Preusmjeravanje pretraživača

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Дешава ми се, доста често, да када у Гуглу укуцам појам, претрагу преузме неки ОZIP или Plusnetwork. На интернету брисање ових претраживача предлажу да се врши из контрол панела, као да су апликације, a тамо их нема.
Пробао сам неке бесплатне програме за брисање малвера (Spyboot - Search & Destroy, Malwerbytes, Windows Malicious Sowtware Removal Tool, Zemana, Hitman Pro, FRST) али безуспјешно.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Miodrag (administrator) on POTOCI (24-01-2017 20:23:49)
Running from D:\Preuzimanja
Loaded Profiles: Miodrag (Available Profiles: Miodrag)
Platform: Windows 10 Pro (X64) Language: engleski (Ujedinjeno Kraljevstvo)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe
(Safer-Networking Ltd. ) C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Upgrade.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\Miodrag\AppData\Local\Temp\is-FL3AA.tmp\Upgrade.tmp
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-22] (AVAST Software)
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\Run: [Viber] => C:\Users\Miodrag\AppData\Local\Viber\Viber.exe [43999824 2017-01-16] (Viber Media S.à r.l.)
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-22] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-298066620-2557946646-2338001329-1001] => http://noblockweb.org/wpad.dat?d2bf57011d06536d86aadf85e043d15723884095
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{f4a54a5d-cb00-4ab7-9c88-7da843e33c61}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP
SearchScopes: HKU\S-1-5-21-298066620-2557946646-2338001329-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CE7C1FDE-23E2-4085-BBD3-375FF25B00D8}&mid=dfacb01e455b47cdb8799128c0d041cd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2015-09-24 20:55:26&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-07-06] (AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-298066620-2557946646-2338001329-1001 -> hxxps://ebankweb.kombank.com/WEB2/Account/Login?ReturnUrl=%2fweb2

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-298066620-2557946646-2338001329-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.sr/
CHR StartupUrls: Default -> "hxxps://www.google.rs/"
CHR Profile: C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-24]
CHR Extension: (Google документи) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-24]
CHR Extension: (Google диск) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-24]
CHR Extension: (YouTube) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-24]
CHR Extension: (Google табеле) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-24]
CHR Extension: (Google документи офлајн) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-24]
CHR Extension: (Slinky Classic) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjhlpgahgkpncekpdkgfoeppikldble [2017-01-24]
CHR Extension: (Google цртежи) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-01-24]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-24]
CHR Extension: (Gmail) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-22] (AVAST Software)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
U3 MessagingService_215a210; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_247d47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 MessagingService_2aa2f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_2aa2f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_63c249; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_6c2fb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_71fc3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b9742; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_215a210; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_247d47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S2 OneSyncSvc_2aa2f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S2 OneSyncSvc_2aa2f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_63c249; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_6c2fb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_71fc3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b9742; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_215a210; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_247d47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_2aa2f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_2aa2f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_63c249; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_6c2fb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_71fc3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b9742; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-07-01] (Microsoft Corporation)
U3 UnistoreSvc_215a210; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_247d47; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 UnistoreSvc_2aa2f; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UnistoreSvc_2aa2f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_63c249; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_6c2fb; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_71fc3; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b9742; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_215a210; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_247d47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_2aa2f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_2aa2f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_63c249; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_6c2fb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_71fc3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b9742; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-07-06] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-22] (AVAST Software)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2017-01-20] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-01-22] ()
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
R3 LifeCamTrueColor; C:\Windows\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-22] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-22] (Malwarebytes)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 20:24 - 2017-01-24 20:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-24 20:15 - 2017-01-24 20:15 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-24 20:15 - 2017-01-24 18:14 - 00000112 _____ C:\Quarantine.lst
2017-01-24 20:14 - 2017-01-24 19:57 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170124-201451.backup
2017-01-24 19:57 - 2013-08-22 14:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170124-195714.backup
2017-01-24 16:19 - 2017-01-24 16:19 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-24 15:51 - 2017-01-24 15:51 - 00000000 ____D C:\Users\Miodrag\Documents\ProcAlyzer Dumps
2017-01-24 12:46 - 2017-01-24 12:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-24 09:47 - 2017-01-24 09:47 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-24 09:46 - 2017-01-24 09:46 - 01065376 _____ (Google Inc.) C:\Users\Miodrag\Downloads\ChromeSetup.exe
2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Viber
2017-01-22 20:27 - 2017-01-23 10:27 - 00004002 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1485113258
2017-01-22 20:27 - 2017-01-23 10:27 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-22 20:27 - 2017-01-22 20:27 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-01-22 20:27 - 2017-01-22 20:27 - 00001088 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-01-22 20:24 - 2017-01-22 20:24 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-22 20:24 - 2017-01-22 20:24 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2017-01-22 20:24 - 2017-01-22 20:24 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-22 20:24 - 2017-01-22 20:24 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-01-22 20:24 - 2017-01-22 20:24 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-22 20:24 - 2017-01-22 20:24 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\AVAST Software
2017-01-22 20:22 - 2017-01-22 20:27 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-22 20:20 - 2017-01-24 20:22 - 00009780 _____ C:\WINDOWS\PFRO.log
2017-01-22 20:03 - 2017-01-22 20:27 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-22 19:41 - 2017-01-22 19:41 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-01-22 19:41 - 2017-01-22 19:41 - 00000000 ____D C:\Program Files\VS Revo Group
2017-01-22 19:29 - 2017-01-22 19:29 - 00001322 _____ C:\WINDOWS\system32\.crusader
2017-01-22 19:19 - 2017-01-22 19:19 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\06612FBD.sys
2017-01-22 19:17 - 2017-01-22 19:32 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-01-22 19:16 - 2017-01-22 19:30 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-22 18:34 - 2017-01-22 19:19 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-22 18:34 - 2017-01-22 18:34 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 12:49 - 2017-01-24 20:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2017-01-21 11:08 - 2017-01-21 11:27 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-21 10:07 - 2017-01-21 10:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 09:47 - 2017-01-21 12:06 - 00000000 ____D C:\AdwCleaner
2017-01-21 09:09 - 2017-01-21 12:06 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-21 09:09 - 2017-01-21 09:09 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Zemana
2017-01-20 16:08 - 2017-01-24 20:23 - 00000000 ____D C:\FRST
2017-01-20 15:55 - 2017-01-20 15:59 - 00000433 _____ C:\DelFix.txt
2017-01-20 12:55 - 2017-01-20 12:55 - 00000000 ____D C:\Users\Miodrag\AppData\Local\CrashRpt
2017-01-20 12:13 - 2017-01-20 12:13 - 00000000 _____ C:\autoexec.bat
2017-01-20 12:11 - 2017-01-21 12:06 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-01-20 12:11 - 2017-01-20 12:11 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2017-01-19 19:32 - 2017-01-19 19:32 - 00000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2017-01-19 19:32 - 2017-01-19 19:32 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2017-01-19 19:31 - 2017-01-20 10:59 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\DVDVideoSoft
2017-01-19 18:43 - 2017-01-19 18:46 - 00003584 _____ C:\Users\Miodrag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-19 18:30 - 2017-01-19 18:30 - 00000000 ____D C:\Users\Miodrag\.MCTranscodingSDK
2017-01-19 18:28 - 2017-01-19 18:41 - 00000000 ____D C:\Users\Public\Documents\Lightworks
2017-01-19 18:28 - 2017-01-19 18:28 - 00000000 ____D C:\ProgramData\Geevs
2017-01-19 18:27 - 2017-01-19 18:27 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-19 17:59 - 2017-01-19 17:59 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\WMM
2017-01-19 17:58 - 2017-01-19 17:58 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-01-19 17:58 - 2017-01-19 17:58 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-01-19 17:58 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-01-19 17:58 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-01-19 17:58 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-01-19 17:58 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-01-19 17:58 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-01-19 17:58 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-01-19 17:58 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-01-19 17:58 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-01-18 15:31 - 2017-01-18 15:31 - 00000719 _____ C:\Users\Miodrag\Desktop\Svašta.lnk
2017-01-17 18:40 - 2017-01-17 18:39 - 00002942 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2017-01-17 18:39 - 2017-01-17 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2017-01-17 18:39 - 2017-01-17 18:39 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-01-17 18:39 - 2017-01-17 18:39 - 00000000 ____D C:\Program Files\Common Files\Protexis
2017-01-17 18:38 - 2017-01-17 18:40 - 00000000 ____D C:\ProgramData\Corel
2017-01-17 18:38 - 2017-01-17 18:38 - 00000000 ____D C:\Program Files\Corel
2017-01-17 18:35 - 2017-01-17 18:42 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2017-01-17 16:04 - 2017-01-17 16:04 - 00000000 ____D C:\ProgramData\UniqueId
2017-01-17 14:34 - 2017-01-17 18:43 - 00000000 ____D C:\Users\Miodrag\Documents\Corel
2017-01-17 14:34 - 2017-01-17 14:34 - 00000000 ____D C:\Users\Miodrag\Documents\My Palettes
2017-01-17 14:33 - 2017-01-17 18:42 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\Corel
2017-01-17 14:33 - 2017-01-17 18:42 - 00000000 ____D C:\ProgramData\Protexis64
2017-01-17 14:23 - 2017-01-17 18:34 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2017-01-17 12:16 - 2017-01-21 12:06 - 00000000 ____D C:\ProgramData\Avg_Update_0117ch
2017-01-13 12:05 - 2017-01-13 12:05 - 00000763 _____ C:\Users\Miodrag\Desktop\Knjigovodstvo.lnk
2017-01-12 10:57 - 2016-12-21 10:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 10:57 - 2016-12-21 10:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-12 10:57 - 2016-12-21 09:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-12 10:57 - 2016-12-21 08:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-12 10:57 - 2016-12-21 07:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-12 10:57 - 2016-12-21 06:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-12 10:57 - 2016-12-21 06:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 10:57 - 2016-12-21 06:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 10:57 - 2016-12-21 06:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-12 10:57 - 2016-12-21 06:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 10:57 - 2016-12-21 05:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 10:57 - 2016-10-25 07:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 20:22 - 2015-11-27 05:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 20:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\sru
2017-01-24 20:17 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-01-24 19:59 - 2013-06-08 22:18 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\Skype
2017-01-24 19:24 - 2013-06-08 22:03 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-24 16:23 - 2016-02-12 15:47 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Deployment
2017-01-24 15:52 - 2015-12-03 21:32 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{12391B02-AD29-48A2-9A15-C6F0EAC99906}
2017-01-24 12:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-24 11:59 - 2014-10-25 18:50 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\ViberPC
2017-01-24 09:47 - 2013-06-08 18:42 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-24 09:47 - 2013-06-08 18:41 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Google
2017-01-22 20:20 - 2015-08-04 13:24 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Avg
2017-01-22 20:20 - 2015-08-01 17:10 - 00000000 ____D C:\ProgramData\MFAData
2017-01-22 20:13 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-22 20:13 - 2015-08-01 17:14 - 00000000 ___HD C:\$AVG
2017-01-22 20:10 - 2016-12-08 18:19 - 00000000 ____D C:\Users\Miodrag\AppData\Local\AvgSetupLog
2017-01-22 19:46 - 2016-11-10 20:31 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-22 19:30 - 2015-11-27 05:06 - 00000000 ____D C:\Users\Miodrag
2017-01-22 18:48 - 2015-10-30 08:18 - 00001590 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2017-01-21 20:14 - 2013-06-08 15:31 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Packages
2017-01-21 12:06 - 2016-02-06 12:24 - 00000000 ____D C:\Users\Public\Documents\iWin
2017-01-21 12:06 - 2016-01-30 18:27 - 00000000 ____D C:\ProgramData\Avg_Update_0116tb
2017-01-21 12:06 - 2016-01-29 13:19 - 00000000 ____D C:\ProgramData\Avg_Update_0116avt
2017-01-21 12:06 - 2015-12-04 19:36 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2017-01-21 12:06 - 2015-12-03 20:12 - 00000000 ____D C:\ProgramData\Avg_Update_1215avt
2017-01-21 12:06 - 2015-11-01 13:30 - 00000000 ____D C:\ProgramData\Avg_Update_1015avt
2017-01-21 12:06 - 2015-09-24 19:55 - 00000000 ____D C:\ProgramData\AVG Secure Search
2017-01-21 12:06 - 2015-09-24 19:55 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2017-01-21 12:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\registration
2017-01-21 11:28 - 2014-01-13 21:49 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\uTorrent
2017-01-21 11:11 - 2013-06-08 22:18 - 00000000 ____D C:\ProgramData\Skype
2017-01-21 11:08 - 2015-11-27 05:00 - 00434472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-20 15:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-20 12:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\restore
2017-01-19 19:46 - 2013-07-22 11:53 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\vlc
2017-01-19 18:28 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-17 09:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2017-01-17 03:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 11:12 - 2013-07-25 02:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-12 11:09 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories =======

2017-01-19 18:43 - 2017-01-19 18:46 - 0003584 _____ () C:\Users\Miodrag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 10:00 - 2014-10-26 10:00 - 0000017 _____ () C:\Users\Miodrag\AppData\Local\resmon.resmoncfg
2016-12-11 18:30 - 2016-12-12 08:50 - 0001484 _____ () C:\ProgramData\aaron_desu.log

Some files in TEMP:
====================
C:\Users\Miodrag\AppData\Local\Temp\ERUNT.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-01-17 09:30

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Miodrag (2017-01-24 20:25:49)
Running from D:\Preuzimanja
Windows 10 Pro (X64) (2015-11-27 04:26:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-298066620-2557946646-2338001329-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-298066620-2557946646-2338001329-503 - Limited - Disabled)
Guest (S-1-5-21-298066620-2557946646-2338001329-501 - Limited - Disabled)
Miodrag (S-1-5-21-298066620-2557946646-2338001329-1001 - Administrator - Enabled) => C:\Users\Miodrag

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1332, 21.12.2013 - AIMP DevTeam)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2013 alatke za proveru - srpski (HKLM\...\{90150000-001F-081A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2013 алатке за проверу - српски (HKLM\...\{90150000-001F-0C1A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SoftOrbits Photo Retoucher 3.2 (HKLM-x32\...\SoftOrbits Photo Retoucher_is1) (Version: 3.2 - SoftOrbits)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-081A-1000-0000000FF1CE}_Office15.PROPLUSR_{3E05E340-C4FE-472F-878A-A19032283E05}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-012B-081A-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
Viber (HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
YuConv.Excel (HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\B1DEC35CE54CF8DA4064981161FE59E224C87AC5) (Version: 3.0.0.4 - Microsoft)
YuConvNet (HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\99AD196C5115AADE84A873E703F83D70818E597D) (Version: 4.2.0.1 - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-298066620-2557946646-2338001329-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Miodrag\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

20-01-2017 15:58:23 End of disinfection
21-01-2017 19:31:13 Revo Uninstaller's restore point - 1 Moment of Time - Silentville
22-01-2017 20:09:35 Revo Uninstaller's restore point - AVG
22-01-2017 20:11:16 Revo Uninstaller's restore point - AVG Protection
22-01-2017 20:12:14 Removed AVG
22-01-2017 20:14:25 Removed AVG 2016
24-01-2017 09:40:32 Revo Uninstaller's restore point - Google Chrome
24-01-2017 09:41:58 Revo Uninstaller's restore point - Google Chrome
24-01-2017 20:09:16 Revo Uninstaller's restore point - MCShield ::Anti-Malware Tool::
24-01-2017 20:11:48 Revo Uninstaller's restore point - Spybot - Search & Destroy

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-01-24 20:14 - 00000938 ____R C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0729424D-080C-4154-A888-C8522C2120B9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0BFFF53A-E38A-47FE-B4CF-E6656EB86C0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {181EF958-CF2C-45C1-BFE2-0048458E3EFC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {1C0542FD-2865-48D2-AC5B-396745761212} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {21054F46-AD10-48EE-8680-D5FF567E0DD4} - \Open Chrome -> No File <==== ATTENTION
Task: {2300B6D1-D409-499E-92DF-030662B73A6B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {33046BDC-2974-457F-A198-055760713D46} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {3627755F-6629-4D94-850A-FBE43D28BEB8} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {4208A7BF-D622-476E-A1A3-F9EB2719ECD4} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2015-12-07] (Microsoft Corporation)
Task: {44E294A5-3D78-4F47-838D-50046B8EB690} - System32\Tasks\{6905AC13-D152-4D30-95C3-730C6CB1504A} => pcalua.exe -a D:\Preuzimanja\squareoff.exe -d D:\Preuzimanja
Task: {45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {4A944005-EAD7-4E3D-A0CB-E36A03948234} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {4CCC6300-E721-4B27-B00F-75C1F981D91E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {4E3CB8C2-8A0C-4570-A32E-7319C6E8E432} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {4F8F4898-4C27-4E50-BFEF-D9BA9A67E1B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {54680CBF-D46E-426A-A183-03622F6CDF5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {55D06336-2C7D-4EE7-9A1A-B0EAC4058BBA} - System32\Tasks\{685AC653-6803-47F9-A641-1C52D9325F49} => pcalua.exe -a "C:\Program Files (x86)\MyRealGames.com\Dream Day Honeymoon\game.exe" -d "C:\Program Files (x86)\MyRealGames.com\Dream Day Honeymoon"
Task: {5FD67A48-4DCE-42F8-98A7-1EECCA8464CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {697E18DD-943C-470A-B9E3-6E5DDCB42D05} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {6B696BCF-C866-41CA-B4E4-3D19FB1E9250} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\SpaceMan.exe [2015-10-30] (Microsoft Corporation)
Task: {6BF17FC7-C5ED-4C3B-945C-C60FDBA96921} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6CB5BDE7-8E00-4561-B528-CC47305E9DF1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {726D27F7-D8EC-48BD-B394-AE69E939EAE5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7832283B-C7B2-4AE4-BC7A-03DF1C432734} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-22] (AVAST Software)
Task: {7AE1BCAC-061D-4672-BACB-88BC74CE1D7A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-05] (Microsoft Corporation)
Task: {824CDD02-4860-4E04-970A-F3ADB0340D1C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {83EDD0E4-F03E-4CD3-943A-483876C842B6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {860F596C-A1D8-4651-B747-D134041D80AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense => Rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
Task: {88BDC4B2-2CD5-4569-8B0B-FFE593ABBD8C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {90D79106-3D12-40AF-A9BA-231F2327770C} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2015-10-30] (Microsoft Corporation)
Task: {A2F60C0E-F0DF-40F9-BA26-A6EDBB8F718B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A483A62A-BEE2-43EF-B43D-C4B6555D6F1E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {B4BFC4D1-5E44-43BA-928D-C26092AECFA6} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {B81C0671-B6AD-4AEB-9BA8-3A34C6C2A752} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C41AFEB6-9073-403E-A0FA-9D7FE24CA04C} - \AutoKMS -> No File <==== ATTENTION
Task: {C881A742-1A15-4EAC-96B9-9C6EA38AC7FA} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {CA4BE44E-107E-4B2D-91AF-FC3B077B02FC} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-05] (Microsoft Corporation)
Task: {CFCC0B2C-6AD9-40AF-9C92-6BF29543F4CD} - System32\Tasks\SafeZone scheduled Autoupdate 1485113258 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {E03596C8-B2A4-4553-B379-B678F0EBCA95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {E1262811-179F-40C3-9D93-6D7161668009} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F0CB188D-6C51-4577-A00F-2F395CA25213} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {F120A436-C215-4927-87AA-934387AF5782} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-27 05:04 - 2016-11-14 12:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-04 18:50 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-04 18:50 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-30 15:21 - 2016-04-30 15:21 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-21 13:18 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-11-04 21:43 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-12-04 18:50 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-12-04 18:50 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-04 18:50 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-12-04 18:50 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-22 20:24 - 2017-01-22 20:24 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-24 19:20 - 2017-01-24 19:20 - 04458584 _____ () C:\Program Files\AVAST Software\Avast\defs\17012405\algo.dll
2017-01-22 20:24 - 2017-01-22 20:24 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-30 15:21 - 2016-04-30 15:21 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-30 15:21 - 2016-04-30 15:21 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-30 15:21 - 2016-04-30 15:21 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-04-30 15:21 - 2016-04-30 15:21 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-04-30 15:21 - 2016-04-30 15:21 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2017-01-22 20:24 - 2017-01-22 20:24 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\CCleaner:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files\Tracker Software:Win32App_1
AlternateDataStreams: C:\Program Files\WinZip:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Photo Retoucher:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Windows Live SkyDrive:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\ProgramData\Avg:Win32App_1
AlternateDataStreams: C:\ProgramData\AVG2015:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\Miodrag\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-298066620-2557946646-2338001329-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Miodrag\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{0cde3b8a-438c-4dbe-ba3a-af4ab12fd8ba}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AVG_UI"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\StartupApproved\Run: => "Viber"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1734C450-ED76-44B4-B0A2-38A48F83507D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{077A2F74-EF45-4930-AFEA-C8C76746A567}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A8524DBE-B1EA-4AB3-BA50-E11E18C7173F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{55F6BBEB-EF66-4B29-8C51-E7B8CFD47AAC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9E8A2774-FE61-4B9F-8F4C-4C5B4B41BB7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{688038C4-DB52-4499-97F2-EF52CF416F40}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{30F03405-06AF-4442-9976-07505DD18903}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{22DE16C6-09F6-42D9-836F-7B09831A7DA3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{03209443-D4E9-4047-A62C-B6F911A1D34C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{70D8E910-4294-4702-B0B9-7AB08C1649D4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{43E052F6-D47E-4372-9754-BA7F4789DA5E}] => (Allow) svchost.exe
FirewallRules: [{EA773B17-CBD7-453D-B79A-465C735250E7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5154FB12-759A-4625-AF2F-7FC761052A0C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{D92F18C0-76EF-452A-AF81-AD1F6CBB35AA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{BB84AD3E-6A98-4E69-B1F2-9EA2A574F382}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{40608088-E63C-4575-99E8-8FC761571D68}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{301D9B31-1205-45E9-A405-10D9FE63AF21}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{C1E43302-9E31-4044-9B72-33D24D16FF55}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{9249DAC2-3DBF-4B85-BCB8-27E9BA2632D6}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{8CA46E36-BA56-4AE6-A654-052ABCD76DDA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{13C07D9E-64DF-4E7F-9283-8AF5DF965814}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{E37863D9-B6A9-4E13-8645-8ED54D885F65}] => (Allow) C:\Users\Miodrag\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39818519-779A-43C7-8A68-50443DD86139}] => (Allow) C:\Users\Miodrag\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{908516B1-C079-4249-B8F6-80AD635EA09F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Coprocessor
Description: Coprocessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2017 08:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ime aplikacije koja je dovela do greške: SkypeHost.exe, verzija: 10.1.2123.36, vremenska oznaka: 0x56eb679c
ime modula koji je doveo do greške: combase.dll, verzija: 10.0.10586.672, vremenska oznaka: 0x580ee6d6
kôd izuzetka: 0xc000027b
pomak greške: 0x00166e91
ID procesa koji je doveo do greške: 0xe4c
vreme početka aplikacije koja je dovela do greške: 0xSkypeHost.exe0
putanja aplikacije koja je dovela do greške: SkypeHost.exe1
putanja modula koji je doveo do greške: SkypeHost.exe2
ID izveštaja: SkypeHost.exe3
puno ime paketa koji je doveo do greške: SkypeHost.exe4
ID aplikacije povezane sa paketom koji je doveo do greške: SkypeHost.exe5

Error: (01/24/2017 08:11:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Usluge šifrovanja nisu uspele u obradi OnIdentity() poziva u objektu „Upisivač u sistem“.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/24/2017 08:09:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Usluge šifrovanja nisu uspele u obradi OnIdentity() poziva u objektu „Upisivač u sistem“.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/24/2017 08:09:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {885dda44-fbf6-44b3-84d7-01505726f3ff}

Error: (01/24/2017 08:07:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ime aplikacije koja je dovela do greške: SkypeHost.exe, verzija: 10.1.2123.36, vremenska oznaka: 0x56eb679c
ime modula koji je doveo do greške: combase.dll, verzija: 10.0.10586.672, vremenska oznaka: 0x580ee6d6
kôd izuzetka: 0xc000027b
pomak greške: 0x00166e91
ID procesa koji je doveo do greške: 0x15e0
vreme početka aplikacije koja je dovela do greške: 0xSkypeHost.exe0
putanja aplikacije koja je dovela do greške: SkypeHost.exe1
putanja modula koji je doveo do greške: SkypeHost.exe2
ID izveštaja: SkypeHost.exe3
puno ime paketa koji je doveo do greške: SkypeHost.exe4
ID aplikacije povezane sa paketom koji je doveo do greške: SkypeHost.exe5

Error: (01/24/2017 07:56:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ime aplikacije koja je dovela do greške: SkypeHost.exe, verzija: 10.1.2123.36, vremenska oznaka: 0x56eb679c
ime modula koji je doveo do greške: combase.dll, verzija: 10.0.10586.672, vremenska oznaka: 0x580ee6d6
kôd izuzetka: 0xc000027b
pomak greške: 0x00166e91
ID procesa koji je doveo do greške: 0xe14
vreme početka aplikacije koja je dovela do greške: 0xSkypeHost.exe0
putanja aplikacije koja je dovela do greške: SkypeHost.exe1
putanja modula koji je doveo do greške: SkypeHost.exe2
ID izveštaja: SkypeHost.exe3
puno ime paketa koji je doveo do greške: SkypeHost.exe4
ID aplikacije povezane sa paketom koji je doveo do greške: SkypeHost.exe5

Error: (01/24/2017 07:49:03 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (01/24/2017 07:49:02 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (01/24/2017 07:49:02 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (01/24/2017 07:49:02 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.


System errors:
=============
Error: (01/24/2017 08:25:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/24/2017 08:25:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje usluge „NVIDIA Update Service Daemon“ nije uspelo zbog sledeće greške:
%%1069

Error: (01/24/2017 08:25:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Usluga „nvUpdatusService“ nije mogla da se prijavi kao .\UpdatusUser pomoću trenutno konfigurisane lozinke zbog sledeće greške:
%%1326

Da biste se uverili da je usluga ispravno konfigurisana, koristite proširenje konzole „Usluge“ u Microsoft konzoli za upravljanje (MMC).

Error: (01/24/2017 08:22:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje usluge „avgsvc“ nije uspelo zbog sledeće greške:
%%2

Error: (01/24/2017 08:16:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usluga „User Data Access_2a1f8“ se neočekivano prekinula. To se dogodilo 2 puta. Za 10000 milisekundi biće izvršena sledeća korekcija: Restart the service.

Error: (01/24/2017 08:16:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usluga „User Data Storage_2a1f8“ se neočekivano prekinula. To se dogodilo 2 puta. Za 10000 milisekundi biće izvršena sledeća korekcija: Restart the service.

Error: (01/24/2017 08:16:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usluga „Contact Data_2a1f8“ se neočekivano prekinula. To se dogodilo 2 puta. Za 10000 milisekundi biće izvršena sledeća korekcija: Restart the service.

Error: (01/24/2017 08:16:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usluga „Sync Host_2a1f8“ se neočekivano prekinula. To se dogodilo 2 puta. Za 10000 milisekundi biće izvršena sledeća korekcija: Restart the service.

Error: (01/24/2017 08:15:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Upravljač kontrole usluga je pokušao da izvrši korekciju (Restart the service) nakon neočekivanog prekida usluge User Data Storage_2a1f8, ali ova korekcija nije uspela uz sledeću grešku:
%%1056

Error: (01/24/2017 08:15:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usluga „User Data Access_2a1f8“ se neočekivano prekinula. To se dogodilo 1 puta. Za 10000 milisekundi biće izvršena sledeća korekcija: Restart the service.


CodeIntegrity:
===================================
Date: 2017-01-22 20:09:26.512
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.395
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.344
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.161
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.124
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 20:09:26.071
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 3839.23 MB
Available physical RAM: 2476.11 MB
Total Virtual: 4479.23 MB
Available Virtual: 3231.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.36 GB) (Free:9.49 GB) NTFS
Drive d: (Data) (Fixed) (Total:513.06 GB) (Free:487.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2131E92C)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=513.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

AutoConfigURL: [S-1-5-21-298066620-2557946646-2338001329-1001] => http://noblockweb.org/wpad.dat?d2bf57011d06536d86aadf85e043d15723884095
File:C:\Users\Miodrag\AppData\Local\Temp\is-FL3AA.tmp\Upgrade.tmp


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Miodrag (2017-01-25 13:46:06) Run:1
Running from D:\Preuzimanja
Loaded Profiles: Miodrag (Available Profiles: Miodrag)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AutoConfigURL: [S-1-5-21-298066620-2557946646-2338001329-1001] => http://noblockweb.org/wpad.dat?d2bf57011d06536d86aadf85e043d15723884095
File:C:\Users\Miodrag\AppData\Local\Temp\is-FL3AA.tmp\Upgrade.tmp
*****************

HKU\S-1-5-21-298066620-2557946646-2338001329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully

========================= File:C:\Users\Miodrag\AppData\Local\Temp\is-FL3AA.tmp\Upgrade.tmp ========================

"C:\Users\Miodrag\AppData\Local\Temp\is-FL3AA.tmp\Upgrade.tmp" => not found.
====== End of File: ======


==== End of Fixlog 13:46:06 ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?





Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 25 Jan 2017 17:28

За сада није ријешен проблем. Идем даље.

Dopuna: 25 Jan 2017 18:10

https://www.mycity.rs/must-login.png

Dopuna: 25 Jan 2017 18:20

Преусмјеравање и даље постоји.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi mi nove FRST izvještaje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

https://www.mycity.rs/must-login.png
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Miodrag (administrator) on POTOCI (25-01-2017 20:47:10)
Running from D:\Preuzimanja
Loaded Profiles: Miodrag (Available Profiles: Miodrag)
Platform: Windows 10 Pro (X64) Language: engleski (Ujedinjeno Kraljevstvo)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-22] (AVAST Software)
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\Run: [Viber] => C:\Users\Miodrag\AppData\Local\Viber\Viber.exe [43999824 2017-01-16] (Viber Media S.à r.l.)
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-22] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{f4a54a5d-cb00-4ab7-9c88-7da843e33c61}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-298066620-2557946646-2338001329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP
SearchScopes: HKU\S-1-5-21-298066620-2557946646-2338001329-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CE7C1FDE-23E2-4085-BBD3-375FF25B00D8}&mid=dfacb01e455b47cdb8799128c0d041cd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2015-09-24 20:55:26&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-07-06] (AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-298066620-2557946646-2338001329-1001 -> hxxps://ebankweb.kombank.com/WEB2/Account/Login?ReturnUrl=%2fweb2

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-298066620-2557946646-2338001329-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.sr/
CHR StartupUrls: Default -> "hxxps://www.google.rs/"
CHR Profile: C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-24]
CHR Extension: (Google документи) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-24]
CHR Extension: (Google диск) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-24]
CHR Extension: (YouTube) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-24]
CHR Extension: (Google табеле) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-24]
CHR Extension: (Google документи офлајн) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-24]
CHR Extension: (Slinky Classic) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjhlpgahgkpncekpdkgfoeppikldble [2017-01-24]
CHR Extension: (Google цртежи) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-01-24]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-24]
CHR Extension: (Gmail) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\Miodrag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-22] (AVAST Software)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
U3 MessagingService_215a210; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_247d47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 MessagingService_2d386; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_2d386; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_63c249; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_6c2fb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_71fc3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b9742; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_215a210; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_247d47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_2d386; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_2d386; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_63c249; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_6c2fb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_71fc3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b9742; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_215a210; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_247d47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_2d386; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_2d386; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_63c249; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_6c2fb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_71fc3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b9742; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-07-01] (Microsoft Corporation)
U3 UnistoreSvc_215a210; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_247d47; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_2d386; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_2d386; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_63c249; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_6c2fb; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_71fc3; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b9742; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_215a210; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_215a210; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_247d47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_247d47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_2d386; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_2d386; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_63c249; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_63c249; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_6c2fb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_6c2fb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_71fc3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_71fc3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b9742; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b9742; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-07-06] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-22] (AVAST Software)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-01-22] ()
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
R3 LifeCamTrueColor; C:\Windows\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-25 18:08 - 2017-01-25 18:08 - 00003741 _____ C:\Users\Miodrag\Desktop\mbam.txt
2017-01-25 17:29 - 2017-01-25 19:44 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-25 17:28 - 2017-01-25 19:43 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-25 17:28 - 2017-01-25 19:43 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-25 17:28 - 2017-01-25 17:28 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-25 17:28 - 2017-01-25 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-25 17:28 - 2017-01-25 17:28 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-25 17:28 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-25 12:22 - 2017-01-25 12:22 - 00044032 _____ C:\Users\Miodrag\Downloads\RetSavingsTransactions20170125122243.xls
2017-01-24 20:15 - 2017-01-25 19:49 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-24 20:15 - 2017-01-24 18:14 - 00000112 _____ C:\Quarantine.lst
2017-01-24 20:14 - 2017-01-24 19:57 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170124-201451.backup
2017-01-24 19:57 - 2013-08-22 14:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170124-195714.backup
2017-01-24 16:19 - 2017-01-24 16:19 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-24 15:51 - 2017-01-24 15:51 - 00000000 ____D C:\Users\Miodrag\Documents\ProcAlyzer Dumps
2017-01-24 12:46 - 2017-01-24 12:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-24 09:47 - 2017-01-24 09:47 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-24 09:46 - 2017-01-24 09:46 - 01065376 _____ (Google Inc.) C:\Users\Miodrag\Downloads\ChromeSetup.exe
2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Viber
2017-01-22 20:27 - 2017-01-23 10:27 - 00004002 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1485113258
2017-01-22 20:27 - 2017-01-23 10:27 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-22 20:27 - 2017-01-22 20:27 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-01-22 20:27 - 2017-01-22 20:27 - 00001088 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-01-22 20:24 - 2017-01-22 20:24 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-22 20:24 - 2017-01-22 20:24 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2017-01-22 20:24 - 2017-01-22 20:24 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-01-22 20:24 - 2017-01-22 20:24 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-22 20:24 - 2017-01-22 20:24 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-01-22 20:24 - 2017-01-22 20:24 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-22 20:24 - 2017-01-22 20:24 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\AVAST Software
2017-01-22 20:22 - 2017-01-22 20:27 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-22 20:20 - 2017-01-24 20:22 - 00009780 _____ C:\WINDOWS\PFRO.log
2017-01-22 20:03 - 2017-01-22 20:27 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-22 19:41 - 2017-01-22 19:41 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-01-22 19:41 - 2017-01-22 19:41 - 00000000 ____D C:\Program Files\VS Revo Group
2017-01-22 19:29 - 2017-01-22 19:29 - 00001322 _____ C:\WINDOWS\system32\.crusader
2017-01-22 19:19 - 2017-01-22 19:19 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\06612FBD.sys
2017-01-22 19:17 - 2017-01-22 19:32 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-01-22 19:16 - 2017-01-22 19:30 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-22 18:34 - 2017-01-25 19:43 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-22 18:34 - 2017-01-25 19:43 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-21 12:49 - 2017-01-25 19:43 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2017-01-21 11:08 - 2017-01-21 11:27 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-21 10:07 - 2017-01-21 10:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 09:47 - 2017-01-21 12:06 - 00000000 ____D C:\AdwCleaner
2017-01-21 09:09 - 2017-01-21 12:06 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-21 09:09 - 2017-01-21 09:09 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Zemana
2017-01-20 16:08 - 2017-01-25 20:47 - 00000000 ____D C:\FRST
2017-01-20 15:55 - 2017-01-20 15:59 - 00000433 _____ C:\DelFix.txt
2017-01-20 12:55 - 2017-01-20 12:55 - 00000000 ____D C:\Users\Miodrag\AppData\Local\CrashRpt
2017-01-20 12:13 - 2017-01-20 12:13 - 00000000 _____ C:\autoexec.bat
2017-01-20 12:11 - 2017-01-25 18:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-01-19 19:32 - 2017-01-19 19:32 - 00000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2017-01-19 19:32 - 2017-01-19 19:32 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2017-01-19 19:31 - 2017-01-20 10:59 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\DVDVideoSoft
2017-01-19 18:43 - 2017-01-19 18:46 - 00003584 _____ C:\Users\Miodrag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-19 18:30 - 2017-01-19 18:30 - 00000000 ____D C:\Users\Miodrag\.MCTranscodingSDK
2017-01-19 18:28 - 2017-01-19 18:41 - 00000000 ____D C:\Users\Public\Documents\Lightworks
2017-01-19 18:28 - 2017-01-19 18:28 - 00000000 ____D C:\ProgramData\Geevs
2017-01-19 18:27 - 2017-01-19 18:27 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-19 17:59 - 2017-01-19 17:59 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\WMM
2017-01-19 17:58 - 2017-01-19 17:58 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-01-19 17:58 - 2017-01-19 17:58 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-01-19 17:58 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-01-19 17:58 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-01-19 17:58 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-01-19 17:58 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-01-19 17:58 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-01-19 17:58 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-01-19 17:58 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-01-19 17:58 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-01-18 15:31 - 2017-01-18 15:31 - 00000719 _____ C:\Users\Miodrag\Desktop\Svašta.lnk
2017-01-17 18:40 - 2017-01-17 18:39 - 00002942 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2017-01-17 18:39 - 2017-01-17 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2017-01-17 18:39 - 2017-01-17 18:39 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-01-17 18:39 - 2017-01-17 18:39 - 00000000 ____D C:\Program Files\Common Files\Protexis
2017-01-17 18:38 - 2017-01-17 18:40 - 00000000 ____D C:\ProgramData\Corel
2017-01-17 18:38 - 2017-01-17 18:38 - 00000000 ____D C:\Program Files\Corel
2017-01-17 18:35 - 2017-01-17 18:42 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2017-01-17 16:04 - 2017-01-17 16:04 - 00000000 ____D C:\ProgramData\UniqueId
2017-01-17 14:34 - 2017-01-17 18:43 - 00000000 ____D C:\Users\Miodrag\Documents\Corel
2017-01-17 14:34 - 2017-01-17 14:34 - 00000000 ____D C:\Users\Miodrag\Documents\My Palettes
2017-01-17 14:33 - 2017-01-17 18:42 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\Corel
2017-01-17 14:33 - 2017-01-17 18:42 - 00000000 ____D C:\ProgramData\Protexis64
2017-01-17 14:23 - 2017-01-17 18:34 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2017-01-17 12:16 - 2017-01-21 12:06 - 00000000 ____D C:\ProgramData\Avg_Update_0117ch
2017-01-13 12:05 - 2017-01-13 12:05 - 00000763 _____ C:\Users\Miodrag\Desktop\Knjigovodstvo.lnk
2017-01-12 10:57 - 2016-12-21 10:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 10:57 - 2016-12-21 10:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-12 10:57 - 2016-12-21 09:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-12 10:57 - 2016-12-21 08:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-12 10:57 - 2016-12-21 07:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-12 10:57 - 2016-12-21 06:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-12 10:57 - 2016-12-21 06:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 10:57 - 2016-12-21 06:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 10:57 - 2016-12-21 06:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-12 10:57 - 2016-12-21 06:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 10:57 - 2016-12-21 05:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 10:57 - 2016-10-25 07:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-25 20:44 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\sru
2017-01-25 19:43 - 2015-11-27 05:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-25 19:40 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-01-25 18:35 - 2016-02-12 15:47 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Deployment
2017-01-25 18:09 - 2013-06-08 22:18 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\Skype
2017-01-25 16:03 - 2015-12-03 21:32 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{12391B02-AD29-48A2-9A15-C6F0EAC99906}
2017-01-25 12:26 - 2013-06-08 15:31 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Packages
2017-01-25 10:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-24 19:24 - 2013-06-08 22:03 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-24 11:59 - 2014-10-25 18:50 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\ViberPC
2017-01-24 09:47 - 2013-06-08 18:42 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-24 09:47 - 2013-06-08 18:41 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Google
2017-01-22 20:20 - 2015-08-04 13:24 - 00000000 ____D C:\Users\Miodrag\AppData\Local\Avg
2017-01-22 20:20 - 2015-08-01 17:10 - 00000000 ____D C:\ProgramData\MFAData
2017-01-22 20:13 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-22 20:13 - 2015-08-01 17:14 - 00000000 ___HD C:\$AVG
2017-01-22 20:10 - 2016-12-08 18:19 - 00000000 ____D C:\Users\Miodrag\AppData\Local\AvgSetupLog
2017-01-22 19:46 - 2016-11-10 20:31 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-22 19:30 - 2015-11-27 05:06 - 00000000 ____D C:\Users\Miodrag
2017-01-22 18:48 - 2015-10-30 08:18 - 00001590 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2017-01-21 19:31 - 2016-12-15 20:18 - 00000000 ____D C:\Program Files (x86)\MyPlayCity.com
2017-01-21 19:31 - 2016-12-06 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com
2017-01-21 12:06 - 2016-02-06 12:24 - 00000000 ____D C:\Users\Public\Documents\iWin
2017-01-21 12:06 - 2016-01-30 18:27 - 00000000 ____D C:\ProgramData\Avg_Update_0116tb
2017-01-21 12:06 - 2016-01-29 13:19 - 00000000 ____D C:\ProgramData\Avg_Update_0116avt
2017-01-21 12:06 - 2015-12-04 19:36 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2017-01-21 12:06 - 2015-12-03 20:12 - 00000000 ____D C:\ProgramData\Avg_Update_1215avt
2017-01-21 12:06 - 2015-11-01 13:30 - 00000000 ____D C:\ProgramData\Avg_Update_1015avt
2017-01-21 12:06 - 2015-09-24 19:55 - 00000000 ____D C:\ProgramData\AVG Secure Search
2017-01-21 12:06 - 2015-09-24 19:55 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2017-01-21 12:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\registration
2017-01-21 11:28 - 2014-01-13 21:49 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\uTorrent
2017-01-21 11:11 - 2013-06-08 22:18 - 00000000 ____D C:\ProgramData\Skype
2017-01-21 11:08 - 2015-11-27 05:00 - 00434472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-20 15:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-20 12:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\restore
2017-01-19 19:46 - 2013-07-22 11:53 - 00000000 ____D C:\Users\Miodrag\AppData\Roaming\vlc
2017-01-19 18:28 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-17 09:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2017-01-17 03:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 11:12 - 2013-07-25 02:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-12 11:09 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories =======

2017-01-19 18:43 - 2017-01-19 18:46 - 0003584 _____ () C:\Users\Miodrag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 10:00 - 2014-10-26 10:00 - 0000017 _____ () C:\Users\Miodrag\AppData\Local\resmon.resmoncfg
2016-12-11 18:30 - 2016-12-12 08:50 - 0001484 _____ () C:\ProgramData\aaron_desu.log

Some files in TEMP:
====================
C:\Users\Miodrag\AppData\Local\Temp\Corel_Draw_X7_Serial_Number_with_Keygen_Full_Free_Download__6cmh1w.exe
C:\Users\Miodrag\AppData\Local\Temp\ERUNT.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-01-17 09:30

==================== End of FRST.txt ============================

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

SearchScopes: HKU\S-1-5-21-298066620-2557946646-2338001329-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CE7C1FDE-23E2-4085-BBD3-375FF25B00D8}&mid=dfacb01e455b47cdb8799128c0d041cd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2015-09-24 20:55:26&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Jan 2017 11:05

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Miodrag (2017-01-26 10:36:55) Run:2
Running from C:\Users\Miodrag\Desktop
Loaded Profiles: Miodrag (Available Profiles: Miodrag)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-298066620-2557946646-2338001329-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CE7C1FDE-23E2-4085-BBD3-375FF25B00D8}&mid=dfacb01e455b47cdb8799128c0d041cd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=sr&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2015-09-24 20:55:26&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
EmptyTemp:
*****************

"HKU\S-1-5-21-298066620-2557946646-2338001329-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
EmptyTemp: => 1.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 10:37:45 ====

Dopuna: 26 Jan 2017 18:21

Изгледа да је проблем ријешен. До сада нема преусмјеравања.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odlično.


• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.