MyCity » Ambulanta -> Arhiva Ambulante » Hoho Search u Google Chrome-u nakon instaliranja piratskog Vegas Pro 13.0

Hoho Search u Google Chrome-u nakon instaliranja piratskog Vegas Pro 13.0

Napisano na dan: 1.6.2016

Hoho Search u Google Chrome-u nakon instaliranja piratskog Vegas Pro 13.0
Sledeća strana Pagination

Idi na vrh

Poslao: 01 Jun 2016 15:29
Idi na vrh
offline
  • Pridružio: 01 Jun 2016
  • Poruke: 3

Postovani,

Nakon instaliranja vrlo diskutabilnog softvera, primetio sam da mi je instalirao jos par sumnjivih programa koje sam obrisao. Na primer taj "hoho search" koji se i dalje javlja, ma kako pokusavao da ga obrisem.
Koliko sam citao, to je neki browser hijacker.

Mozda ima jos neceg malicioznog na mom racunaru, pa Vam se zbog toga obracam za pomoc.

Unapred hvala!
Aleksandar Zivkovic



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by aleksandar (administrator) on ALEKSANDAR (01-06-2016 16:25:12)
Running from C:\Users\aleksandar\Downloads
Loaded Profiles: aleksandar (Available Profiles: aleksandar)
Platform: Windows 10 Education (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Redis\redis-server.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Viber Media S.à r.l.) C:\Users\aleksandar\AppData\Local\Viber\Viber.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-27] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1640849067-4196159458-1753329231-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1640849067-4196159458-1753329231-1001\...\Run: [Viber] => C:\Users\aleksandar\AppData\Local\Viber\Viber.exe [69528656 2016-05-16] (Viber Media S.à r.l.)
HKU\S-1-5-21-1640849067-4196159458-1753329231-1001\...\RunOnce: [Uninstall C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1640849067-4196159458-1753329231-1001\...\RunOnce: [Uninstall C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1640849067-4196159458-1753329231-1001\...\RunOnce: [Uninstall C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1640849067-4196159458-1753329231-1001\...\RunOnce: [Uninstall C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1640849067-4196159458-1753329231-1001\...\RunOnce: [Uninstall C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1640849067-4196159458-1753329231-1001\...\RunOnce: [Uninstall C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\aleksandar\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2016-01-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2016-01-23] (NVIDIA Corporation)
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - C:\Users\aleksandar\AppData\Local\Microsoft\Windows\INetCookies\x64explibss.dll [414720 2016-05-31] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{60572dd2-f3e6-42e2-8fe3-c37058155cc9}: [DhcpNameServer] 129.241.0.200 129.241.0.201
Tcpip\..\Interfaces\{6c19fec2-a507-490f-8155-cf57ba68cd26}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-05-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-27] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-05-15] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-27] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-15] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-15] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-05-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-27]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\aleksandar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-06-01]
CHR Extension: (AdBlock) - C:\Users\aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Avast Online Security) - C:\Users\aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-01]
CHR Extension: (Skype) - C:\Users\aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-27] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-01-24] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911472 2016-05-15] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-28] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-10-22] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-03-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1549312 2015-12-07] () [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268912 2016-05-28] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-29] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [61968 2015-10-21] (Synaptics Incorporated)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 grdDebugersrv; "C:\Program Files (x86)\Gredisfopudom\grdDebugersrv.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-27] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-27] (AVAST Software)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-05-21] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268048 2015-10-21] (Intel Corporation)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [96776 2015-11-16] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-10-21] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [192312 2015-10-21] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-10-21] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-10-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [79984 2016-05-28] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-05-21] (Samsung Electronics Co., Ltd.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-18] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-10-21] (HP)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-01 16:25 - 2016-06-01 16:25 - 00025425 _____ C:\Users\aleksandar\Downloads\FRST.txt
2016-06-01 16:24 - 2016-06-01 16:25 - 00000000 ____D C:\FRST
2016-06-01 16:24 - 2016-06-01 16:24 - 02383872 _____ (Farbar) C:\Users\aleksandar\Downloads\FRST64.exe
2016-06-01 16:20 - 2016-06-01 16:20 - 00016148 _____ C:\WINDOWS\system32\ALEKSANDAR_aleksandar_HistoryPrediction.bin
2016-06-01 12:04 - 2016-06-01 12:04 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-01 02:38 - 2016-06-01 02:38 - 00000000 ___HD C:\OneDriveTemp
2016-06-01 02:22 - 2016-06-01 02:22 - 00292896 _____ C:\WINDOWS\ntbtlog.txt
2016-06-01 02:22 - 2016-06-01 02:22 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-01 02:16 - 2016-06-01 02:16 - 00002346 _____ C:\Users\aleksandar\Desktop\Google Chrome.lnk
2016-05-31 21:55 - 2016-05-31 22:01 - 00000000 ____D C:\Users\aleksandar\Desktop\slike
2016-05-31 21:54 - 2016-05-31 21:59 - 00053955 _____ C:\Users\aleksandar\Desktop\Weightlifting.pptx
2016-05-31 21:53 - 2016-05-31 21:53 - 00000000 ____D C:\Users\aleksandar\Documents\Custom Office Templates
2016-05-31 21:44 - 2016-05-31 21:44 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-05-31 21:44 - 2016-05-31 21:44 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2016-05-31 21:43 - 2016-05-31 21:43 - 00002143 _____ C:\Users\aleksandar\Desktop\FL Studio 11 (64bit).lnk
2016-05-31 21:43 - 2016-05-31 21:43 - 00000000 ____D C:\Users\aleksandar\Documents\Image-Line
2016-05-31 21:43 - 2016-05-31 21:43 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-05-31 21:43 - 2016-05-31 21:43 - 00000000 ____D C:\Program Files\Image-Line
2016-05-31 21:43 - 2016-05-31 21:43 - 00000000 ____D C:\Program Files\Common Files\VST2
2016-05-31 21:43 - 2016-05-31 21:43 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-05-31 21:43 - 2016-05-31 21:43 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-05-31 21:43 - 2016-05-31 21:43 - 00000000 ____D C:\Program Files (x86)\DSPRobotics
2016-05-31 21:41 - 2016-05-31 21:43 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-05-31 21:39 - 2016-05-31 21:39 - 00002604 _____ C:\Users\aleksandar\Documents\Register Vegas Pro.htm
2016-05-31 21:39 - 2016-05-31 21:39 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\Publish Providers
2016-05-31 21:35 - 2016-05-31 21:37 - 00000000 ____D C:\Users\aleksandar\AppData\Local\Sony
2016-05-31 21:35 - 2016-05-31 21:35 - 00001121 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2016-05-31 21:35 - 2016-05-31 21:35 - 00000000 ____D C:\ProgramData\Sony
2016-05-31 21:35 - 2016-05-31 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-05-31 21:35 - 2016-05-31 21:35 - 00000000 ____D C:\Program Files\Sony
2016-05-31 21:35 - 2016-05-31 21:35 - 00000000 ____D C:\Program Files (x86)\Sony
2016-05-31 21:34 - 2016-05-31 21:39 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\Sony
2016-05-31 17:25 - 2016-06-01 11:43 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-31 15:31 - 2016-05-31 15:33 - 00000000 ____D C:\AdwCleaner
2016-05-31 14:54 - 2016-06-01 16:24 - 00000000 ____D C:\Users\aleksandar\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-05-31 14:54 - 2016-05-31 14:55 - 00000000 ____D C:\Program Files (x86)\Ckcege
2016-05-31 14:54 - 2016-05-31 14:54 - 00000000 ____D C:\Program Files (x86)\Qoqphmifiward
2016-05-28 22:06 - 2016-05-28 22:06 - 00130325 _____ C:\Users\aleksandar\Desktop\03. Boravišna viza _preko 90 dana_ po osnovu studiranja, prakse ili volonterskog rada.pdf
2016-05-28 11:26 - 2016-05-28 11:26 - 00444016 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2016-05-28 11:26 - 2016-05-28 11:26 - 00296568 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo41.dll
2016-05-28 11:26 - 2016-05-28 11:26 - 00079984 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2016-05-28 11:26 - 2016-05-28 11:26 - 00076408 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2016-05-28 11:26 - 2016-05-28 11:26 - 00074864 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2016-05-23 14:07 - 2016-05-25 01:44 - 00000000 ____D C:\Users\aleksandar\Documents\GeoPuzzle - Backup
2016-05-23 01:33 - 2016-05-23 01:33 - 00000000 ____D C:\Users\aleksandar\AppData\Local\Viber
2016-05-21 23:26 - 2016-05-28 11:26 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-05-20 16:29 - 2016-05-31 17:26 - 00000000 ____D C:\Users\aleksandar\AppData\LocalLow\uTorrent
2016-05-19 12:04 - 2016-05-19 12:04 - 01730312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2016-05-19 12:04 - 2016-05-19 12:04 - 01011456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2016-05-16 15:17 - 2016-05-16 15:17 - 00001785 _____ C:\Users\aleksandar\Desktop\studio64.exe - Shortcut.lnk
2016-05-16 14:59 - 2016-05-16 14:59 - 01213779 _____ C:\Users\aleksandar\Desktop\CFJ_2015_05_Zone6.pdf
2016-05-15 15:58 - 2016-06-01 11:44 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\ViberPC
2016-05-15 15:58 - 2016-05-15 15:58 - 00001048 _____ C:\Users\aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-05-15 15:58 - 2016-05-15 15:58 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-05-15 15:58 - 2016-05-15 15:58 - 00000000 ____D C:\Users\aleksandar\AppData\Local\Package Cache
2016-05-14 21:54 - 2016-05-14 21:54 - 00000167 _____ C:\Users\aleksandar\.gitconfig
2016-05-11 22:28 - 2016-05-11 22:28 - 00000000 ____D C:\Users\aleksandar\.AndroidStudio2.1
2016-05-11 21:32 - 2016-05-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 17:11 - 2016-06-01 12:10 - 00000000 ____D C:\Users\aleksandar\Documents\ViberDownloads
2016-05-11 01:18 - 2016-04-15 08:18 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 01:18 - 2016-04-15 08:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 01:18 - 2016-04-15 07:59 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 01:18 - 2016-04-15 07:55 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 01:18 - 2016-04-15 07:39 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 01:18 - 2016-04-09 12:52 - 00502504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 01:18 - 2016-04-09 12:12 - 08021856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 01:18 - 2016-04-09 12:10 - 00609976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 01:18 - 2016-04-09 12:06 - 01981280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 01:18 - 2016-04-09 12:04 - 02430304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-11 01:18 - 2016-04-09 11:50 - 01515936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 01:18 - 2016-04-09 11:04 - 01780352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 01:18 - 2016-04-09 10:13 - 05160960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 01:18 - 2016-04-09 09:22 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-05-11 01:18 - 2016-04-09 09:18 - 11264000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 01:18 - 2016-04-09 09:18 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 01:18 - 2016-04-09 09:14 - 18798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 01:18 - 2016-04-09 09:10 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 01:18 - 2016-04-09 09:09 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 01:18 - 2016-04-09 08:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2016-05-11 01:18 - 2016-04-09 08:13 - 21859328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 01:18 - 2016-04-09 08:02 - 07521280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 01:17 - 2016-04-22 07:52 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 01:17 - 2016-04-22 07:44 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 01:17 - 2016-04-15 09:21 - 01085776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 01:17 - 2016-04-15 08:43 - 00916800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 01:17 - 2016-04-15 08:14 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-05-11 01:17 - 2016-04-15 08:06 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 01:17 - 2016-04-15 08:05 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 01:17 - 2016-04-15 08:01 - 01381376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 01:17 - 2016-04-15 07:42 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 01:17 - 2016-04-09 12:58 - 01365584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 01:17 - 2016-04-09 12:53 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 01:17 - 2016-04-09 12:52 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 01:17 - 2016-04-09 12:10 - 01824872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 01:17 - 2016-04-09 12:05 - 01199368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 01:17 - 2016-04-09 12:05 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 01:17 - 2016-04-09 12:04 - 01592360 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 01:17 - 2016-04-09 10:09 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 01:17 - 2016-04-09 10:09 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 01:17 - 2016-04-09 10:09 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-05-11 01:17 - 2016-04-09 09:55 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 01:17 - 2016-04-09 09:54 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 01:17 - 2016-04-09 09:52 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2016-05-11 01:17 - 2016-04-09 09:38 - 00464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 01:17 - 2016-04-09 09:06 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 01:17 - 2016-04-09 09:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 01:17 - 2016-04-09 09:05 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 01:17 - 2016-04-09 08:43 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 01:17 - 2016-04-09 08:42 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 01:17 - 2016-04-09 08:27 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-08 21:33 - 2016-05-09 19:24 - 00000000 ____D C:\Users\aleksandar\AppData\Local\GitHubVisualStudio
2016-05-08 21:33 - 2016-05-08 21:35 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\GitHubVisualStudio

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-01 16:24 - 2015-12-28 16:19 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-01 13:12 - 2015-10-22 11:00 - 00000000 ____D C:\WINDOWS\INF
2016-06-01 13:12 - 2015-10-22 01:36 - 00968074 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-01 12:31 - 2015-10-22 01:53 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-01 12:04 - 2015-10-22 11:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-01 12:04 - 2015-10-22 11:01 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-01 12:03 - 2015-10-22 14:57 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-01 12:02 - 2015-10-22 01:39 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-01 11:54 - 2015-10-22 11:01 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-01 11:44 - 2015-10-22 14:31 - 00000000 ____D C:\ProgramData\MCShield
2016-06-01 11:44 - 2015-10-22 01:39 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-01 11:44 - 2015-10-22 01:35 - 00000000 ___RD C:\Users\aleksandar\OneDrive
2016-06-01 11:44 - 2015-10-22 01:34 - 00000000 __SHD C:\Users\aleksandar\IntelGraphicsProfiles
2016-06-01 11:43 - 2015-12-28 16:19 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-01 02:37 - 2016-03-23 17:17 - 00000093 _____ C:\HaxLogs.txt
2016-06-01 02:37 - 2015-12-20 16:22 - 00000520 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-06-01 02:37 - 2015-10-22 10:56 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-01 02:37 - 2015-10-22 10:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-01 02:37 - 2015-10-22 10:27 - 00000000 ____D C:\ProgramData\Validity
2016-06-01 02:21 - 2016-01-03 23:27 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\uTorrent
2016-06-01 02:17 - 2015-10-22 01:34 - 00000000 ____D C:\Users\aleksandar\AppData\Local\Packages
2016-06-01 00:51 - 2015-12-30 22:53 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5789689-D9EE-467C-BCAB-FA350A82DF70}
2016-05-31 21:39 - 2015-12-19 22:40 - 00000000 ____D C:\Users\aleksandar\AppData\Local\CrashDumps
2016-05-31 14:56 - 2016-01-15 12:36 - 00000000 ____D C:\Users\aleksandar\.nbi
2016-05-31 13:52 - 2015-10-22 14:59 - 00000000 ____D C:\Users\aleksandar\AppData\Local\Adobe
2016-05-31 12:20 - 2015-10-22 11:01 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-30 23:16 - 2015-10-22 23:06 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\vlc
2016-05-30 11:58 - 2016-03-23 18:36 - 00000000 ____D C:\Users\aleksandar\AppData\Local\Genymobile
2016-05-30 11:14 - 2016-03-23 18:36 - 00000000 ____D C:\Users\aleksandar\.VirtualBox
2016-05-30 00:48 - 2015-10-22 02:34 - 00000000 ____D C:\Users\aleksandar\Documents\Visual Studio 2015
2016-05-30 00:44 - 2016-04-27 16:43 - 00000000 ____D C:\Users\aleksandar\Documents\GitHub
2016-05-30 00:44 - 2015-10-22 18:43 - 00011353 _____ C:\Users\aleksandar\.bash_history
2016-05-28 11:26 - 2015-10-21 20:42 - 01813392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2016-05-28 11:26 - 2015-10-21 20:42 - 00871544 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2016-05-28 11:26 - 2015-10-21 20:42 - 00815736 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2016-05-28 11:26 - 2015-10-21 20:42 - 00294512 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2016-05-28 11:26 - 2015-10-21 20:42 - 00079984 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2016-05-27 22:09 - 2015-10-31 16:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 12:03 - 2015-10-22 14:31 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-05-26 00:01 - 2015-10-31 16:37 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\Skype
2016-05-25 21:57 - 2016-01-08 01:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-23 14:06 - 2015-10-22 14:45 - 00000000 ____D C:\Users\aleksandar\Documents\Elfak
2016-05-21 23:28 - 2016-04-23 16:32 - 01499408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2016-05-21 23:28 - 2016-04-23 16:32 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2016-05-21 23:26 - 2015-10-29 17:00 - 00221824 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-05-21 23:26 - 2015-10-29 17:00 - 00129152 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-05-20 13:57 - 2015-10-22 15:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-19 23:09 - 2015-10-22 01:35 - 00002392 _____ C:\Users\aleksandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-19 22:12 - 2015-12-28 16:24 - 00000000 ___RD C:\Users\aleksandar\Dropbox
2016-05-16 21:32 - 2016-01-12 18:46 - 00000000 ____D C:\Users\aleksandar\Desktop\Trening
2016-05-16 15:28 - 2016-03-29 17:09 - 00000000 ____D C:\Users\aleksandar\Desktop\EMSE
2016-05-16 15:22 - 2015-10-22 14:34 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\QtProject
2016-05-15 19:14 - 2016-01-08 01:33 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-14 22:05 - 2016-04-27 16:43 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\GitHub
2016-05-14 22:05 - 2016-04-27 16:43 - 00000000 ____D C:\Users\aleksandar\AppData\Local\GitHub
2016-05-14 21:54 - 2016-04-27 16:41 - 00000000 ____D C:\Users\aleksandar\AppData\Local\Deployment
2016-05-14 21:54 - 2015-10-22 01:34 - 00000000 ____D C:\Users\aleksandar
2016-05-14 20:24 - 2015-10-22 10:58 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-14 02:22 - 2015-10-22 11:01 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-13 21:50 - 2015-10-22 15:00 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 18:03 - 2015-10-22 01:39 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-11 22:35 - 2016-04-11 21:22 - 00000000 ____D C:\Program Files\Android
2016-05-11 22:27 - 2016-04-11 22:25 - 00000000 ____D C:\Users\aleksandar\.AndroidStudio2.0
2016-05-11 22:12 - 2015-10-22 11:01 - 00000000 ____D C:\WINDOWS\rescache
2016-05-11 21:50 - 2015-10-22 11:01 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:50 - 2015-10-22 11:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 21:32 - 2015-12-28 16:19 - 00000000 ____D C:\Users\aleksandar\AppData\Local\Dropbox
2016-05-11 21:32 - 2015-12-28 16:19 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-11 20:54 - 2015-10-22 11:01 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 17:07 - 2015-10-22 11:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 17:03 - 2015-10-22 11:00 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 16:21 - 2015-10-22 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-05-11 16:21 - 2015-10-22 02:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-11 16:19 - 2015-10-22 02:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-05-11 16:15 - 2015-10-22 02:29 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-05-11 16:15 - 2015-10-22 02:29 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-05-11 16:14 - 2015-11-22 15:11 - 00000000 ____D C:\Program Files\MSBuild
2016-05-11 00:57 - 2015-10-22 01:39 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 00:57 - 2015-10-22 01:39 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 21:25 - 2016-04-14 20:38 - 00000000 ____D C:\Users\aleksandar\AppData\Roaming\npm-cache
2016-05-07 14:59 - 2016-04-27 16:43 - 00002286 _____ C:\Users\aleksandar\Desktop\Git Shell.lnk

==================== Files in the root of some directories =======

2015-10-22 11:51 - 2015-11-12 13:54 - 0000600 _____ () C:\Users\aleksandar\AppData\Roaming\winscp.rnd
2016-01-24 13:42 - 2016-01-24 13:42 - 0000927 _____ () C:\Users\aleksandar\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\aleksandar\.mongorc.js


Some files in TEMP:
====================
C:\Users\aleksandar\AppData\Local\Temp\ads.exe
C:\Users\aleksandar\AppData\Local\Temp\appstart.exe
C:\Users\aleksandar\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\aleksandar\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\aleksandar\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\aleksandar\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\aleksandar\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\aleksandar\AppData\Local\Temp\libeay32.dll
C:\Users\aleksandar\AppData\Local\Temp\MediaPlayer__11426.exe
C:\Users\aleksandar\AppData\Local\Temp\msvcr120.dll
C:\Users\aleksandar\AppData\Local\Temp\npp.6.8.8.Installer.exe
C:\Users\aleksandar\AppData\Local\Temp\sqlite3.dll
C:\Users\aleksandar\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-27 13:00

==================== End of FRST.txt ============================


mycity.rs/must-login.png
mycity.rs/must-login.png

Poslao: 01 Jun 2016 19:37
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pozdrav!

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
ShellExecuteHooks:  - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - C:\Users\aleksandar\AppData\Local\Microsoft\Windows\INetCookies\x64explibss.dll [414720 2016-05-31] ()
C:\Users\aleksandar\AppData\Local\Microsoft\Windows\INetCookies\x64explibss.dll
S2 grdDebugersrv; "C:\Program Files (x86)\Gredisfopudom\grdDebugersrv.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
C:\Program Files (x86)\Gredisfopudom
2016-05-31 14:54 - 2016-05-31 14:55 - 00000000 ____D C:\Program Files (x86)\Ckcege
2016-05-31 14:54 - 2016-05-31 14:54 - 00000000 ____D C:\Program Files (x86)\Qoqphmifiward
C:\Users\aleksandar\.mongorc.js
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.


Nakon toga,

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Poslao: 01 Jun 2016 20:26
Idi na vrh
offline
  • Pridružio: 01 Jun 2016
  • Poruke: 3

Hvala puno!

Odradio. Evo logova:


mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 01 Jun 2016 22:20
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe
U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.
Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

Poslao: 01 Jun 2016 22:48
Idi na vrh
offline
  • Pridružio: 01 Jun 2016
  • Poruke: 3

mycity.rs/must-login.png

Deluje mi kao da je sve OK sada?

Poslao: 02 Jun 2016 12:30
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

u redu.
Da li i dalje imas problema ili je sve ok? Smile

MyCity » Ambulanta -> Arhiva Ambulante » Hoho Search u Google Chrome-u nakon instaliranja piratskog Vegas Pro 13.0

Ko je trenutno na forumu
 

Ukupno su 843 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 837 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, Dorcolac, mean_machine, Mi lao shu, panzerwaffe