Ozip Search Browser ?

Ozip Search Browser ?

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Probao sam da ocistim sa adwcleanerom i antimalware.


mycity.rs/must-login.png

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by USER (administrator) on MOBSERVIS (31-01-2017 13:07:26)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-03] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2289014130-3233308087-3787913282-1000\...\MountPoints2: {e1165c49-95d1-11e4-a129-806e6f6e6963} - E:\DriverPackSolution.exe
HKU\S-1-5-21-2289014130-3233308087-3787913282-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-03] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.219
Tcpip\..\Interfaces\{75A074A9-2F48-4E72-A7C3-4F765CD1CFB4}: [DhcpNameServer] 192.168.100.219
Tcpip\..\Interfaces\{8D7B2357-B06C-414C-9F4C-72E041C2AC66}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{EA6EAC81-594A-4724-9E1D-D17285458D1E}: [DhcpNameServer] 192.168.100.219
ManualProxies: 0hxxp://no-blocked.org/wpad.dat?e3a355c21f953c7f246311f61ccd912224490820

Internet Explorer:
==================
HKU\S-1-5-21-2289014130-3233308087-3787913282-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-03] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: xhnlrfne.default
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\xhnlrfne.default [2017-01-31]
FF Extension: (Firefox Hotfix) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\xhnlrfne.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-10]
FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\xhnlrfne.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2015-04-06] (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2289014130-3233308087-3787913282-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2289014130-3233308087-3787913282-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2015-04-06] (Verimatrix, Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\3529881.js [2017-01-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\3529881.cfg [2017-01-27] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Profile 3
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com/webhp?hl=en&sa=X&ved=0ahUKEwjW2tWggOXRAhWEBiwKHW6BBewQPAgD&gws_rd=cr&ei=WKSMWPzBJob_swGNkJ_4BA&fg=1"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-28]
CHR Extension: (Google Slides) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-14]
CHR Extension: (Avast Online Security) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-01-28]
CHR Extension: (Avast SafePrice) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-06]
CHR Extension: (AdBlock) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-08]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-01-31]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-28]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-28]
CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-31]
CHR Extension: (Avast SafePrice) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-28]
CHR Extension: (AdBlock) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Avast Online Security) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28]
CHR Extension: (Adblock Pro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-01-31]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-28]
CHR HKU\S-1-5-21-2289014130-3233308087-3787913282-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-03] (AVAST Software)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-03] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-01-06] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-03] (AVAST Software)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2015-07-08] (REALiX(tm))
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)
S3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1204936 2014-02-12] (Ralink Technology, Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [140672 2014-11-24] (MBB)
S3 ALSysIO; \??\C:\Users\USER\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BtAudioBusSrv; System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; System32\Drivers\IvtUrbBtFlt.sys [X]
S3 cpuz136; \??\C:\Users\USER\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-31 13:07 - 2017-01-31 13:07 - 00018708 _____ C:\Users\USER\Desktop\FRST.txt
2017-01-31 13:07 - 2017-01-31 13:07 - 00000000 ____D C:\FRST
2017-01-31 13:06 - 2017-01-31 13:06 - 02420736 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2017-01-31 12:55 - 2017-01-31 12:55 - 00000000 ____D C:\Users\USER\AppData\Local\CrashRpt
2017-01-31 12:53 - 2017-01-31 12:53 - 00000000 ____D C:\Windows\pss
2017-01-31 12:47 - 2017-01-31 12:50 - 00004412 _____ C:\Users\USER\Desktop\ZHPCleaner.txt
2017-01-31 12:42 - 2017-01-31 12:50 - 00000000 ____D C:\Users\USER\AppData\Roaming\ZHP
2017-01-28 12:41 - 2017-01-28 13:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-28 12:41 - 2017-01-28 12:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-28 12:41 - 2017-01-28 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-28 12:40 - 2017-01-28 12:40 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-01-28 11:27 - 2017-01-28 15:15 - 00000000 ____D C:\AdwCleaner
2017-01-27 10:00 - 2017-01-27 10:00 - 00002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard Layout Creator 1.4.lnk
2017-01-27 10:00 - 2017-01-27 10:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Keyboard Layout Creator 1.4
2017-01-27 09:50 - 2017-01-27 10:04 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-01-17 13:27 - 2017-01-17 13:27 - 00000000 ____D C:\Users\USER\Desktop\SP_Flash_Tool_exe_Windows_v5.1648.00.000_21
2017-01-04 09:04 - 2017-01-03 09:17 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-03 09:17 - 2017-01-03 09:17 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-01-03 09:17 - 2017-01-03 09:17 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-01-03 09:17 - 2017-01-03 09:17 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-31 13:06 - 2009-07-14 05:45 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-31 13:06 - 2009-07-14 05:45 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-31 13:04 - 2015-01-11 17:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-31 09:04 - 2009-07-14 06:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-31 09:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-31 08:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-30 12:46 - 2016-01-12 16:49 - 00000000 ____D C:\ProgramData\SP_FT_Logs
2017-01-28 15:35 - 2015-05-03 12:09 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-28 15:35 - 2015-01-11 17:56 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-28 12:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Globalization
2017-01-28 12:47 - 2015-01-06 15:06 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-28 12:47 - 2015-01-06 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-28 12:47 - 2015-01-06 15:06 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-01-28 12:46 - 2016-09-10 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 11:47 - 2015-05-03 12:00 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430650821
2017-01-28 11:47 - 2015-05-03 11:57 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-23 09:59 - 2016-03-21 14:29 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-23 09:11 - 2016-03-24 16:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 15:35 - 2015-02-02 17:14 - 00000000 ____D C:\ProgramData\Oracle
2017-01-19 15:29 - 2015-11-06 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-19 15:29 - 2015-11-06 10:21 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-19 15:28 - 2015-11-06 10:22 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-14 11:30 - 2016-05-24 16:04 - 00001926 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-14 09:29 - 2015-01-06 15:08 - 00000000 ____D C:\ProgramData\Skype
2017-01-12 16:13 - 2015-09-29 12:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 15:30 - 2016-03-03 15:58 - 00000000 ____D C:\ProgramData\SP_MDT_Logs
2017-01-10 15:16 - 2016-09-10 11:14 - 00000000 ____D C:\Users\USER\AppData\Roaming\vlc
2017-01-10 11:25 - 2016-03-31 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SP Driver
2017-01-10 11:04 - 2015-05-03 12:09 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-10 11:04 - 2015-01-11 17:56 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 11:04 - 2015-01-11 17:56 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 11:04 - 2015-01-11 17:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 11:04 - 2015-01-11 17:56 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-05 09:05 - 2016-05-04 09:29 - 00003884 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462350558
2017-01-04 09:04 - 2015-01-06 15:35 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-03 09:18 - 2015-01-06 15:35 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-01-03 09:18 - 2015-01-06 15:35 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-01-03 09:18 - 2015-01-06 15:35 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-01-03 09:17 - 2016-05-04 08:29 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-01-03 09:17 - 2015-01-06 15:35 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148343148036307
2017-01-03 09:17 - 2015-01-06 15:35 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148343148275010
2017-01-03 09:17 - 2015-01-06 15:35 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148343148302912
2017-01-03 09:17 - 2015-01-06 15:35 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-01-03 09:17 - 2015-01-06 15:35 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-01-03 09:17 - 2015-01-06 15:35 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-01-03 09:17 - 2015-01-06 15:35 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-01-03 09:17 - 2015-01-06 15:35 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

==================== Files in the root of some directories =======

2015-03-22 11:47 - 2016-10-01 09:17 - 0006656 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-26 10:33 - 2016-07-26 10:33 - 0000172 _____ () C:\Users\USER\AppData\Local\uts.ini

Some files in TEMP:
====================
2016-07-09 10:12 - 2016-07-09 10:12 - 4741624 _____ (Google) C:\Users\USER\AppData\Local\Temp\88B2.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 0026936 _____ (TuneUp Software) C:\Users\USER\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0028984 _____ (TuneUp Software) C:\Users\USER\AppData\Local\Temp\DseShExt-x86.dll
2016-10-24 10:02 - 2008-03-12 05:03 - 0359488 _____ (Electronic Arts Inc.) C:\Users\USER\AppData\Local\Temp\eauninstall.exe
2016-07-25 11:31 - 2016-07-25 11:31 - 0741440 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-24 14:02 - 2016-10-24 14:02 - 0737856 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 15:27 - 2017-01-19 15:27 - 0739904 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-02-23 10:19 - 2016-02-23 10:19 - 0736352 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-04-14 10:39 - 2016-04-14 10:39 - 0736320 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-26 12:16 - 2016-04-26 12:16 - 0739904 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-11-22 13:54 - 2016-11-22 13:54 - 0673976 _____ (Vitzo Ltd.) C:\Users\USER\AppData\Local\Temp\o4e2jihk.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 0032568 _____ (TuneUp Software) C:\Users\USER\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032056 _____ (TuneUp Software) C:\Users\USER\AppData\Local\Temp\SDShelEx-x64.dll
2015-11-16 12:47 - 2015-11-17 13:32 - 1639936 _____ (CPUID) C:\Users\USER\AppData\Local\Temp\speccycpuid.dll
2016-10-24 10:02 - 2008-03-12 01:34 - 0099592 _____ (Electronic Arts) C:\Users\USER\AppData\Local\Temp\The Sims 2 Kitchen & Bath Interior Design Stuff_uninst.exe
2016-11-22 13:53 - 2016-11-22 13:53 - 0673976 _____ (Vitzo Ltd.) C:\Users\USER\AppData\Local\Temp\vz3nzd1p.exe
2017-01-27 09:57 - 2017-01-27 09:58 - 0547840 _____ () C:\Users\USER\AppData\Local\Temp\Word_konvertor_cirilica_latinica_free.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:24] - [2015-01-06 12:37] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 04:24] - [2015-01-06 12:37] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-23 09:35

==================== End of FRST.txt ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Moze li malo objasnjenja kako se ispoljava problem, kada se ispoljave, gde si ispoljava, kada je poceo da se ispoljava itd?

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

TwinHeadedEagle ::Pozdrav,

Moze li malo objasnjenja kako se ispoljava problem, kada se ispoljave, gde si ispoljava, kada je poceo da se ispoljava itd?


Na Chromu se najvise pojavljuje,skoro ga je nemoguce koristit .I na Operu se povremeno pojavi,

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
cmd: ipconfig /flushdns
RemoveProxy:
HKU\S-1-5-21-2289014130-3233308087-3787913282-1000\...\MountPoints2: {e1165c49-95d1-11e4-a129-806e6f6e6963} - E:\DriverPackSolution.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
ManualProxies: 0hxxp://no-blocked.org/wpad.dat?e3a355c21f953c7f246311f61ccd912224490820
HKU\S-1-5-21-2289014130-3233308087-3787913282-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\3529881.js [2017-01-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\3529881.cfg [2017-01-27] <==== ATTENTION
CHR HKU\S-1-5-21-2289014130-3233308087-3787913282-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S3 ALSysIO; \??\C:\Users\USER\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BtAudioBusSrv; System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; System32\Drivers\IvtUrbBtFlt.sys [X]
S3 cpuz136; \??\C:\Users\USER\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
Tcpip\..\Interfaces\{75A074A9-2F48-4E72-A7C3-4F765CD1CFB4}: [DhcpNameServer] 192.168.100.219
Tcpip\..\Interfaces\{8D7B2357-B06C-414C-9F4C-72E041C2AC66}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{EA6EAC81-594A-4724-9E1D-D17285458D1E}: [DhcpNameServer] 192.168.100.219
Task: {2D72E2A0-A567-4BC9-8488-7E4FF7AB600E} - System32\Tasks\{91216254-AA25-48B1-B89A-F3AAB87605F4} => pcalua.exe -a C:\Users\USER\AppData\Local\Temp\$PowerISO$\Sims3EP02Setup.exe -d "C:\Users\USER\Downloads\The Sims 3 All In One\The Sims 3 EP02 Ambitions" <==== ATTENTION
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kakvo je stanje sada?

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

TwinHeadedEagle ::Kakvo je stanje sada?

Cini mi se da je sad sve uredu. Hvala

Javicu ako bude nekih promjena.

Ko je trenutno na forumu
 

Ukupno su 860 korisnika na forumu :: 44 registrovanih, 3 sakrivenih i 813 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, aramis s, arsa, babaroga, black_arrow, bojank, dika69, djboj, dragon986, dragonserbia, girici2, h8propaganda, Kenanjoz, kovinacc, kybonacci, LeGrandCharles, Leonardo, LUDI, Marko Marković, MB120mm, Mercury, Mihajlo, Miskohd, mk, mnn2, Morocco, mrmr, NoOneEver Dreams, panonski mornar, pein, proka89, Recce, RJ, rovac, royst33, ruso, Snorks, stegonosa, suton, Vlad000, vlvl, vobo, zoranis