MyCity » Ambulanta -> Arhiva Ambulante » Provera

Provera

Napisano na dan: 26.2.2017

Provera

Odgovori

dejanod Poslao: 26 Feb 2017 23:13 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Malware bytes je našao preko 300 malware-a, lap top totalno bio usporio . Jedino Avast detektovao da Java nije updejtovana . ADSL 10MB/S koristim. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2017 Ran by HP (administrator) on HP-PC (26-02-2017 20:46:43) Running from C:\Users\HP\Desktop Loaded Profiles: HP (Available Profiles: HP) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Sonix) C:\Windows\vsnp2uvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Nullsoft) C:\Program Files\Winamp\winampa.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSrv.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (The Chromium Authors) C:\Users\HP\AppData\Local\chromium\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe () C:\Program Files\WinZip Driver Updater\DriverUpdater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (The Chromium Authors) C:\Users\HP\AppData\Local\chromium\Application\chrome.exe (The Chromium Authors) C:\Users\HP\AppData\Local\chromium\Application\chrome.exe (The Chromium Authors) C:\Users\HP\AppData\Local\chromium\Application\chrome.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1667164 2012-10-24] (IDT, Inc.) HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [39424 2009-12-17] (Nullsoft) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.) HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.) HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\Run: [Chromium] => c:\users\hp\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\Run: [GoogleChromeAutoLaunch_43F8308EBB0847458B3FC61550B2903B] => C:\Users\HP\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-21] (The Chromium Authors) HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\MountPoints2: {d9dfc6c9-e08d-11e5-b6b3-806e6f6e6963} - E:\DriverPackSolution.exe ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-26] (AVAST Software) GroupPolicy: Restriction ? <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 Tcpip\..\Interfaces\{C4A14250-1DC1-4975-A0DE-1CA10F1EAED0}: [DhcpNameServer] 195.34.133.21 212.186.211.21 Tcpip\..\Interfaces\{FFAC5FD7-C0CE-45F9-8BB3-42DEC9AA31F3}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKU\S-1-5-21-602383084-879286083-1166823298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-23] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-02] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-23] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 1ozauf9a.default FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default [2017-02-26] FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered FF NewTab: Mozilla\Firefox\Profiles\1ozauf9a.default -> about:newtab FF Homepage: Mozilla\Firefox\Profiles\1ozauf9a.default -> hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_17_08&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyByB0ByDyC0AyCtDyEyBtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0AyEyC0AyEzz0CtGtByB0EtDtGyDzy0A0CtGtCtA0C0CtG0E0FtByDtAtAyB0CtDtC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDyByE0F0CyBzytGtD0A0CtCtGyE0FtByDtGzyzzzy0CtGyDtDyByByDyC0B0F0AyEtAtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtDyByE%26cr%3D1304626930%26a%3Dwbf_tggl_17_08%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate FF Keyword.URL: Mozilla\Firefox\Profiles\1ozauf9a.default -> user_pref("keyword.URL", true); FF Extension: (Firefox Hotfix) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-12] FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default\searchplugins\yahoo! powered.xml [2017-02-20] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26] FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-23] (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.rs/" CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-02-26] CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-02] CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-03] CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03] CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03] CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-03] CHR Extension: (Avast SafePrice) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-17] CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-02] CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Avast Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-05] CHR Extension: (StartWidget) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcicildfhbfklckjilcpacpphfacecab [2017-02-20] CHR Extension: (Search Manager) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-02-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22] CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03] CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found> CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-602383084-879286083-1166823298-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software) S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2017-01-18] (Byte Technologies LLC) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-20] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-20] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [40256 2017-02-07] (Dropbox, Inc.) R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-02-20] () R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2012-10-24] (IDT, Inc.) [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-26] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-26] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-26] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-26] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-26] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36856 2012-12-25] (IVT Corporation.) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3485952 2009-05-20] () S3 dbx; system32\DRIVERS\dbx.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-26 20:46 - 2017-02-26 20:47 - 00021129 _____ C:\Users\HP\Desktop\FRST.txt 2017-02-26 20:46 - 2017-02-26 20:46 - 00000000 ____D C:\FRST 2017-02-26 20:44 - 2017-02-26 20:44 - 01765376 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe 2017-02-26 20:40 - 2017-02-26 20:40 - 00000000 _____ C:\Users\HP\Downloads\New Text Document.txt 2017-02-26 20:37 - 2017-02-26 20:37 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-02-26 20:37 - 2017-02-26 20:37 - 00000993 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-02-26 20:37 - 2017-02-26 20:37 - 00000000 ____D C:\Users\HP\AppData\Roaming\TeamViewer 2017-02-26 20:37 - 2017-02-26 20:37 - 00000000 ____D C:\Program Files\TeamViewer 2017-02-26 20:33 - 2017-02-26 20:34 - 12973560 _____ (TeamViewer GmbH) C:\Users\HP\Downloads\TeamViewer_Setup_sr.exe 2017-02-24 20:06 - 2017-02-24 20:11 - 00000000 ____D C:\Users\HP\Desktop\New folder 2017-02-24 19:30 - 2017-02-24 19:30 - 20607064 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2017-02-20 19:00 - 2017-02-20 19:00 - 00035237 _____ C:\Users\HP\Downloads\Lebenslauf Herbert Fabigan (1) (1).pdf 2017-02-20 18:55 - 2017-02-20 18:55 - 00035237 _____ C:\Users\HP\Downloads\Lebenslauf Herbert Fabigan (1).pdf 2017-02-20 15:42 - 2017-02-20 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware 2017-02-20 15:15 - 2017-02-20 15:15 - 00026006 _____ C:\Users\HP\Downloads\Lebenslauf Zorica Fabigan (1).pdf 2017-02-20 15:14 - 2017-02-20 15:14 - 00006814 _____ C:\Users\HP\Downloads\Unconfirmed 732846.crdownload 2017-02-20 15:14 - 2017-02-20 15:14 - 00006814 _____ C:\Users\HP\Downloads\CV-Europass-20170113-Fabigan-DE (2).xml 2017-02-20 14:49 - 2017-02-20 14:49 - 00000000 ____D C:\ProgramData\ByteFence 2017-02-20 14:43 - 2017-02-26 20:30 - 00000296 _____ C:\Windows\Tasks\Start WinZip Driver Updater for HP-PC@HP(logon).job 2017-02-20 14:43 - 2017-02-23 17:47 - 00000000 ____D C:\Program Files\WinZip Driver Updater 2017-02-20 14:43 - 2017-02-20 14:43 - 00001085 _____ C:\Users\Public\Desktop\WinZip Driver Updater.lnk 2017-02-20 14:43 - 2017-02-20 14:43 - 00000000 ____D C:\ProgramData\WinZip 2017-02-20 14:43 - 2017-02-20 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2017-02-20 14:42 - 2017-02-20 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-20 14:40 - 2017-02-20 14:40 - 00002239 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2017-02-20 14:40 - 2017-02-20 14:40 - 00002231 _____ C:\Users\HP\Desktop\Chromium.lnk 2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Roaming\Dropbox 2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Local\chromium 2017-02-20 14:39 - 2017-02-26 20:44 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-20 14:39 - 2017-02-26 20:39 - 00000972 _____ C:\Windows\Tasks\Yahoo! Powered tafor.job 2017-02-20 14:39 - 2017-02-26 20:39 - 00000000 ____D C:\ProgramData\{57AF92CC-DDED-180A-5B2B-8648C1690D86} 2017-02-20 14:39 - 2017-02-26 20:30 - 00000884 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-20 14:39 - 2017-02-20 14:39 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk 2017-02-20 14:39 - 2017-02-20 14:39 - 00001007 _____ C:\Users\Public\Desktop\Booking.com.lnk 2017-02-20 14:39 - 2017-02-20 14:39 - 00000344 __RSH C:\ProgramData\ntuser.pol 2017-02-20 14:39 - 2017-02-20 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com 2017-02-20 14:39 - 2017-02-20 14:39 - 00000000 ____D C:\Program Files\Booking.com 2017-02-20 14:38 - 2017-02-26 20:36 - 00000000 ____D C:\Program Files\ByteFence 2017-02-20 14:38 - 2017-02-20 15:00 - 00000000 ____D C:\Program Files\Dropbox 2017-02-20 14:38 - 2017-02-20 14:42 - 00000000 ____D C:\Users\HP\AppData\Local\Dropbox 2017-02-20 14:38 - 2017-02-20 14:41 - 00000000 ____D C:\Users\HP\AppData\Local\{3EED08B1-1A45-6409-77DD-41E153B5BD79} 2017-02-20 14:38 - 2017-02-20 14:38 - 407010384 _____ (Microsoft Corporation) C:\Users\HP\Downloads\microsoft-office-professional-2007 [1].exe 2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\ProgramData\Dropbox 2017-02-20 14:37 - 2017-02-20 14:37 - 01237624 _____ ( ) C:\Users\HP\Downloads\microsoft-office-professional-2007.exe 2017-02-12 10:44 - 2017-02-12 10:44 - 00714584 _____ C:\Users\HP\Downloads\crni.htm 2017-02-12 10:43 - 2017-02-12 10:43 - 00715795 _____ C:\Users\HP\Downloads\jaa.htm 2017-02-12 10:17 - 2017-02-12 10:17 - 01208094 _____ C:\Users\HP\Downloads\(4) Andjela i nadja.html 2017-02-12 10:17 - 2017-02-12 10:17 - 00000000 ____D C:\Users\HP\Downloads\(4) Andjela i nadja_files 2017-02-07 18:07 - 2017-02-07 18:07 - 00000000 ____D C:\Program Files\Common Files\Skype 2017-02-07 05:38 - 2017-02-07 05:38 - 00040256 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-01-27 23:34 - 2017-01-27 23:34 - 00604928 _____ (Reimage) C:\Users\HP\Downloads\ReimageRepair (2).exe 2017-01-27 23:33 - 2017-01-27 23:33 - 00604928 _____ (Reimage) C:\Users\HP\Downloads\ReimageRepair (1).exe 2017-01-27 23:32 - 2017-01-27 23:32 - 00604928 _____ (Reimage) C:\Users\HP\Downloads\ReimageRepair.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-26 20:43 - 2016-03-02 17:21 - 00058016 _____ C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-26 20:41 - 2009-07-14 05:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-26 20:41 - 2009-07-14 05:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-26 20:35 - 2016-03-12 18:29 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype 2017-02-26 20:30 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-24 19:30 - 2016-03-02 17:26 - 00807000 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-02-24 19:30 - 2016-03-02 17:26 - 00144984 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-02-24 19:30 - 2016-03-02 17:26 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-20 18:52 - 2016-03-02 16:51 - 00000000 ____D C:\Users\HP 2017-02-20 14:39 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-02-11 20:18 - 2016-03-12 18:29 - 00000000 ____D C:\ProgramData\Skype 2017-02-07 21:08 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2017-02-07 18:15 - 2016-03-02 17:40 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 18:10 - 2017-01-16 17:56 - 00000000 ____D C:\Users\HP\AppData\Roaming\PhotoScape 2017-02-07 18:07 - 2016-07-29 20:55 - 00000000 ___RD C:\Program Files\Skype Some files in TEMP: ==================== 2017-02-20 16:18 - 2017-02-20 16:18 - 0004608 _____ () C:\Users\HP\AppData\Local\Temp\g51yyu05.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-19 10:38 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 27 Feb 2017 00:08 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop. Kada preuzimanje bude zavrseno: Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija. Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan. Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke. Ako ti zatrazi da restartujes racunar, klikni na Reboot. Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje. Nakon toga, potrebno je da dostavis izvestaj/e: Na tastaturi pritisni + R u isto vreme. Kopiraj sledecu komandu i potvrdi sa OK: `%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports` Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

Profil

dejanod Poslao: 27 Feb 2017 19:19 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 27 Feb 2017 20:29 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Pokreni mi ponovo FRST scan i dostavi oba izvestaja.

Profil

dejanod Poslao: 27 Feb 2017 22:48 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 27 Feb 2017 22:47 mScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2017 Ran by HP (administrator) on HP-PC (27-02-2017 22:40:08) Running from C:\Users\HP\Desktop Loaded Profiles: HP (Available Profiles: HP) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM\...\RunOnce: [Zemana AntiMalware] => C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\MountPoints2: {d9dfc6c9-e08d-11e5-b6b3-806e6f6e6963} - E:\DriverPackSolution.exe ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-26] (AVAST Software) GroupPolicy: Restriction ? <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 Tcpip\..\Interfaces\{C4A14250-1DC1-4975-A0DE-1CA10F1EAED0}: [DhcpNameServer] 195.34.133.21 212.186.211.21 Tcpip\..\Interfaces\{FFAC5FD7-C0CE-45F9-8BB3-42DEC9AA31F3}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-26] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-02] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-26] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 1ozauf9a.default FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default [2017-02-27] FF NewTab: Mozilla\Firefox\Profiles\1ozauf9a.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered FF Extension: (Firefox Hotfix) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\1ozauf9a.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-12] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26] FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-26] (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.rs/" CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-02-27] CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-02] CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-03] CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03] CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03] CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-03] CHR Extension: (Avast SafePrice) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-17] CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-02] CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Avast Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22] CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03] CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found> CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CHR HKU\S-1-5-21-602383084-879286083-1166823298-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-20] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-20] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [40256 2017-02-07] (Dropbox, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes) R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2012-10-24] (IDT, Inc.) [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-26] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-26] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-26] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-26] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-26] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36856 2012-12-25] (IVT Corporation.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59976 2017-01-20] () R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [152512 2017-02-26] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [94656 2017-02-27] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-02-27] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219584 2017-02-27] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2017-02-27] (Malwarebytes) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3485952 2009-05-20] () R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-27] (Zemana Ltd.) S0 ZAM_EarlyBoot; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-27] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-02-27] (Zemana Ltd.) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-27 22:40 - 2017-02-27 22:40 - 00014319 _____ C:\Users\HP\Desktop\FRST.txt 2017-02-27 22:40 - 2017-02-27 22:40 - 00000000 ____D C:\Users\HP\Desktop\FRST-OlderVersion 2017-02-27 22:40 - 2017-02-27 22:40 - 00000000 _____ C:\Users\HP\Downloads\New Text Document.txt 2017-02-27 19:10 - 2017-02-27 19:12 - 00008270 _____ C:\Users\HP\Desktop\2017.02.27-19.05.06-i0-t92-d15.txt 2017-02-27 19:04 - 2017-02-27 22:40 - 00035979 _____ C:\Windows\ZAM.krnl.trace 2017-02-27 19:04 - 2017-02-27 22:40 - 00017395 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-02-27 19:04 - 2017-02-27 19:04 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys 2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics 2017-02-27 17:35 - 2017-02-27 17:35 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys 2017-02-27 17:35 - 2017-02-27 17:35 - 00001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-02-27 17:35 - 2017-02-27 17:35 - 00000000 ____D C:\Users\HP\AppData\Local\Zemana 2017-02-27 17:35 - 2017-02-27 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-02-27 17:35 - 2017-02-27 17:35 - 00000000 ____D C:\Program Files\Zemana AntiMalware 2017-02-27 17:22 - 2017-02-27 17:22 - 05677776 _____ (Zemana Ltd. ) C:\Users\HP\Desktop\Zemana.AntiMalware.Setup.exe 2017-02-26 21:10 - 2017-02-26 21:10 - 00000000 ____D C:\Program Files\Common Files\Java 2017-02-26 20:58 - 2017-02-26 20:58 - 00152512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-02-26 20:57 - 2017-02-27 19:15 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-02-26 20:57 - 2017-02-27 19:02 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-26 20:57 - 2017-02-27 19:02 - 00094656 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-02-26 20:57 - 2017-02-27 19:02 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-02-26 20:57 - 2017-02-26 20:57 - 00002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-26 20:57 - 2017-02-26 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-26 20:57 - 2017-02-26 20:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-26 20:57 - 2017-02-26 20:57 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-26 20:57 - 2017-01-20 07:47 - 00059976 _____ C:\Windows\system32\Drivers\mbae.sys 2017-02-26 20:46 - 2017-02-27 22:40 - 00000000 ____D C:\FRST 2017-02-26 20:44 - 2017-02-27 22:40 - 01765376 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe 2017-02-26 20:37 - 2017-02-27 18:44 - 00000000 ____D C:\Program Files\TeamViewer 2017-02-26 20:37 - 2017-02-26 20:37 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-02-26 20:37 - 2017-02-26 20:37 - 00000993 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-02-26 20:37 - 2017-02-26 20:37 - 00000000 ____D C:\Users\HP\AppData\Roaming\TeamViewer 2017-02-24 20:06 - 2017-02-24 20:11 - 00000000 ____D C:\Users\HP\Desktop\New folder 2017-02-24 19:30 - 2017-02-24 19:30 - 20607064 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2017-02-20 14:43 - 2017-02-26 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2017-02-20 14:43 - 2017-02-26 21:11 - 00000000 ____D C:\ProgramData\WinZip 2017-02-20 14:42 - 2017-02-20 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\Desktop\Chromium.lnk 2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Roaming\Dropbox 2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Local\chromium 2017-02-20 14:39 - 2017-02-27 22:38 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-20 14:39 - 2017-02-27 19:00 - 00000884 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-20 14:39 - 2017-02-20 14:39 - 00000344 __RSH C:\ProgramData\ntuser.pol 2017-02-20 14:38 - 2017-02-20 15:00 - 00000000 ____D C:\Program Files\Dropbox 2017-02-20 14:38 - 2017-02-20 14:42 - 00000000 ____D C:\Users\HP\AppData\Local\Dropbox 2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\ProgramData\Dropbox 2017-02-07 18:07 - 2017-02-07 18:07 - 00000000 ____D C:\Program Files\Common Files\Skype 2017-02-07 05:38 - 2017-02-07 05:38 - 00040256 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-27 19:08 - 2009-07-14 05:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-27 19:08 - 2009-07-14 05:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-27 19:05 - 2016-03-02 16:51 - 00000000 ____D C:\Users\HP 2017-02-27 19:00 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-26 21:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2017-02-26 21:52 - 2009-07-14 05:33 - 00269104 _____ C:\Windows\system32\FNTCACHE.DAT 2017-02-26 21:50 - 2016-03-12 18:29 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype 2017-02-26 21:30 - 2017-01-13 20:29 - 00000000 ____D C:\Users\HP\Desktop\cv 2017-02-26 21:15 - 2016-03-02 17:27 - 00000000 ____D C:\ProgramData\Oracle 2017-02-26 21:13 - 2016-03-02 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-02-26 21:13 - 2016-03-02 17:27 - 00000000 ____D C:\Program Files\Java 2017-02-26 21:09 - 2016-03-02 17:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2017-02-26 20:43 - 2016-03-02 17:21 - 00058016 _____ C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-24 19:30 - 2016-03-02 17:26 - 00807000 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-02-24 19:30 - 2016-03-02 17:26 - 00144984 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-02-24 19:30 - 2016-03-02 17:26 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-20 14:39 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-02-11 20:18 - 2016-03-12 18:29 - 00000000 ____D C:\ProgramData\Skype 2017-02-07 18:15 - 2016-03-02 17:40 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 18:10 - 2017-01-16 17:56 - 00000000 ____D C:\Users\HP\AppData\Roaming\PhotoScape 2017-02-07 18:07 - 2016-07-29 20:55 - 00000000 ___RD C:\Program Files\Skype Some files in TEMP: ==================== 2017-02-26 21:07 - 2017-02-26 21:07 - 0739904 _____ (Oracle Corporation) C:\Users\HP\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-02-27 17:44 - 2017-02-27 17:44 - 0003584 _____ () C:\Users\HP\AppData\Local\Temp\xkjcon96.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-27 19:45 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png Dopuna: 27 Feb 2017 22:48 Bolje je , bolje je .

Profil

TwinHeadedEagle Poslao: 27 Feb 2017 23:04 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajde jos da pocistimo ostatke i to je to: 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: createrestorepoint: closeprocesses: emptytemp: cmd: ipconfig /flushdns hosts: Task: {0ACFC7D4-E3FF-4DF4-9065-821D60FEB429} - \ByteFence -> No File <==== ATTENTION Task: {91D027E0-595D-4D90-AA6B-678880222CEF} - \ByteFence Scan -> No File <==== ATTENTION HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\MountPoints2: {d9dfc6c9-e08d-11e5-b6b3-806e6f6e6963} - E:\DriverPackSolution.exe GroupPolicy: Restriction ? <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF NewTab: Mozilla\Firefox\Profiles\1ozauf9a.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered CHR StartupUrls: Default -> "hxxps://www.google.rs/" CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found> CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CHR HKU\S-1-5-21-602383084-879286083-1166823298-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx S3 dbx; system32\DRIVERS\dbx.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2017-02-20 14:39 - 2017-02-20 14:39 - 00000344 __RSH C:\ProgramData\ntuser.pol 2017-02-20 14:39 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 Tcpip\..\Interfaces\{C4A14250-1DC1-4975-A0DE-1CA10F1EAED0}: [DhcpNameServer] 195.34.133.21 212.186.211.21 2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\Desktop\Chromium.lnk 2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Local\chromium 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

dejanod Poslao: 02 Mar 2017 21:34 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 01 Mar 2017 17:02 TwinHeadedEagle ::Hajde jos da pocistimo ostatke i to je to: 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: createrestorepoint: closeprocesses: emptytemp: cmd: ipconfig /flushdns hosts: Task: {0ACFC7D4-E3FF-4DF4-9065-821D60FEB429} - \ByteFence -> No File <==== ATTENTION Task: {91D027E0-595D-4D90-AA6B-678880222CEF} - \ByteFence Scan -> No File <==== ATTENTION HKU\S-1-5-21-602383084-879286083-1166823298-1000\...\MountPoints2: {d9dfc6c9-e08d-11e5-b6b3-806e6f6e6963} - E:\DriverPackSolution.exe GroupPolicy: Restriction ? <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-602383084-879286083-1166823298-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF NewTab: Mozilla\Firefox\Profiles\1ozauf9a.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1ozauf9a.default -> Yahoo! Powered CHR StartupUrls: Default -> "hxxps://www.google.rs/" CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found> CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CHR HKU\S-1-5-21-602383084-879286083-1166823298-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx S3 dbx; system32\DRIVERS\dbx.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2017-02-20 14:39 - 2017-02-20 14:39 - 00000344 __RSH C:\ProgramData\ntuser.pol 2017-02-20 14:39 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 Tcpip\..\Interfaces\{C4A14250-1DC1-4975-A0DE-1CA10F1EAED0}: [DhcpNameServer] 195.34.133.21 212.186.211.21 2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\Desktop\Chromium.lnk 2017-02-20 14:40 - 2017-02-27 19:12 - 00001134 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2017-02-20 14:40 - 2017-02-20 14:40 - 00000000 ____D C:\Users\HP\AppData\Local\chromium 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a. Kada pokrenem FRST/FIX a orethidno ubačen text u Notepad, lap top zakuca i samo se restartuje. Stalno. Dopuna: 02 Mar 2017 21:34 U čemu je problem THE?

Profil

TwinHeadedEagle Poslao: 02 Mar 2017 22:39 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne znam na kakav problem mislis? Probaj da pokrenes fix u Safe Mode.

Profil

dejanod Poslao: 03 Mar 2017 15:01 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! TwinHeadedEagle ::Ne znam na kakav problem mislis? Probaj da pokrenes fix u Safe Mode. Kad unesem text u notepad zatim pokrenem FRST/FIX, lap top zabaguje i restartuje se. Ok.

Profil

TwinHeadedEagle Poslao: 04 Mar 2017 00:36 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mozes li da probas Safe Mode?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera

Ko je trenutno na forumu

Ukupno su 1042 korisnika na forumu :: 35 registrovanih, 5 sakrivenih i 1002 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Ben Roj, branko7, Bubimir, DeerHunter, dozorni, DPera, draganca, draganl, dragon986, Fog of War, Frunze, Grond, hyla, ILGromovnik, kubura91, kybonacci, Libertas, ljuba, Mercury, Metanoja, Milometer, MiroslavD, novator, ozzy, Panter, raketaš, Regrut Boskica, ruma, Sir Budimir, sokars, styg, suton, t84dar, Trpe Grozni, wulfy

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by