\spybot-2.4.exe
2016-07-04 08:21 - 2016-07-06 16:21 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f86b1f00-458c-43cc-9ca5-c6b487ec8a8c.job
2016-07-04 08:21 - 2016-07-06 07:19 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c96a406-17d9-47ec-86db-a32f0c08e585.job
2016-07-04 08:21 - 2016-07-04 08:21 - 00003578 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9c96a406-17d9-47ec-86db-a32f0c08e585
2016-07-04 08:21 - 2016-07-04 08:21 - 00003504 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f86b1f00-458c-43cc-9ca5-c6b487ec8a8c
2016-07-04 08:21 - 2016-07-04 08:21 - 00000000 ____D C:\Users\Mico\AppData\Roaming\SUPERAntiSpyware.com
2016-07-04 08:21 - 2016-07-04 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-07-04 08:20 - 2016-07-04 08:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-04 08:20 - 2016-07-04 08:20 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-07-04 08:19 - 2016-07-04 08:19 - 26471512 _____ (SUPERAntiSpyware) C:\Users\Mico\Downloads\SAS_05600.EXE
2016-07-02 23:09 - 2016-07-06 15:46 - 00000000 ____D C:\AdwCleaner
2016-07-02 21:46 - 2016-07-02 21:46 - 00008958 _____ C:\Windows\System32\Tasks\Shanot Cloud
2016-07-02 21:45 - 2016-07-02 21:46 - 00000000 ____D C:\Users\Mico\AppData\Local\vefershcoobasyphijaent
2016-07-02 21:06 - 2016-07-02 21:06 - 00000000 ____D C:\Users\Mico\AppData\Roaming\Trimble Connect for SketchUp
2016-07-02 20:56 - 2016-07-02 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016
2016-07-02 20:55 - 2016-07-02 20:55 - 00000000 ____D C:\Program Files\SketchUp
2016-07-02 20:47 - 2016-07-02 20:50 - 127062664 _____ (Trimble Navigation Limited) C:\Users\Mico\Downloads\SketchUpPro-en-x64.exe
2016-06-30 11:51 - 2016-06-30 11:51 - 01445119 _____ C:\Users\Mico\Desktop\Pravilnik-o-ogranicenjima-i-zabranama.pdf
2016-06-24 17:15 - 2016-06-24 17:15 - 00107971 _____ C:\Users\Mico\Downloads\PP20160624171515.pdf
2016-06-15 10:18 - 2016-06-15 10:18 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 10:18 - 2016-06-15 10:18 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 10:18 - 2016-06-15 10:18 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 10:18 - 2016-06-15 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 10:17 - 2016-06-15 10:17 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 10:17 - 2016-06-15 10:17 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 10:17 - 2016-06-15 10:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 10:17 - 2016-06-15 10:17 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 10:17 - 2016-06-15 10:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 10:17 - 2016-06-15 10:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 10:17 - 2016-06-15 10:17 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 10:17 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 10:17 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 10:17 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 10:17 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-13 15:44 - 2016-06-24 10:13 - 00000000 ____D C:\Users\Mico\Desktop\KLIME
2016-06-10 07:00 - 2016-06-10 07:00 - 00001074 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2016-06-10 07:00 - 2016-06-10 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 16:19 - 2016-05-19 19:55 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2016-07-06 16:19 - 2012-05-17 15:56 - 00000000 ____D C:\Users\Mico\AppData\Roaming\Skype
2016-07-06 15:45 - 2012-07-04 19:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-06 15:18 - 2016-04-27 21:09 - 00000000 ____D C:\Users\Mico\AppData\Roaming\HPPlugin
2016-07-06 10:31 - 2012-05-17 13:41 - 00000000 ____D C:\Users\Mico
2016-07-06 07:45 - 2012-07-04 19:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-06 07:26 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-06 07:26 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-05 14:33 - 2016-04-27 21:09 - 00000000 ____D C:\Users\Mico\AppData\Roaming\huawei
2016-07-05 12:13 - 2014-03-21 12:28 - 00000000 ____D C:\Users\Mico\AppData\Roaming\uTorrent
2016-07-04 17:23 - 2015-07-02 22:01 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-04 17:02 - 2012-05-17 19:54 - 00000000 ____D C:\Users\Mico\.rainlendar2
2016-07-04 17:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-04 08:34 - 2014-03-03 13:19 - 00000810 _____ C:\Windows\wininit.ini
2016-07-04 08:21 - 2009-07-14 07:13 - 00782660 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-04 08:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-03 18:05 - 2012-07-03 18:40 - 00000000 ___RD C:\Users\Mico\Desktop\SketchUp 8
2016-07-03 10:31 - 2016-04-27 21:04 - 00001018 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-03 10:31 - 2015-04-11 08:25 - 00001269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-02 22:20 - 2009-07-14 09:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-02 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-07-02 21:45 - 2013-12-11 23:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-02 20:57 - 2015-03-07 23:18 - 00000000 ____D C:\Users\Mico\AppData\Roaming\SketchUp
2016-07-02 20:56 - 2015-03-07 23:13 - 00000000 ____D C:\ProgramData\Reprise
2016-07-02 20:55 - 2015-03-07 23:13 - 00000000 ____D C:\ProgramData\SketchUp
2016-07-02 13:41 - 2014-05-31 21:43 - 00000000 ____D C:\Users\Mico\AppData\Roaming\ViberPC
2016-06-27 08:11 - 2014-05-31 21:47 - 00000000 ____D C:\Users\Mico\Documents\ViberDownloads
2016-06-24 05:55 - 2013-07-11 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-24 05:53 - 2012-06-26 08:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 05:53 - 2012-06-26 08:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-18 21:35 - 2016-04-27 21:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-18 10:01 - 2016-05-19 21:48 - 00084306 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-06-18 08:05 - 2012-05-17 15:56 - 00000000 ____D C:\ProgramData\Skype
2016-06-16 11:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-16 10:18 - 2016-05-19 19:55 - 00001985 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2016-06-16 09:17 - 2014-05-26 15:27 - 00000000 ___RD C:\Users\Mico\Podcasts
2016-06-16 09:14 - 2009-07-14 06:45 - 00790776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-16 09:10 - 2015-04-16 08:07 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-16 08:52 - 2013-08-01 08:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-16 08:47 - 2013-07-20 09:23 - 00000000 ____D C:\Windows\system32\MRT
2016-06-16 08:23 - 2012-05-17 15:39 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 08:12 - 2016-04-27 22:09 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-06-15 08:12 - 2016-04-27 22:09 - 00056472 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-06-15 08:12 - 2016-04-27 22:08 - 00829600 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-06-15 08:12 - 2016-04-27 22:08 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-06-15 08:08 - 2016-04-27 22:05 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-06-15 08:08 - 2016-04-27 22:04 - 00793104 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-06-15 08:08 - 2016-04-27 22:04 - 00626288 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-06-15 08:04 - 2016-04-27 22:00 - 00365752 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-06-15 08:02 - 2016-04-27 21:59 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-06-15 07:58 - 2016-04-27 21:55 - 00296120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-06-15 07:56 - 2016-04-27 21:53 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2016-06-13 19:31 - 2012-05-17 14:23 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-10 07:00 - 2012-05-17 18:00 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2016-06-06 11:29 - 2016-05-20 18:11 - 00306813 _____ C:\Users\Mico\Desktop\Prijava prebivalista.pdf

==================== Files in the root of some directories =======

2013-02-12 18:50 - 2013-02-12 18:55 - 0000092 _____ () C:\Users\Mico\AppData\Roaming\Control System_Settings.ini
2016-05-04 22:49 - 2016-05-04 22:49 - 0000872 _____ () C:\Users\Mico\AppData\Local\recently-used.xbel
2012-10-16 14:04 - 2015-06-14 21:47 - 0007633 _____ () C:\Users\Mico\AppData\Local\Resmon.ResmonCfg
2012-05-17 14:40 - 2012-05-17 14:40 - 0017408 _____ () C:\Users\Mico\AppData\Local\WebpageIcons.db
2015-04-03 04:16 - 2015-04-03 04:16 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-10-28 10:38 - 2015-10-28 10:38 - 0000016 _____ () C:\ProgramData\mntemp
2015-10-28 10:38 - 2015-10-28 10:38 - 0005050 _____ () C:\ProgramData\wmzddnmb.cix

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-27 09:44

==================== End of FRST.txt ============================



Poslao: 06 Jul 2016 19:45
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pozdrav,

Mozes li da dostavis sve Zemana AntiMalware izvestaje sa ove lokacije:

C:\Users\Mico\AppData\Local\Zemana\Zemana AntiMalware\reports



Poslao: 06 Jul 2016 21:08
Idi na vrh
offline
  • Pridružio: 19 Feb 2007
  • Poruke: 1838

[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Poslao: 06 Jul 2016 21:51
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Shortcut: C:\Users\Mico\Desktop\Sweet Home 3D.lnk -> hxxp://www.sweethome3d.com/SweetHome3D.jnlp "C:\Users\Mico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-297232bb"UC:\Users\Mico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4a6dcd0f-239974ef.ico (No File)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [116]
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [124]
AlternateDataStreams: C:\Users\Mico\Desktop\Pravilnik-o-ogranicenjima-i-zabranama.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Desktop\Prijava prebivalista.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\20160701_075441000_iOS.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\AdwCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\AdwCleaner.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\avgas-setup-7.5.1.43.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\avgas-setup-7.5.1.43.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\MyCity.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\PP20160624171515.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\PP20160624171515.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\Racun JKP Infostan Јун 2016. (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\Racun JKP Infostan Јун 2016..pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\SAS_05600.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\SAS_05600.EXE:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\SketchUpPro-en-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\SketchUpPro-en-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\spybot-2.4.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\TABELA+POZIVA+NA+BROJ+ZA+UPLATE+TAKSI.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\WP_20160622_001.jpg:$CmdZnID [26]
RemoveProxy:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac5a-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac67-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac7a-d7d9-11e1-b73d-1c6f655b0ac6} - J:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918facd4-d7d9-11e1-b73d-1c6f655b0ac6} - I:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918face7-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
ShellExecuteHooks-x32:  - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
ManualProxies: 0hxxp://unstops.info/wpad.dat?438033bf9734a127a6bc9478897a903f12374172
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ebankweb.kombank.com/WEB2/Account/Login?ReturnUrl=%2fweb2
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: [Link mogu videti samo ulogovani korisnici]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR HomePage: areraiedchegoghqituty -> mysearch.avg.com/?rvt=1
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S2 shnCldchr.exe; "C:\Program Files (x86)\Przaing\shnCldchr.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]
S3 autorun; \??\C:\huadio.tmp [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 mapmem_dv; \??\C:\mapmem.tmp [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 PID_0928; system32\DRIVERS\LV561V64.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {8F259B31-97F8-4B98-B540-816D7D6A2CAA} - System32\Tasks\Shanot Cloud => C:\Program Files (x86)\Przaing\shnCldphv.exe
C:\Program Files (x86)\Przaing

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Poslao: 07 Jul 2016 06:02
Idi na vrh
offline
  • Pridružio: 19 Feb 2007
  • Poruke: 1838

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Mico (2016-07-07 06:47:01) Run:1
Running from C:\Users\Mico\Desktop
Loaded Profiles: Mico (Available Profiles: Mico)
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
Shortcut: C:\Users\Mico\Desktop\Sweet Home 3D.lnk -> [Link mogu videti samo ulogovani korisnici] "C:\Users\Mico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-297232bb"UC:\Users\Mico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4a6dcd0f-239974ef.ico (No File)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [116]
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [124]
AlternateDataStreams: C:\Users\Mico\Desktop\Pravilnik-o-ogranicenjima-i-zabranama.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Desktop\Prijava prebivalista.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\20160701_075441000_iOS.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\AdwCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\AdwCleaner.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\avgas-setup-7.5.1.43.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\avgas-setup-7.5.1.43.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\MyCity.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\PP20160624171515.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\PP20160624171515.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\Racun JKP Infostan Јун 2016. (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\Racun JKP Infostan Јун 2016..pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\SAS_05600.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\SAS_05600.EXE:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\SketchUpPro-en-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\SketchUpPro-en-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\spybot-2.4.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mico\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\TABELA+POZIVA+NA+BROJ+ZA+UPLATE+TAKSI.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mico\Downloads\WP_20160622_001.jpg:$CmdZnID [26]
RemoveProxy:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac5a-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac67-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918fac7a-d7d9-11e1-b73d-1c6f655b0ac6} - J:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918facd4-d7d9-11e1-b73d-1c6f655b0ac6} - I:\AutoRun.exe
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\MountPoints2: {918face7-d7d9-11e1-b73d-1c6f655b0ac6} - H:\AutoRun.exe
ShellExecuteHooks-x32: - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No File [ ]
ManualProxies: [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: [Link mogu videti samo ulogovani korisnici]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKU\S-1-5-21-1855833522-102534308-2718566630-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR HomePage: areraiedchegoghqituty -> mysearch.avg.com/?rvt=1
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S2 shnCldchr.exe; "C:\Program Files (x86)\Przaing\shnCldchr.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]
S3 autorun; \??\C:\huadio.tmp [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 mapmem_dv; \??\C:\mapmem.tmp [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 PID_0928; system32\DRIVERS\LV561V64.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {8F259B31-97F8-4B98-B540-816D7D6A2CAA} - System32\Tasks\Shanot Cloud => C:\Program Files (x86)\Przaing\shnCldphv.exe
C:\Program Files (x86)\Przaing
*****************

Restore point was successfully created.
Processes closed successfully.
Shortcut: C:\Users\Mico\Desktop\Sweet Home 3D.lnk -> [Link mogu videti samo ulogovani korisnici] "C:\Users\Mico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-297232bb"UC:\Users\Mico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4a6dcd0f-239974ef.ico (No File) => Error: No automatic fix found for this entry.
C:\Windows => ":nlsPreferences" ADS removed successfully.
"C:\Windows\explorer.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\acmigration.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aeinv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appinfo.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appraiser.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\authui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\bcryptprimitives.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\centel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\CompatTelRunner.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\consent.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptbase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dciman32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\devinv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ExplorerFrame.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\fontsub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FwRemoteSvr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\generaltel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gpapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gpprefcl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gpscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gpscript.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gpsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ie4uinit.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwcollector.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwcollectorres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\inseng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\invagent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\IPSECSVC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lpk.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msihnd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msimsg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MsSpellCheckingFacility.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mswsock.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\netbtugc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\occache.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\polstore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rpchttp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sdnclean64.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\shell32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\StructuredQuery.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tzres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\webio.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winhttp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winipsec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ws2_32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\authui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\bcryptprimitives.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\cryptbase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dciman32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\explorer.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ExplorerFrame.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\fontsub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FwRemoteSvr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\gpapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\gpprefcl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\gpscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\gpscript.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\inseng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\lpk.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msihnd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msimsg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mswsock.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\netbtugc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\occache.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\polstore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rpchttp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\shell32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\StructuredQuery.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\tzres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\webio.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\winhttp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\winipsec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ws2_32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb10.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb20.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\netbt.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\srv.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\srv2.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\srvnet.sys" => ":$CmdTcID" ADS not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
C:\ProgramData\TEMP => ":A303874F" ADS removed successfully.
C:\Users\Mico\Desktop\Pravilnik-o-ogranicenjima-i-zabranama.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Mico\Desktop\Prijava prebivalista.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Mico\Downloads\20160701_075441000_iOS.png => ":$CmdZnID" ADS removed successfully.
"C:\Users\Mico\Downloads\AdwCleaner.exe" => ":$CmdTcID" ADS not found.
C:\Users\Mico\Downloads\AdwCleaner.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Mico\Downloads\avgas-setup-7.5.1.43.exe" => ":$CmdTcID" ADS not found.
C:\Users\Mico\Downloads\avgas-setup-7.5.1.43.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Mico\Downloads\FRST64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Mico\Downloads\FRST64.exe" => ":$CmdZnID" ADS not found.
C:\Users\Mico\Downloads\MyCity.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Mico\Downloads\PP20160624171515.pdf" => ":$CmdTcID" ADS not found.
C:\Users\Mico\Downloads\PP20160624171515.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Mico\Downloads\Racun JKP Infostan Јун 2016. (1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Mico\Downloads\Racun JKP Infostan Јун 2016..pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Mico\Downloads\SAS_05600.EXE" => ":$CmdTcID" ADS not found.
C:\Users\Mico\Downloads\SAS_05600.EXE => ":$CmdZnID" ADS removed successfully.
"C:\Users\Mico\Downloads\SketchUpPro-en-x64.exe" => ":$CmdTcID" ADS not found.
C:\Users\Mico\Downloads\SketchUpPro-en-x64.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Mico\Downloads\spybot-2.4.exe" => ":$CmdTcID" ADS not found.
C:\Users\Mico\Downloads\spybot-2.4.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Mico\Downloads\TABELA+POZIVA+NA+BROJ+ZA+UPLATE+TAKSI.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\Mico\Downloads\WP_20160622_001.jpg => ":$CmdZnID" ADS removed successfully.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
"HKU\S-1-5-21-1855833522-102534308-2718566630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{918fac5a-d7d9-11e1-b73d-1c6f655b0ac6}" => key removed successfully
HKCR\CLSID\{918fac5a-d7d9-11e1-b73d-1c6f655b0ac6} => key not found.
"HKU\S-1-5-21-1855833522-102534308-2718566630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{918fac67-d7d9-11e1-b73d-1c6f655b0ac6}" => key removed successfully
HKCR\CLSID\{918fac67-d7d9-11e1-b73d-1c6f655b0ac6} => key not found.
"HKU\S-1-5-21-1855833522-102534308-2718566630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{918fac7a-d7d9-11e1-b73d-1c6f655b0ac6}" => key removed successfully
HKCR\CLSID\{918fac7a-d7d9-11e1-b73d-1c6f655b0ac6} => key not found.
"HKU\S-1-5-21-1855833522-102534308-2718566630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{918facd4-d7d9-11e1-b73d-1c6f655b0ac6}" => key removed successfully
HKCR\CLSID\{918facd4-d7d9-11e1-b73d-1c6f655b0ac6} => key not found.
"HKU\S-1-5-21-1855833522-102534308-2718566630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{918face7-d7d9-11e1-b73d-1c6f655b0ac6}" => key removed successfully
HKCR\CLSID\{918face7-d7d9-11e1-b73d-1c6f655b0ac6} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} => value removed successfully
HKCR\Wow6432Node\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru => value removed successfully
HKU\S-1-5-21-1855833522-102534308-2718566630-1000\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value removed successfully
Chrome HomePage => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
shnCldchr.exe => service removed successfully
Winstep Xtreme Service => service removed successfully
autorun => service removed successfully
dgderdrv => service removed successfully
gdrv => service removed successfully
hwdatacard => service removed successfully
hwusbdev => service removed successfully
LVPr2M64 => service removed successfully
mapmem_dv => service removed successfully
MBAMSwissArmy => service removed successfully
PID_0928 => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F259B31-97F8-4B98-B540-816D7D6A2CAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F259B31-97F8-4B98-B540-816D7D6A2CAA}" => key removed successfully
C:\Windows\System32\Tasks\Shanot Cloud => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shanot Cloud" => key removed successfully
"C:\Program Files (x86)\Przaing" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26072950 B
Java, Flash, Steam htmlcache => 974 B
Windows/system/drivers => 57420 B
Edge => 0 B
Chrome => 8035377 B
Firefox => 375509354 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33186 B
LocalService => 66228 B
NetworkService => 0 B
Mico => 41742311 B

RecycleBin => 268245348 B
EmptyTemp: => 694.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 06:49:40 ====

Poslao: 07 Jul 2016 08:37
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Kakva je sada situacija?

Poslao: 07 Jul 2016 11:41
Idi na vrh
offline
  • Pridružio: 19 Feb 2007
  • Poruke: 1838

Изгледа да је сада све у реду. Непожељне странице се не отварају.
Zemana каже да је рачунар безбједан. Али, SUPERAntiSpyware kaže:

SUPERAntiSpyware Scan Log
[Link mogu videti samo ulogovani korisnici]

Generated 07/07/2016 at 11:19 AM

Application Version : 6.0.1220
Database Version : 12830

Scan type : Complete Scan
Total Scan Time : 01:16:21

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 610
Memory threats detected : 0
Registry items scanned : 67665
Registry threats detected : 0
File items scanned : 44168
File threats detected : 12

Adware.Tracking Cookie
.bidswitch.net\c [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.atdmt.com\ATN [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.2523150420.log.optimizely.com\end_user_id [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.doubleclick.net\id [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.doubleclick.net\IDE [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.googleadservices.com\AID [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.highwebmedia.com\__cfduid [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.angsrvr.com\dspuuid [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.angsrvr.com\uuid [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.angsrvr.com\psyn [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.bidswitch.net\tuuid [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]
.adsymptotic.com\U [ C:\USERS\MICO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ARERAIEDCHEGOGHQITUTY\COOKIES ]

============
End of Log

Poslao: 07 Jul 2016 14:10
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

To ti je samo Cookie i to svaki vebsajt instalira i prikuplja, tako da to mozes da ignorises. Marketinski trik koji koriste SUPERAntiSpyware i HitmanPRO, jer nisu u stanju da detektuju ozbiljnije pretnje vec musterijama prodaju maglu, zato sto Cookie niko ne detektuje, izmedju ostalog ni Zemana ni MalwareBytes.

Citat:Cookies je naziv za podatke koje server, sa odredjenog bloga ili sajta, može da isporuči u memoriju klijenta, tj. u Vaš računar, bez zahteva od strane klijenta, tj od Vaše strane. Svrha Cookies-a je da se olakša naredna poseta klijenta, tj. Vas na istu adresu servera, koju ste već posetili na taj način što su tu sačuvani podaci o pravcima pretrage koju ste obavili. U suštini to su mali tekstualni fajlovi koji pamte Vaše šifre i korisnička imena. Cookies-i su najčešće programirani tako da se nakon izvesnog vremena automatski izbrišu iz Vašeg browsera, ali je veliki broj i onih koje je nemoguće odstraniti standardnim načinima brisanja, tako da svako surfovanje po internetu povećava broj instaliranih cookies-a u memoriju Vašeg računara.

[Link mogu videti samo ulogovani korisnici]

Znaci Cookies niti je nepozeljan, a sa neke strane nije ni pozeljan, to je neka kategorija izmedju, ali trenutno nije masovno koriscena u maliciozne svrhe, pa na to niko ni ne obraca paznju.

Poslao: 07 Jul 2016 14:35
Idi na vrh
offline
  • Pridružio: 19 Feb 2007
  • Poruke: 1838

Кукије углавном бришем помоћу самог брасуера или помоћу CCleanera.
У сваком случају хвала на помоћи.

Poslao: 07 Jul 2016 14:55
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Nema na cemu Smile


Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings

Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.

MyCity » Ambulanta -> Arhiva Ambulante » Nekontrolisano otvaranje reklamnih stranica

Ko je trenutno na forumu
 

Ukupno su 944 korisnika na forumu :: 77 registrovanih, 8 sakrivenih i 859 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 04bokibole, 6aurora9, _stipa_, acov34, AndrejPetar, Areal84, bato_banjaluka, boromir, BUDDAR70, celik, cifra, Cigi, cojapop, darkojbn, darkojovxp, Desmond, Dimitrise93, djboj, Dovla 1980, Emanuel Arsenijevič, Gheljda, Goran_, goranjovic, hyla, icemilos, jalos, janezek67, jarovitt, Kalem, Koča, lacko, ladro, Lazarus, Lester Freamon, Lotus, Magnum_956, MarkoD, Mi lao shu, Mig 29, mikidragi, mile.ilic75, MILJEVINAC, Mineral, minmatar34957, mir, mrav pesadinac, nelezele, nevjerna beba, operniki, Orijen, panzerwaffe, Parker, pceklic, Pero, PO1974, procesor, rebcooil, samo opusteno, septembar, Shadow soldier, Simonsen23, Sky diver 29, starlights, strn, Su 57, tachinni, Tanasko, The Boss, tmanda323, Tribal, troki1971, ujke, Zeljo980, zlatkoa987, zrno, Zvlade, Đurđevdan