Provera

1

Provera

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3465
  • Gde živiš: KRAGUJEVAC

Malware bytes je našao preko 300 malware-a, lap top totalno bio usporio . Jedino Avast detektovao da Java nije updejtovana .
ADSL 10MB/S koristim.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2017
Ran by HP (administrator) on HP-PC (26-02-2017 20:46:43)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nullsoft) C:\Program Files\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSrv.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(The Chromium Authors) C:\Users\HP\AppData\Local\chromium\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(The Chromium Authors) C:\Users\HP\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\HP\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\HP\AppData\Local\chromium\Application\chrome.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1667164 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [39424 2009-12-17] (Nullsoft)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\Run: [Chromium] => c:\users\hp\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\Run: [GoogleChromeAutoLaunch_43F8308EBB0847458B3FC61550B2903B] => C:\Users\HP\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\MountPoints2: {d9dfc6c9-e08d-11e5-b6b3-806e6f6e6963} - E:\DriverPackSolution.exe
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-26] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{C4A14250-1DC1-4975-A0DE-1CA10F1EAED0}: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{FFAC5FD7-C0CE-45F9-8BB3-42DEC9AA31F3}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-602383084-879286083-1166823298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-02] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-23] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 1ozauf9a.default
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default [2017-02-26]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered
FF NewTab: Mozilla\Firefox\Profiles\1ozauf9a.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\1ozauf9a.default -> hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Keyword.URL: Mozilla\Firefox\Profiles\1ozauf9a.default -> user_pref("keyword.URL", true);
FF Extension: (Firefox Hotfix) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-12]
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default\searchplugins\yahoo! powered.xml [2017-02-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26]
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-23] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.rs/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-02-26]
CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-02]
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-03]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03]
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-03]
CHR Extension: (Avast SafePrice) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-17]
CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-05]
CHR Extension: (StartWidget) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcicildfhbfklckjilcpacpphfacecab [2017-02-20]
CHR Extension: (Search Manager) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-602383084-879286083-1166823298-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2017-01-18] (Byte Technologies LLC)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-20] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [40256 2017-02-07] (Dropbox, Inc.)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-02-20] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2012-10-24] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36856 2012-12-25] (IVT Corporation.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3485952 2009-05-20] ()
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 20:46 - 2017-02-26 20:47 - 00021129 _____ C:\Users\HP\Desktop\FRST.txt
2017-02-26 20:46 - 2017-02-26 20:46 - 00000000 ____D C:\FRST
2017-02-26 20:44 - 2017-02-26 20:44 - 01765376 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2017-02-26 20:40 - 2017-02-26 20:40 - 00000000 _____ C:\Users\HP\Downloads\New Text Document.txt
2017-02-26 20:37 - 2017-02-26 20:37 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-26 20:37 - 2017-02-26 20:37 - 00000993 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-26 20:37 - 2017-02-26 20:37 - 00000000 ____D C:\Users\HP\AppData\Roaming\TeamViewer
2017-02-26 20:37 - 2017-02-26 20:37 - 00000000 ____D C:\Program Files\TeamViewer
2017-02-26 20:33 - 2017-02-26 20:34 - 12973560 _____ (TeamViewer GmbH) C:\Users\HP\Downloads\TeamViewer_Setup_sr.exe
2017-02-24 20:06 - 2017-02-24 20:11 - 00000000 ____D C:\Users\HP\Desktop\New folder
2017-02-24 19:30 - 2017-02-24 19:30 - 20607064 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-02-20 19:00 - 2017-02-20 19:00 - 00035237 _____ C:\Users\HP\Downloads\Lebenslauf Herbert Fabigan (1) (1).pdf
2017-02-20 18:55 - 2017-02-20 18:55 - 00035237 _____ C:\Users\HP\Downloads\Lebenslauf Herbert Fabigan (1).pdf
2017-02-20 15:42 - 2017-02-20 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2017-02-20 15:15 - 2017-02-20 15:15 - 00026006 _____ C:\Users\HP\Downloads\Lebenslauf Zorica Fabigan (1).pdf
2017-02-20 15:14 - 2017-02-20 15:14 - 00006814 _____ C:\Users\HP\Downloads\Unconfirmed 732846.crdownload
2017-02-20 15:14 - 2017-02-20 15:14 - 00006814 _____ C:\Users\HP\Downloads\CV-Europass-20170113-Fabigan-DE (2).xml
2017-02-20 14:49 - 2017-02-20 14:49 - 00000000 ____D C:\ProgramData\ByteFence
2017-02-20 14:43 - 2017-02-26 20:30 - 00000296 _____ C:\Windows\Tasks\Start WinZip Driver Updater for HP-PC@HP(logon).job
2017-02-20 14:43 - 2017-02-23 17:47 - 00000000 ____D C:\Program Files\WinZip Driver Updater
2017-02-20 14:43 - 2017-02-20 14:43 - 00001085 _____ C:\Users\Public\Desktop\WinZip Driver Updater.lnk
2017-02-20 14:43 - 2017-02-20 14:43 - 00000000 ____D C:\ProgramData\WinZip
2017-02-20 14:43 - 2017-02-20 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-02-20 14:42 - 2017-02-20 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-20 14:40 - 2017-02-20 14:40 - 00002239 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-02-20 14:40 - 2017-02-20 14:40 - 00002231 _____ C:\Users\HP\Desktop\Chromium.lnk
2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Roaming\Dropbox
2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Local\chromium
2017-02-20 14:39 - 2017-02-26 20:44 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-20 14:39 - 2017-02-26 20:39 - 00000972 _____ C:\Windows\Tasks\Yahoo! Powered tafor.job
2017-02-20 14:39 - 2017-02-26 20:39 - 00000000 ____D C:\ProgramData\{57AF92CC-DDED-180A-5B2B-8648C1690D86}
2017-02-20 14:39 - 2017-02-26 20:30 - 00000884 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-20 14:39 - 2017-02-20 14:39 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2017-02-20 14:39 - 2017-02-20 14:39 - 00001007 _____ C:\Users\Public\Desktop\Booking.com.lnk
2017-02-20 14:39 - 2017-02-20 14:39 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-02-20 14:39 - 2017-02-20 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com
2017-02-20 14:39 - 2017-02-20 14:39 - 00000000 ____D C:\Program Files\Booking.com
2017-02-20 14:38 - 2017-02-26 20:36 - 00000000 ____D C:\Program Files\ByteFence
2017-02-20 14:38 - 2017-02-20 15:00 - 00000000 ____D C:\Program Files\Dropbox
2017-02-20 14:38 - 2017-02-20 14:42 - 00000000 ____D C:\Users\HP\AppData\Local\Dropbox
2017-02-20 14:38 - 2017-02-20 14:41 - 00000000 ____D C:\Users\HP\AppData\Local\{3EED08B1-1A45-6409-77DD-41E153B5BD79}
2017-02-20 14:38 - 2017-02-20 14:38 - 407010384 _____ (Microsoft Corporation) C:\Users\HP\Downloads\microsoft-office-professional-2007 [1].exe
2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\ProgramData\Dropbox
2017-02-20 14:37 - 2017-02-20 14:37 - 01237624 _____ ( ) C:\Users\HP\Downloads\microsoft-office-professional-2007.exe
2017-02-12 10:44 - 2017-02-12 10:44 - 00714584 _____ C:\Users\HP\Downloads\crni.htm
2017-02-12 10:43 - 2017-02-12 10:43 - 00715795 _____ C:\Users\HP\Downloads\jaa.htm
2017-02-12 10:17 - 2017-02-12 10:17 - 01208094 _____ C:\Users\HP\Downloads\(4) Andjela i nadja.html
2017-02-12 10:17 - 2017-02-12 10:17 - 00000000 ____D C:\Users\HP\Downloads\(4) Andjela i nadja_files
2017-02-07 18:07 - 2017-02-07 18:07 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-02-07 05:38 - 2017-02-07 05:38 - 00040256 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-27 23:34 - 2017-01-27 23:34 - 00604928 _____ (Reimage) C:\Users\HP\Downloads\ReimageRepair (2).exe
2017-01-27 23:33 - 2017-01-27 23:33 - 00604928 _____ (Reimage) C:\Users\HP\Downloads\ReimageRepair (1).exe
2017-01-27 23:32 - 2017-01-27 23:32 - 00604928 _____ (Reimage) C:\Users\HP\Downloads\ReimageRepair.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 20:43 - 2016-03-02 17:21 - 00058016 _____ C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-26 20:41 - 2009-07-14 05:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-26 20:41 - 2009-07-14 05:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-26 20:35 - 2016-03-12 18:29 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype
2017-02-26 20:30 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-24 19:30 - 2016-03-02 17:26 - 00807000 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-24 19:30 - 2016-03-02 17:26 - 00144984 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-24 19:30 - 2016-03-02 17:26 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-20 18:52 - 2016-03-02 16:51 - 00000000 ____D C:\Users\HP
2017-02-20 14:39 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-11 20:18 - 2016-03-12 18:29 - 00000000 ____D C:\ProgramData\Skype
2017-02-07 21:08 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-02-07 18:15 - 2016-03-02 17:40 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 18:10 - 2017-01-16 17:56 - 00000000 ____D C:\Users\HP\AppData\Roaming\PhotoScape
2017-02-07 18:07 - 2016-07-29 20:55 - 00000000 ___RD C:\Program Files\Skype

Some files in TEMP:
====================
2017-02-20 16:18 - 2017-02-20 16:18 - 0004608 _____ () C:\Users\HP\AppData\Local\Temp\g51yyu05.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-19 10:38

==================== End of FRST.txt ============================



https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop.


Arrow Kada preuzimanje bude zavrseno:

Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija.
Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan.
Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke.
Ako ti zatrazi da restartujes racunar, klikni na Reboot.
Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje.


Arrow Nakon toga, potrebno je da dostavis izvestaj/e:

Na tastaturi pritisni + R u isto vreme.
Kopiraj sledecu komandu i potvrdi sa OK:
%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports
Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3465
  • Gde živiš: KRAGUJEVAC

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kakvo je sada stanje?

Pokreni mi ponovo FRST scan i dostavi oba izvestaja.

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3465
  • Gde živiš: KRAGUJEVAC

Napisano: 27 Feb 2017 22:47

mScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2017
Ran by HP (administrator) on HP-PC (27-02-2017 22:40:08)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\RunOnce: [Zemana AntiMalware] => C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\MountPoints2: {d9dfc6c9-e08d-11e5-b6b3-806e6f6e6963} - E:\DriverPackSolution.exe
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-26] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{C4A14250-1DC1-4975-A0DE-1CA10F1EAED0}: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{FFAC5FD7-C0CE-45F9-8BB3-42DEC9AA31F3}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-02] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-26] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 1ozauf9a.default
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default [2017-02-27]
FF NewTab: Mozilla\Firefox\Profiles\1ozauf9a.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered
FF Extension: (Firefox Hotfix) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-26] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.rs/"
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-02-27]
CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-02]
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-03]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03]
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-03]
CHR Extension: (Avast SafePrice) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-17]
CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-602383084-879286083-1166823298-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-20] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [40256 2017-02-07] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2012-10-24] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36856 2012-12-25] (IVT Corporation.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59976 2017-01-20] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [152512 2017-02-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [94656 2017-02-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-02-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219584 2017-02-27] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2017-02-27] (Malwarebytes)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3485952 2009-05-20] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-27] (Zemana Ltd.)
S0 ZAM_EarlyBoot; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-27] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-02-27] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 22:40 - 2017-02-27 22:40 - 00014319 _____ C:\Users\HP\Desktop\FRST.txt
2017-02-27 22:40 - 2017-02-27 22:40 - 00000000 ____D C:\Users\HP\Desktop\FRST-OlderVersion
2017-02-27 22:40 - 2017-02-27 22:40 - 00000000 _____ C:\Users\HP\Downloads\New Text Document.txt
2017-02-27 19:10 - 2017-02-27 19:12 - 00008270 _____ C:\Users\HP\Desktop\2017.02.27-19.05.06-i0-t92-d15.txt
2017-02-27 19:04 - 2017-02-27 22:40 - 00035979 _____ C:\Windows\ZAM.krnl.trace
2017-02-27 19:04 - 2017-02-27 22:40 - 00017395 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-02-27 19:04 - 2017-02-27 19:04 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2017-02-27 17:35 - 2017-02-27 17:35 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-02-27 17:35 - 2017-02-27 17:35 - 00001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-02-27 17:35 - 2017-02-27 17:35 - 00000000 ____D C:\Users\HP\AppData\Local\Zemana
2017-02-27 17:35 - 2017-02-27 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-27 17:35 - 2017-02-27 17:35 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-02-27 17:22 - 2017-02-27 17:22 - 05677776 _____ (Zemana Ltd. ) C:\Users\HP\Desktop\Zemana.AntiMalware.Setup.exe
2017-02-26 21:10 - 2017-02-26 21:10 - 00000000 ____D C:\Program Files\Common Files\Java
2017-02-26 20:58 - 2017-02-26 20:58 - 00152512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-26 20:57 - 2017-02-27 19:15 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-26 20:57 - 2017-02-27 19:02 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-26 20:57 - 2017-02-27 19:02 - 00094656 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-26 20:57 - 2017-02-27 19:02 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-26 20:57 - 2017-02-26 20:57 - 00002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-26 20:57 - 2017-02-26 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-26 20:57 - 2017-02-26 20:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-26 20:57 - 2017-02-26 20:57 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-26 20:57 - 2017-01-20 07:47 - 00059976 _____ C:\Windows\system32\Drivers\mbae.sys
2017-02-26 20:46 - 2017-02-27 22:40 - 00000000 ____D C:\FRST
2017-02-26 20:44 - 2017-02-27 22:40 - 01765376 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2017-02-26 20:37 - 2017-02-27 18:44 - 00000000 ____D C:\Program Files\TeamViewer
2017-02-26 20:37 - 2017-02-26 20:37 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-26 20:37 - 2017-02-26 20:37 - 00000993 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-26 20:37 - 2017-02-26 20:37 - 00000000 ____D C:\Users\HP\AppData\Roaming\TeamViewer
2017-02-24 20:06 - 2017-02-24 20:11 - 00000000 ____D C:\Users\HP\Desktop\New folder
2017-02-24 19:30 - 2017-02-24 19:30 - 20607064 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-02-20 14:43 - 2017-02-26 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-02-20 14:43 - 2017-02-26 21:11 - 00000000 ____D C:\ProgramData\WinZip
2017-02-20 14:42 - 2017-02-20 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\Desktop\Chromium.lnk
2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Roaming\Dropbox
2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Local\chromium
2017-02-20 14:39 - 2017-02-27 22:38 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-20 14:39 - 2017-02-27 19:00 - 00000884 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-20 14:39 - 2017-02-20 14:39 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-02-20 14:38 - 2017-02-20 15:00 - 00000000 ____D C:\Program Files\Dropbox
2017-02-20 14:38 - 2017-02-20 14:42 - 00000000 ____D C:\Users\HP\AppData\Local\Dropbox
2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\ProgramData\Dropbox
2017-02-07 18:07 - 2017-02-07 18:07 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-02-07 05:38 - 2017-02-07 05:38 - 00040256 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 19:08 - 2009-07-14 05:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-27 19:08 - 2009-07-14 05:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-27 19:05 - 2016-03-02 16:51 - 00000000 ____D C:\Users\HP
2017-02-27 19:00 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-26 21:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-02-26 21:52 - 2009-07-14 05:33 - 00269104 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-26 21:50 - 2016-03-12 18:29 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype
2017-02-26 21:30 - 2017-01-13 20:29 - 00000000 ____D C:\Users\HP\Desktop\cv
2017-02-26 21:15 - 2016-03-02 17:27 - 00000000 ____D C:\ProgramData\Oracle
2017-02-26 21:13 - 2016-03-02 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-26 21:13 - 2016-03-02 17:27 - 00000000 ____D C:\Program Files\Java
2017-02-26 21:09 - 2016-03-02 17:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-02-26 20:43 - 2016-03-02 17:21 - 00058016 _____ C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-24 19:30 - 2016-03-02 17:26 - 00807000 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-24 19:30 - 2016-03-02 17:26 - 00144984 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-24 19:30 - 2016-03-02 17:26 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-20 14:39 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-11 20:18 - 2016-03-12 18:29 - 00000000 ____D C:\ProgramData\Skype
2017-02-07 18:15 - 2016-03-02 17:40 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 18:10 - 2017-01-16 17:56 - 00000000 ____D C:\Users\HP\AppData\Roaming\PhotoScape
2017-02-07 18:07 - 2016-07-29 20:55 - 00000000 ___RD C:\Program Files\Skype

Some files in TEMP:
====================
2017-02-26 21:07 - 2017-02-26 21:07 - 0739904 _____ (Oracle Corporation) C:\Users\HP\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-27 17:44 - 2017-02-27 17:44 - 0003584 _____ () C:\Users\HP\AppData\Local\Temp\xkjcon96.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-27 19:45

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

Dopuna: 27 Feb 2017 22:48

Bolje je , bolje je .

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Hajde jos da pocistimo ostatke i to je to:

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
cmd: ipconfig /flushdns
hosts:
Task: {0ACFC7D4-E3FF-4DF4-9065-821D60FEB429} - \ByteFence -> No File <==== ATTENTION
Task: {91D027E0-595D-4D90-AA6B-678880222CEF} - \ByteFence Scan -> No File <==== ATTENTION
HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\MountPoints2: {d9dfc6c9-e08d-11e5-b6b3-806e6f6e6963} - E:\DriverPackSolution.exe
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NewTab: Mozilla\Firefox\Profiles\1ozauf9a.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered
CHR StartupUrls: Default -> "hxxps://www.google.rs/"
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-602383084-879286083-1166823298-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-02-20 14:39 - 2017-02-20 14:39 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-02-20 14:39 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{C4A14250-1DC1-4975-A0DE-1CA10F1EAED0}: [DhcpNameServer] 195.34.133.21 212.186.211.21
2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\Desktop\Chromium.lnk
2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Local\chromium


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3465
  • Gde živiš: KRAGUJEVAC

Napisano: 01 Mar 2017 17:02

TwinHeadedEagle ::Hajde jos da pocistimo ostatke i to je to:

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
cmd: ipconfig /flushdns
hosts:
Task: {0ACFC7D4-E3FF-4DF4-9065-821D60FEB429} - \ByteFence -> No File <==== ATTENTION
Task: {91D027E0-595D-4D90-AA6B-678880222CEF} - \ByteFence Scan -> No File <==== ATTENTION
HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\MountPoints2: {d9dfc6c9-e08d-11e5-b6b3-806e6f6e6963} - E:\DriverPackSolution.exe
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NewTab: Mozilla\Firefox\Profiles\1ozauf9a.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered
CHR StartupUrls: Default -> "hxxps://www.google.rs/"
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-602383084-879286083-1166823298-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-02-20 14:39 - 2017-02-20 14:39 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-02-20 14:39 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{C4A14250-1DC1-4975-A0DE-1CA10F1EAED0}: [DhcpNameServer] 195.34.133.21 212.186.211.21
2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\Desktop\Chromium.lnk
2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Local\chromium


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.


Kada pokrenem FRST/FIX a orethidno ubačen text u Notepad, lap top zakuca i samo se restartuje. Stalno.

Dopuna: 02 Mar 2017 21:34

U čemu je problem THE?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ne znam na kakav problem mislis?

Probaj da pokrenes fix u Safe Mode.

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3465
  • Gde živiš: KRAGUJEVAC

TwinHeadedEagle ::Ne znam na kakav problem mislis?

Probaj da pokrenes fix u Safe Mode.



Kad unesem text u notepad zatim pokrenem FRST/FIX, lap top zabaguje i restartuje se. Ok.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Mozes li da probas Safe Mode?

Ko je trenutno na forumu
 

Ukupno su 739 korisnika na forumu :: 43 registrovanih, 9 sakrivenih i 687 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, bankulen, bivsi, BraneS, cenejac111, damirZR, djo97, dozorni, dragon986, Duh sa sekirom, flash12, Georgius, gile58, girici2, I AM THE KING, ikan, Insan, Jester, Komentator, komkom, kovac9mm, Marko Marković, mercedesamg, mrvica78, nemkea71, nuke92, ozzy, proka89, RJ, royst33, Sirius, Snorks, Sr.Stat., Srky Boy, ssekir75, StepskiVuk, Toni, USSVoyager, vlvl, yufighter, |_MeD_|, 223223