isearch.omiga-plus 2

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I ja sam zaradio ovo sr*nje, pravi mi haos na kompu...

Evo Farbar izveštaja

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-01-2015
Ran by User (administrator) on USER-PC on 07-01-2015 11:49:41
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(IObit) G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files\Reverse Page\updateReversePage.exe
() C:\Program Files\Reverse Page\bin\utilReversePage.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Reverse Page\bin\ReversePage.BrowserAdapter.exe
() C:\Program Files\Reverse Page\bin\ReversePage.PurBrowse.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9210400 2010-04-30] (Realtek Semiconductor)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe [1704296 2014-06-13] (Baidu, Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [583680 2012-03-12] (MyCity)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-22] (Google Inc.)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No File
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No File
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll (Baidu, Inc.)
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: No Name -> {4A5D9FC0-AA0B-871C-281D-C30F27577B10} -> No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5482A6DC-10A1-FED7-2DBB-A1C8B0EF6012} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Reverse Page 1.0.0.6 -> {83dc36e5-db3f-461a-8fbc-245e44000b1f} -> C:\Program Files\Reverse Page\ReversePageBHO.dll (Reverse Page)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\Windows\wc98pp.dll ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.10.2.69 10.10.2.79

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Homepage: [Link mogu videti samo ulogovani korisnici]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @live.heroesandgenerals.com/npretox -> D:\GAME\BF3\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\searchplugins\ybqs-yandex.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\artur.dubovoy@gmail.com [2014-12-29]
FF Extension: Battlefield Play4Free - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\battlefieldplay4free@ea.com [2013-04-12]
FF Extension: Fast Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\faststartff@gmail.com [2015-01-05]
FF Extension: FF Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\fftoolbar2014@etech.com [2015-01-05]
FF Extension: EZ to MP3 Converter - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\youtube-mp3@eztomp3.com [2012-12-14]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Gmail Watcher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\gmailwatcher@sonthakit.xpi [2013-06-01]
FF Extension: Test Pilot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\testpilot@labs.mozilla.com.xpi [2014-02-18]
FF Extension: PageTweak - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi [2013-10-28]
FF Extension: AniWeather - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2012-02-14]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2012-12-30]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-31]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-31]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe [Link mogu videti samo ulogovani korisnici]

Chrome:
=======
CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici]
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420493782&from=ild&uid=MAXTORX6L040J2_362207829596"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSearchURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-25]
CHR Extension: (Google диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-25]
CHR Extension: (Google претрага) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-25]
CHR Extension: (EZ to MP3 Converter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpcomnokkgidfbnbfhfpofbgieghedec [2012-10-13]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-25]
CHR Extension: (Google новчаник) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Reverse Page) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\omclekmbhffgaogaelibnocjbaoelojj [2015-01-07]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-25]
CHR HKLM\...\Chrome\Extension: [dpcomnokkgidfbnbfhfpofbgieghedec] - C:\Program Files\EzToMP3\eztomp3.crx [2012-09-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe [Link mogu videti samo ulogovani korisnici]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-10-28] (SUPERAntiSpyware.com) [File not signed]
R2 BAVSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248 2014-06-13] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432 2014-06-13] (Baidu, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-07-15] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Update Reverse Page; C:\Program Files\Reverse Page\updateReversePage.exe [529144 2015-01-07] ()
R2 Util Reverse Page; C:\Program Files\Reverse Page\bin\utilReversePage.exe [529144 2015-01-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-08-07] ()
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [121184 2014-03-26] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [21152 2014-05-27] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [48448 2014-05-27] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [29504 2014-05-27] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [94976 2014-01-14] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [70496 2014-05-27] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [51584 2014-05-27] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [157504 2014-06-13] (Baidu, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-26] (Disc Soft Ltd)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [17504 2012-01-12] ( )
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-08-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 Spring; C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys [96608 2014-06-16] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-23] (Microsoft Corporation)
R3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
R1 {d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw; C:\Windows\System32\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw.sys [43160 2015-01-05] (StdLib)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 DUMeterDrv; \??\C:\Program Files\DU Meter\DUMETR32.SYS [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 11:49 - 2015-01-07 11:51 - 00023324 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-07 11:49 - 2015-01-07 11:51 - 00000000 ____D () C:\FRST
2015-01-07 11:47 - 2015-01-07 11:47 - 01115136 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-07 11:47 - 2015-01-07 11:47 - 01115136 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-01-05 22:45 - 2015-01-05 08:26 - 00043160 _____ (StdLib) C:\Windows\system32\Drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw.sys
2015-01-05 22:43 - 2015-01-05 22:43 - 00484168 _____ () C:\Users\User\Downloads\Stalker_call_of_pripyat_sgm_2_2_Verified.exe
2015-01-05 22:37 - 2015-01-05 22:37 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-05 22:36 - 2015-01-05 22:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-05 22:35 - 2015-01-07 11:40 - 00000000 ____D () C:\Program Files\Reverse Page
2015-01-05 22:34 - 2015-01-07 10:39 - 00001332 _____ () C:\Windows\Tasks\IPCDU.job
2015-01-05 22:34 - 2015-01-05 22:34 - 01569760 _____ (Qwerty) C:\Users\User\AppData\Roaming\IPCDU.exe
2015-01-05 22:33 - 2015-01-07 10:39 - 00001680 _____ () C:\Windows\Tasks\TBOUAKE.job
2015-01-05 22:33 - 2015-01-06 16:39 - 00000000 ____D () C:\Program Files\globalUpdate
2015-01-05 22:33 - 2015-01-05 22:33 - 02064352 _____ (Qwerty) C:\Users\User\AppData\Roaming\TBOUAKE.exe
2015-01-05 22:33 - 2015-01-05 22:33 - 00000000 ____D () C:\Users\User\AppData\Local\globalUpdate
2015-01-05 22:31 - 2015-01-05 22:31 - 00484168 _____ () C:\Users\User\Downloads\STALKER_Call_of_Pripyat_SGM_2_2_Full.exe
2015-01-02 13:05 - 2015-01-02 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CTS Games
2015-01-02 13:04 - 2015-01-02 13:04 - 01923104 _____ (CTS Games Ltd. ) C:\Users\User\Downloads\szone_webinst.exe
2014-12-31 10:45 - 2014-12-31 10:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-24 09:52 - 2014-12-31 11:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-12-23 13:16 - 2014-12-23 13:16 - 05746688 _____ () C:\Users\User\Downloads\MP3SkypeRecorderSetup.msi
2014-12-10 14:38 - 2014-12-10 14:38 - 05782856 _____ () C:\Users\User\Downloads\GTSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 11:44 - 2012-05-18 07:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 11:41 - 2011-08-07 09:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 11:26 - 2009-07-14 05:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 11:26 - 2009-07-14 05:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 11:06 - 2013-09-22 20:19 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job
2015-01-07 10:51 - 2012-05-08 18:46 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-07 10:48 - 2012-01-26 19:22 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-07 10:46 - 2011-07-14 15:14 - 00008708 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 10:43 - 2011-12-01 12:42 - 01110944 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 10:40 - 2009-07-14 03:04 - 00000505 _____ () C:\Windows\win.ini
2015-01-07 10:39 - 2012-12-12 18:29 - 00000000 ____D () C:\ProgramData\MCShield
2015-01-07 10:39 - 2011-09-06 20:01 - 00000380 _____ () C:\Windows\Tasks\AutoSmartDefrag.job
2015-01-07 10:39 - 2011-08-07 09:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 10:39 - 2011-07-14 15:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-07 10:39 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 10:38 - 2014-03-17 09:52 - 00039636 _____ () C:\Windows\setupact.log
2015-01-07 10:12 - 2013-04-24 19:48 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job
2015-01-07 00:34 - 2011-07-15 09:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-01-06 23:53 - 2013-04-24 19:48 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job
2015-01-06 20:06 - 2013-09-22 20:19 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job
2015-01-06 18:56 - 2011-07-14 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-06 00:34 - 2014-03-17 09:52 - 00079378 _____ () C:\Windows\PFRO.log
2015-01-05 23:49 - 2011-07-14 15:31 - 00000000 ____D () C:\Program Files\ACD Systems
2015-01-05 23:13 - 2014-06-06 18:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\AIMP3
2015-01-05 23:02 - 2011-07-18 08:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\XnView
2015-01-05 22:36 - 2013-07-18 12:21 - 00002319 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-05 22:36 - 2011-12-07 18:39 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-05 22:36 - 2011-07-14 15:04 - 00001605 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-05 19:15 - 2011-07-15 13:25 - 00137464 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2015-01-05 19:14 - 2011-07-15 13:25 - 00214520 _____ () C:\Windows\system32\PnkBstrB.xtr
2015-01-05 19:14 - 2011-07-15 13:25 - 00214520 _____ () C:\Windows\system32\PnkBstrB.exe
2015-01-05 19:14 - 2011-07-15 13:25 - 00214520 _____ () C:\Windows\system32\PnkBstrB.ex0
2015-01-05 18:56 - 2014-11-28 22:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\OBS
2015-01-05 18:54 - 2013-03-11 19:04 - 00000000 ____D () C:\Program Files\Solveig Multimedia
2015-01-05 18:52 - 2014-11-23 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-01-05 18:52 - 2014-11-23 20:38 - 00000000 ____D () C:\Program Files\Mirillis
2015-01-05 16:28 - 2011-07-15 13:44 - 00000000 ____D () C:\Program Files\SpeedFan
2015-01-02 13:11 - 2011-07-15 16:39 - 00000000 ___RD () C:\Users\User\Desktop\IGRE
2015-01-01 14:12 - 2012-11-11 19:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-19 12:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-17 21:58 - 2013-08-27 10:15 - 00000000 ___RD () C:\Program Files\Skype
2014-12-17 21:58 - 2011-07-14 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-12-10 12:44 - 2012-05-18 07:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 12:44 - 2011-09-26 21:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 14:47 - 2011-07-15 13:01 - 00075264 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\_is70FC.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 17:01

==================== End Of Log ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nedostaje Additon.txt izvještaj.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U pravu si - evo ga

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by User at 2015-01-07 13:23:08
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Pro 3 (HKLM\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Ahead.Nero v9.4.13.2 (HKLM\...\Ahead.Nero_is1) (Version: - )
AIMP2 (HKLM\...\AIMP2) (Version: - AIMP DevTeam)
AIMP3 (HKLM\...\AIMP3) (Version: v3.55.1338, 31.01.2014 - AIMP DevTeam)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed Revelations (HKLM\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
ASUS nVidia Driver (Version: 1.00.0000 - ASUSTek) Hidden
Baidu Antivirus (HKLM\...\Baidu Antivirus) (Version: 4.4.4.73449 - Baidu, Inc.)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.6.0 - BitTorrent Inc.)
Call of Duty (HKLM\...\Call of Duty) (Version: - )
Call of Duty Modern Warfare 2 (HKLM\...\Call of Duty Modern Warfare 2_is1) (Version: - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: 1.7 - Activision) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
CoreAAC (HKLM\...\CoreAAC) (Version: - )
Counter Strike 1.6 FULL v42 (HKLM\...\Counter Strike 1.6 FULL v42) (Version: - )
Counter-Strike 1.6 (HKLM\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Ez To MP3 Converter (HKLM\...\EzToMP3) (Version: - Buzzbox Media)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FileZilla Client 3.5.2 (HKLM\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
FL Studio 10 (HKLM\...\FL Studio 10) (Version: - Image-Line)
FLV Cutter 1.0 (HKLM\...\FLV Cutter_is1) (Version: - spgsoft.com)
FormatFactory (HKLM\...\{A0C0724A-649C-4953-BF1E-F783036969E9}) (Version: 1.65 - FreeTime)
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 2.6 - Gadwin Systems, Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Heroes & Generals (HKLM\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Mega Codec Pack 8.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 2.0.3.11 - MyCity)
Medal of Honor (HKLM\...\{5A274D69-F9BB-4AA9-85C9-440FA947DF04}_is1) (Version: - )
Medal of Honor (TM) (HKLM\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MISERY version 2.1.1 (HKLM\...\MISERY_is1) (Version: 2.1.1 - MISERY Development Team)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (en-US) - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA 3D Vision Controller Driver 266.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 266.77 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 266.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.77 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 266.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
Qtracker (HKLM\...\Qtracker) (Version: 4.92 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6101 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (HKLM\...\{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.02 - bitComposer Games)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.55 - NCH Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

23-12-2014 16:33:48 Scheduled Checkpoint
31-12-2014 21:09:07 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2012-01-07 22:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1136F465-CDD8-4CA0-AD6F-92D22038796B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {1384B326-833B-4973-8368-D6C05532DD70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {39CC162D-DECF-486E-AED5-E8577065AEE7} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
Task: {4BE97BD0-FD32-4D57-9054-CA43157DD6A3} - System32\Tasks\AutoSmartDefrag => G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-07-09] (IObit)
Task: {533E225F-519B-46AC-BC5B-262611C2AF34} - System32\Tasks\{50F909CA-BE2A-4249-BF2B-F6EF38E2314D} => pcalua.exe -a D:\DOWNLOAD\4605_mod-pack_rc8_snow-andreas_3.5_final(win32)_by_SPYFAN.exe -d "C:\Program Files\Mozilla Firefox"
Task: {5C384ECF-0B34-4A2B-8CB5-B72532D29C16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {5D8E514C-0BB4-4BA6-8C31-3341637EC0F4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {5EBE475F-27F6-495C-8E36-5F2D93080D74} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {5FA6011F-4A26-470F-A4C1-E79E5066EBEE} - System32\Tasks\{8166BDE6-0659-41BE-8B3E-519ACBAB2A4B} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {678C15EB-207C-4A3C-9B38-7974527267ED} - System32\Tasks\{8E4DF084-912A-4044-A02C-14A277716A0E} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {7A942E7B-07D2-44D2-8509-09CF797A7879} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {8D244471-7A0E-4E83-AA01-53586D53C497} - System32\Tasks\TBOUAKE => C:\Users\User\AppData\Roaming\TBOUAKE.exe [2015-01-05] (Qwerty) <==== ATTENTION
Task: {8DC709AE-8224-4DA8-B9BF-74C8A323BC14} - System32\Tasks\{46E18F13-B60A-494F-AD5E-A5D059A1E98E} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe" -c -runfromtemp -l0x0409
Task: {93E9CF3E-B9A9-4348-9968-20AEA77EF37D} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {A36C7C31-AAB0-403A-B388-6ADC00716061} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {C481C32B-6C3E-4DEB-9E6E-8D363A919192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {D83B50ED-F1D6-4B84-B0D4-7C204E962A6A} - System32\Tasks\IPCDU => C:\Users\User\AppData\Roaming\IPCDU.exe [2015-01-05] (Qwerty) <==== ATTENTION
Task: {EDCA9BBB-0926-4EB5-A72C-749328314FE8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {F2AC024D-D1E0-45FE-A9E7-16AE6ED8D245} - System32\Tasks\{1EC1EFD3-EDD8-4113-9289-ED220F551EF1} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {F92DE95F-75DC-4E51-8AA8-953FC9D30D96} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Baidu Antivirus\BavUpdater.exe [2014-06-13] (Baidu, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoSmartDefrag.job => G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IPCDU.job => C:\Users\User\AppData\Roaming\IPCDU.exe <==== ATTENTION
Task: C:\Windows\Tasks\TBOUAKE.job => C:\Users\User\AppData\Roaming\TBOUAKE.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-11-08 21:46 - 2011-11-08 21:46 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-07-14 15:22 - 2004-01-22 17:36 - 00120832 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-19 10:32 - 2014-05-19 10:32 - 00208744 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll
2013-11-14 03:16 - 2014-04-01 04:21 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
2011-02-17 23:14 - 2009-01-12 18:56 - 00059216 _____ () G:\Program Files\IObit\IObit SmartDefrag\NtfsData.dll
2011-02-17 23:14 - 2009-01-12 18:56 - 00071504 _____ () G:\Program Files\IObit\IObit SmartDefrag\taskdll.dll
2011-07-15 13:25 - 2013-07-15 12:27 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-05 18:22 - 2015-01-07 10:21 - 00529144 _____ () C:\Program Files\Reverse Page\updateReversePage.exe
2015-01-05 22:44 - 2015-01-07 10:16 - 00529144 _____ () C:\Program Files\Reverse Page\bin\utilReversePage.exe
2015-01-05 23:15 - 2015-01-05 23:15 - 00337920 _____ () C:\Program Files\Reverse Page\bin\sqlite3.DLL
2015-01-07 10:40 - 2015-01-07 04:51 - 00098552 _____ () C:\Program Files\Reverse Page\bin\ReversePage.BrowserAdapter.exe
2015-01-05 22:45 - 2015-01-06 23:23 - 00296184 _____ () C:\Program Files\Reverse Page\bin\ReversePage.PurBrowse.exe
2014-12-31 10:45 - 2014-12-31 10:45 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-10 12:44 - 2014-12-10 12:44 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\win.ini:s1
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: wuauserv => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-3641395576-2003788952-3425881642-500 - Administrator - Disabled)
Guest (S-1-5-21-3641395576-2003788952-3425881642-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3641395576-2003788952-3425881642-1004 - Limited - Enabled)
User (S-1-5-21-3641395576-2003788952-3425881642-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 10:50:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.0.5476, time stamp: 0x54a25bb5
Faulting module name: mozalloc.dll, version: 35.0.0.5476, time stamp: 0x54a2535c
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1650
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/07/2015 10:46:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/07/2015 10:40:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xab0
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (01/07/2015 10:17:03 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/07/2015 10:12:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xb08
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (01/06/2015 01:01:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/06/2015 00:56:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x9a4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (01/06/2015 10:11:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/06/2015 10:06:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x958
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (01/06/2015 00:35:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xa20
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3


System errors:
=============
Error: (01/07/2015 10:40:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/07/2015 10:12:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/06/2015 00:56:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/06/2015 10:06:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/06/2015 00:35:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/06/2015 00:02:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update Reverse Page service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/06/2015 00:02:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Util Reverse Page service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/05/2015 11:57:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/05/2015 11:56:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:54:27 PM on ‎1/‎5/‎2015 was unexpected.

Error: (01/05/2015 11:54:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (05/25/2013 09:34:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/25/2013 09:33:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-07-03 00:09:26.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-03 00:09:26.582
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-03 00:01:42.558
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\bootroboscan.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-03 00:01:42.522
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\bootroboscan.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-02 23:41:03.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 69%
Total physical RAM: 3326.49 MB
Available physical RAM: 1018.95 MB
Total Pagefile: 6651.26 MB
Available Pagefile: 3800.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:49.37 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:92.86 GB) NTFS
Drive g: () (Fixed) (Total:9.77 GB) (Free:1.74 GB) NTFS
Drive h: (Local Disk) (Fixed) (Total:27.49 GB) (Free:7.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 6890BEF4)
Partition 1: (Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=27.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 27D85A24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

R1 {d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw; C:\Windows\System32\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw.sys [43160 2015-01-05] (StdLib)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=142049.....2207829596
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420.....7829596&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=142049.....2207829596
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420.....7829596&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=14204937.....2207829596
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420.....7829596&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=14.....7829596&q={searchTerms}
BHO: No Name -> {4A5D9FC0-AA0B-871C-281D-C30F27577B10} -> No File
BHO: No Name -> {5482A6DC-10A1-FED7-2DBB-A1C8B0EF6012} -> No File
BHO: Reverse Page 1.0.0.6 -> {83dc36e5-db3f-461a-8fbc-245e44000b1f} -> C:\Program Files\Reverse Page\ReversePageBHO.dll (Reverse Page)
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\Windows\wc98pp.dll ()
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Fast Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\faststartff@gmail.com [2015-01-05]
FF Extension: FF Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\fftoolbar2014@etech.com [2015-01-05]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=sc&ts=14204937.....2207829596
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420493782&from=ild&uid=MAXTORX6L040J2_362207829596
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420493782&from=ild&uid=MAXTORX6L040J2_362207829596"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSearchURL: Default -> http://isearch.omiga-plus.com/web/?type=ds&ts=1420.....7829596&q={searchTerms}
CHR Extension: (Reverse Page) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\omclekmbhffgaogaelibnocjbaoelojj [2015-01-07]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=14204937.....2207829596
R2 Update Reverse Page; C:\Program Files\Reverse Page\updateReversePage.exe [529144 2015-01-07] ()
R2 Util Reverse Page; C:\Program Files\Reverse Page\bin\utilReversePage.exe [529144 2015-01-07] ()
Task: {533E225F-519B-46AC-BC5B-262611C2AF34} - System32\Tasks\{50F909CA-BE2A-4249-BF2B-F6EF38E2314D} => pcalua.exe -a D:\DOWNLOAD\4605_mod-pack_rc8_snow-andreas_3.5_final(win32)_by_SPYFAN.exe -d "C:\Program Files\Mozilla Firefox"
Task: {5D8E514C-0BB4-4BA6-8C31-3341637EC0F4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {5FA6011F-4A26-470F-A4C1-E79E5066EBEE} - System32\Tasks\{8166BDE6-0659-41BE-8B3E-519ACBAB2A4B} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {678C15EB-207C-4A3C-9B38-7974527267ED} - System32\Tasks\{8E4DF084-912A-4044-A02C-14A277716A0E} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {8D244471-7A0E-4E83-AA01-53586D53C497} - System32\Tasks\TBOUAKE => C:\Users\User\AppData\Roaming\TBOUAKE.exe [2015-01-05] (Qwerty) <==== ATTENTION
Task: {8DC709AE-8224-4DA8-B9BF-74C8A323BC14} - System32\Tasks\{46E18F13-B60A-494F-AD5E-A5D059A1E98E} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe" -c -runfromtemp -l0x0409
Task: {93E9CF3E-B9A9-4348-9968-20AEA77EF37D} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {D83B50ED-F1D6-4B84-B0D4-7C204E962A6A} - System32\Tasks\IPCDU => C:\Users\User\AppData\Roaming\IPCDU.exe [2015-01-05] (Qwerty) <==== ATTENTION
Task: {F2AC024D-D1E0-45FE-A9E7-16AE6ED8D245} - System32\Tasks\{1EC1EFD3-EDD8-4113-9289-ED220F551EF1} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: C:\Windows\Tasks\IPCDU.job => C:\Users\User\AppData\Roaming\IPCDU.exe <==== ATTENTION
Task: C:\Windows\Tasks\TBOUAKE.job => C:\Users\User\AppData\Roaming\TBOUAKE.exe <==== ATTENTION
C:\Program Files\Reverse Page
C:\Windows\wc98pp.dll
C:\Windows\System32\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw.sys
C:\Users\User\Downloads\Stalker_call_of_pripyat_sgm_2_2_Verified.exe
C:\ProgramData\IHProtectUpDate
C:\ProgramData\WindowsMangerProtect
C:\Windows\Tasks\IPCDU.job
C:\Users\User\AppData\Roaming\IPCDU.exe
C:\Windows\Tasks\TBOUAKE.job
C:\Program Files\globalUpdate
C:\Users\User\AppData\Roaming\TBOUAKE.exe
C:\Users\User\AppData\Local\globalUpdate
C:\Users\User\Downloads\STALKER_Call_of_Pripyat_SGM_2_2_Full.exe
C:\Users\User\AppData\Local\Temp\launchie.vbs
AlternateDataStreams: C:\Windows\win.ini:s1
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt



Korak 3

Preuzmi Junkware Removal Tool (JRT) i sačuvaj ga na Desktop.

Zatvori browser i ostale pokrenute programe

Privremeno deaktiviraj zaštitni softver (Uputstvo);

Dvoklikom na ikonicu () pokreni program JRT;

Kod obavještenja "Press any key" pritisnuti bilo koji taster i alat ce započeti skeniranje.
Napomena: u ovisnosti od hardvera račuanra vreme skeniranja u nekim slučajevima moze da potraje.

Kada završi otvorice se Notepad sa izvještajem koji ce biti sačuvan na Desktopu pod nazivom JRT.txt

Kopiraj sadržaj tog loga u temu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Sve sam odradio kako si naveo -

Fixlog izveštaj -
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by User at 2015-01-07 18:46:02 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R1 {d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw; C:\Windows\System32\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw.sys [43160 2015-01-05] (StdLib)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
BHO: No Name -> {4A5D9FC0-AA0B-871C-281D-C30F27577B10} -> No File
BHO: No Name -> {5482A6DC-10A1-FED7-2DBB-A1C8B0EF6012} -> No File
BHO: Reverse Page 1.0.0.6 -> {83dc36e5-db3f-461a-8fbc-245e44000b1f} -> C:\Program Files\Reverse Page\ReversePageBHO.dll (Reverse Page)
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\Windows\wc98pp.dll ()
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Fast Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\faststartff@gmail.com [2015-01-05]
FF Extension: FF Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\fftoolbar2014@etech.com [2015-01-05]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe [Link mogu videti samo ulogovani korisnici]
CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici]
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420493782&from=ild&uid=MAXTORX6L040J2_362207829596"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSearchURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms}
CHR Extension: (Reverse Page) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\omclekmbhffgaogaelibnocjbaoelojj [2015-01-07]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe [Link mogu videti samo ulogovani korisnici]
R2 Update Reverse Page; C:\Program Files\Reverse Page\updateReversePage.exe [529144 2015-01-07] ()
R2 Util Reverse Page; C:\Program Files\Reverse Page\bin\utilReversePage.exe [529144 2015-01-07] ()
Task: {533E225F-519B-46AC-BC5B-262611C2AF34} - System32\Tasks\{50F909CA-BE2A-4249-BF2B-F6EF38E2314D} => pcalua.exe -a D:\DOWNLOAD\4605_mod-pack_rc8_snow-andreas_3.5_final(win32)_by_SPYFAN.exe -d "C:\Program Files\Mozilla Firefox"
Task: {5D8E514C-0BB4-4BA6-8C31-3341637EC0F4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {5FA6011F-4A26-470F-A4C1-E79E5066EBEE} - System32\Tasks\{8166BDE6-0659-41BE-8B3E-519ACBAB2A4B} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {678C15EB-207C-4A3C-9B38-7974527267ED} - System32\Tasks\{8E4DF084-912A-4044-A02C-14A277716A0E} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {8D244471-7A0E-4E83-AA01-53586D53C497} - System32\Tasks\TBOUAKE => C:\Users\User\AppData\Roaming\TBOUAKE.exe [2015-01-05] (Qwerty) <==== ATTENTION
Task: {8DC709AE-8224-4DA8-B9BF-74C8A323BC14} - System32\Tasks\{46E18F13-B60A-494F-AD5E-A5D059A1E98E} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe" -c -runfromtemp -l0x0409
Task: {93E9CF3E-B9A9-4348-9968-20AEA77EF37D} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {D83B50ED-F1D6-4B84-B0D4-7C204E962A6A} - System32\Tasks\IPCDU => C:\Users\User\AppData\Roaming\IPCDU.exe [2015-01-05] (Qwerty) <==== ATTENTION
Task: {F2AC024D-D1E0-45FE-A9E7-16AE6ED8D245} - System32\Tasks\{1EC1EFD3-EDD8-4113-9289-ED220F551EF1} => pcalua.exe -a "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl\setup-bp.exe" -d "D:\GAME\S.T.A.L.K.E.R\Shadow of Chernobly\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: C:\Windows\Tasks\IPCDU.job => C:\Users\User\AppData\Roaming\IPCDU.exe <==== ATTENTION
Task: C:\Windows\Tasks\TBOUAKE.job => C:\Users\User\AppData\Roaming\TBOUAKE.exe <==== ATTENTION
C:\Program Files\Reverse Page
C:\Windows\wc98pp.dll
C:\Windows\System32\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw.sys
C:\Users\User\Downloads\Stalker_call_of_pripyat_sgm_2_2_Verified.exe
C:\ProgramData\IHProtectUpDate
C:\ProgramData\WindowsMangerProtect
C:\Windows\Tasks\IPCDU.job
C:\Users\User\AppData\Roaming\IPCDU.exe
C:\Windows\Tasks\TBOUAKE.job
C:\Program Files\globalUpdate
C:\Users\User\AppData\Roaming\TBOUAKE.exe
C:\Users\User\AppData\Local\globalUpdate
C:\Users\User\Downloads\STALKER_Call_of_Pripyat_SGM_2_2_Full.exe
C:\Users\User\AppData\Local\Temp\launchie.vbs
AlternateDataStreams: C:\Windows\win.ini:s1
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
EmptyTemp:
*****************

{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw => Service not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A5D9FC0-AA0B-871C-281D-C30F27577B10}" => Key deleted successfully.
HKCR\CLSID\{4A5D9FC0-AA0B-871C-281D-C30F27577B10} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5482A6DC-10A1-FED7-2DBB-A1C8B0EF6012}" => Key deleted successfully.
HKCR\CLSID\{5482A6DC-10A1-FED7-2DBB-A1C8B0EF6012} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83dc36e5-db3f-461a-8fbc-245e44000b1f} => Key not found.
HKCR\CLSID\{83dc36e5-db3f-461a-8fbc-245e44000b1f} => Key not found.
"HKCR\PROTOCOLS\Handler\ic32pp" => Key deleted successfully.
"HKCR\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\user.js => Moved successfully.
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\searchplugins\omiga-plus.xml" => not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml" => not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\faststartff@gmail.com => not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\fftoolbar2014@etech.com => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => Value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\faststartff@gmail.com => Value not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\omclekmbhffgaogaelibnocjbaoelojj => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
Update Reverse Page => Service not found.
Util Reverse Page => Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{533E225F-519B-46AC-BC5B-262611C2AF34}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{533E225F-519B-46AC-BC5B-262611C2AF34}" => Key deleted successfully.
C:\Windows\System32\Tasks\{50F909CA-BE2A-4249-BF2B-F6EF38E2314D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{50F909CA-BE2A-4249-BF2B-F6EF38E2314D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D8E514C-0BB4-4BA6-8C31-3341637EC0F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D8E514C-0BB4-4BA6-8C31-3341637EC0F4}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FA6011F-4A26-470F-A4C1-E79E5066EBEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FA6011F-4A26-470F-A4C1-E79E5066EBEE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8166BDE6-0659-41BE-8B3E-519ACBAB2A4B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8166BDE6-0659-41BE-8B3E-519ACBAB2A4B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678C15EB-207C-4A3C-9B38-7974527267ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678C15EB-207C-4A3C-9B38-7974527267ED}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8E4DF084-912A-4044-A02C-14A277716A0E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E4DF084-912A-4044-A02C-14A277716A0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D244471-7A0E-4E83-AA01-53586D53C497}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D244471-7A0E-4E83-AA01-53586D53C497}" => Key deleted successfully.
C:\Windows\System32\Tasks\TBOUAKE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TBOUAKE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DC709AE-8224-4DA8-B9BF-74C8A323BC14}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC709AE-8224-4DA8-B9BF-74C8A323BC14}" => Key deleted successfully.
C:\Windows\System32\Tasks\{46E18F13-B60A-494F-AD5E-A5D059A1E98E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{46E18F13-B60A-494F-AD5E-A5D059A1E98E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93E9CF3E-B9A9-4348-9968-20AEA77EF37D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93E9CF3E-B9A9-4348-9968-20AEA77EF37D}" => Key deleted successfully.
C:\Windows\System32\Tasks\4596 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4596" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D83B50ED-F1D6-4B84-B0D4-7C204E962A6A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D83B50ED-F1D6-4B84-B0D4-7C204E962A6A}" => Key deleted successfully.
C:\Windows\System32\Tasks\IPCDU => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IPCDU" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2AC024D-D1E0-45FE-A9E7-16AE6ED8D245}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2AC024D-D1E0-45FE-A9E7-16AE6ED8D245}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1EC1EFD3-EDD8-4113-9289-ED220F551EF1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1EC1EFD3-EDD8-4113-9289-ED220F551EF1}" => Key deleted successfully.
C:\Windows\Tasks\IPCDU.job => Moved successfully.
C:\Windows\Tasks\TBOUAKE.job => Moved successfully.
"C:\Program Files\Reverse Page" => File/Directory not found.
C:\Windows\wc98pp.dll => Moved successfully.
"C:\Windows\System32\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw.sys" => File/Directory not found.
C:\Users\User\Downloads\Stalker_call_of_pripyat_sgm_2_2_Verified.exe => Moved successfully.
"C:\ProgramData\IHProtectUpDate" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Windows\Tasks\IPCDU.job" => File/Directory not found.
"C:\Users\User\AppData\Roaming\IPCDU.exe" => File/Directory not found.
"C:\Windows\Tasks\TBOUAKE.job" => File/Directory not found.
C:\Program Files\globalUpdate => Moved successfully.
"C:\Users\User\AppData\Roaming\TBOUAKE.exe" => File/Directory not found.
C:\Users\User\AppData\Local\globalUpdate => Moved successfully.
C:\Users\User\Downloads\STALKER_Call_of_Pripyat_SGM_2_2_Full.exe => Moved successfully.
"C:\Users\User\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
C:\Windows\win.ini => ":s1" ADS removed successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
EmptyTemp: => Removed 925.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:47:27 ====

AdwCleaner izveštaj-
[Link mogu videti samo ulogovani korisnici]

JRT izveštaj-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by User on Wed 01/07/2015 at 19:12:03.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update netcrawl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util netcrawl



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Baidu Antivirus Update
Successfully deleted: [File] C:\Windows\prefetch\SPEEDFAN.EXE-EB97B5FC.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Failed to delete: [Folder] "C:\Program Files\baidu security"



~~~ FireFox

Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\zqpgwt7a.default\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "ild");
user_pref("browser.search.searchengine.uid", "MAXTORX6L040J2_362207829596");
user_pref("pagetweak.pref.hxxp://www.kurir-info.rs/komentari/dramaticno-autobus-potpuno-unistio-dzip-tome-nikolica-clanak-1318419#posalji-komentar;text", "Mene%20samo%20zanima
user_pref("pagetweak.pref.hxxp://www.mycity-military.com/posting.php?mode=quote&p=1179486;reply", "%5Burl=hxxp://www.mycity-military.com/slika.php?slika=2705_63377174_Helical.
user_pref("pagetweak.pref.hxxp://www.mycity-military.com/posting.php?mode=quote&p=1512700;reply", "%20Ne%C5%A1to%20o%20%C4%8Demu%20se%20ne%20pri%C4%8Da%20mnogo%20-%20ameri%20v
user_pref("pagetweak.pref.hxxp://www.mycity-military.com/posting.php?mode=quote&p=1555560;reply", "%5Bquote=%22Kos93%22%5D%D0%A4%D0%90%D0%9F%201118%20%D1%83%20%D0%B4%D1%80%D0%
user_pref("pagetweak.pref.hxxp://www.mycity-military.com/posting.php?mode=quote&p=1564890;reply", "%5Bquote=%22Cigi%22%5D%5Burl=hxxp://www.mycity-military.com/slika.php?slika=
user_pref("pagetweak.pref.hxxp://www.mycity.rs/posting.php?mode=quote&p=1638487;reply", "Odra%C4%91eno%20sve%20kako%20si%20rekao%20-%20koliko%20vidim%20na%20prvi%20momenat,%20
user_pref("pagetweak.pref.hxxps://translate.google.nl/#en/bs/e%20Monolith%20clan%20was%20originally%20a%20group%20of%20stalkers%2C%20united%20by%20their%20fascination%20with%2
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\zqpgwt7a.default\minidumps [1494 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/07/2015 at 19:18:26.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje? Vidim su ADwCleaner i JRT brisali i neke fajlove koji pripadaju Baidu AV, no to ćemo na kraju riješiti.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini,nisam bio kod kuće pa sad odgovaram - stanje je sada ok, nema više "omige" i glupih reklama.
Inače, danas popodne dok sam čekao tvoje savete, ja sam u safe modu skenirao sistem sa malwarebytesom i antispywareom koji su mi obrisali neke stvarčice i tu se već smanjila "aktivnost" omige po pitanju iskačućih prozorčića sa reklamama ali glavni problem ipak nije uklonjen.
Videċu kako će se sistem dalje ponašati, ali mislim da je za sada sve onako kako bi trebalo da bude.

Hvala još jednom

• 1Ovo se svidja korisniku: 11neco11
  
  Registruj se da bi pohvalio/la poruku!

Nismo još gotovi.


Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Samo da naglasim, završio je skeniranje bez restarta windowsa

Zoek.exe v5.0.0.0 Updated 31-12-2014
Tool run by User on Wed 01/07/2015 at 23:22:48.78.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1/7/2015 11:23:58 PM Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\taskeng.exe
G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Users\User\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv

==== Services and Drivers ======================

You do not have Microsoft .NET Framework 4.0(or higher) installed.
Download it here v4.0: [Link mogu videti samo ulogovani korisnici]
Download it here v4.5: [Link mogu videti samo ulogovani korisnici]

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\User\AppData\Local\Temp ====
2015-01-07 18:11:54 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\libiconv2.dll
2015-01-07 18:11:54 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\libintl3.dll
2015-01-07 18:11:54 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\pcre3.dll
2015-01-07 18:11:54 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\regex2.dll
2015-01-07 18:11:54 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2015-01-07 13:48:43 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-07 13:48:35 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-07 13:48:35 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-07 13:48:35 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\User\AppData\Roaming ======
====== C:\Users\User ======
2015-01-07 18:10:12 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\User\Desktop\JRT.exe
2015-01-07 17:55:23 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\User\Desktop\AdwCleaner.exe
2015-01-07 13:14:19 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-07 10:47:50 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Users\User\Desktop\FRST.exe
2015-01-07 10:47:16 BF3EC09CE0FE0EBE1A0FCE162E4D3E90 1115136 ----a-w- C:\Users\User\Downloads\FRST.exe
2015-01-02 12:05:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CTS Games
2015-01-02 12:04:39 CDCB062EBAB35D75AA2FCA0EA2DC8666 1923104 ----a-w- C:\Users\User\Downloads\szone_webinst.exe

====== C: exe-files ==
2015-01-07 18:11:54 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-07 18:10:12 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\User\Desktop\JRT.exe
2015-01-07 17:55:23 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\User\Desktop\AdwCleaner.exe
2015-01-07 13:14:19 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-07 10:47:50 BF3EC09CE0FE0EBE1A0FCE162E4D3E90 1115136 ----a-w- C:\Users\User\Desktop\FRST-OlderVersion\FRST.exe
2015-01-07 10:47:50 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Users\User\Desktop\FRST.exe
2015-01-07 10:47:16 BF3EC09CE0FE0EBE1A0FCE162E4D3E90 1115136 ----a-w- C:\Users\User\Downloads\FRST.exe
2015-01-02 12:04:39 CDCB062EBAB35D75AA2FCA0EA2DC8666 1923104 ----a-w- C:\Users\User\Downloads\szone_webinst.exe
=== C: other files ==
2015-01-07 22:25:44 AFC541E792297B2FF9298444CD805284 7095932 ----a-w- C:\Users\User\AppData\Local\Temp\tmp-7or.xpi
2015-01-07 18:11:54 F720D6634E048B0AD485CEEF55263E6B 191092 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\misc.bat
2015-01-07 18:11:54 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\prelim.bat
2015-01-07 18:11:54 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\TDL4.bat
2015-01-07 18:11:54 C4C784C659C27DB5ED395A7901611C71 14957 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\get.bat
2015-01-07 18:11:54 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\medfos.bat
2015-01-07 18:11:54 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\surfvox.bat
2015-01-07 18:11:54 A3945FA06DB607245C6A1D0629CE737E 11057 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\runvalues.bat
2015-01-07 18:11:54 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\searchlnk.bat
2015-01-07 18:11:54 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\firefox.bat
2015-01-07 18:11:54 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\ev_clear.bat
2015-01-07 18:11:54 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\ask.bat
2015-01-07 18:11:54 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\iexplore.bat
2015-01-07 18:11:54 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\delfolders.bat
2015-01-07 18:11:54 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\mws.bat
2015-01-07 18:11:54 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\chrome.bat
2015-01-07 13:48:43 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-07 13:48:35 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-07 13:48:35 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-07 13:48:35 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
"Baidu Antivirus"="C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe -auto"
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe /d=60"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wuauserv]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/10/2014 12:44 PM]
C:\Windows\tasks\AutoSmartDefrag.job --a------ C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job --a------ C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job --a------ C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [10/17/2014 09:42 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [10/17/2014 09:42 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job --a------ C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [09/22/2013 08:19 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\AutoSmartDefrag" [G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core" [C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA" [C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{2012CD6E-A8EA-4182-A57F-DF7284C8CE6E}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
user_pref("browser.startup.homepage", "https://www.google.com/");

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
- Undetermined - [Link mogu videti samo ulogovani korisnici]
- Undetermined - gmailwatcher@sonthakit
- Undetermined - {4176DFF4-4698-11DE-BEEB-45DA55D89593}
- Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Undetermined - [Link mogu videti samo ulogovani korisnici]
- Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- Undetermined - %ProfilePath%\extensions\staged
- EZ to MP3 Converter - %ProfilePath%\extensions\youtube-mp3@eztomp3.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Gmail Watcher - %ProfilePath%\extensions\gmailwatcher@sonthakit.xpi
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- PageTweak - %ProfilePath%\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
- AniWeather - %ProfilePath%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
9860727E477F17B88E39AF8B69B0407A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
D2377C9458EFEB094E38B8C874AA214C - C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
76EFD64CD206B93E2EB5320A23C19AD7 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
2AB6A7F373290AE20A19CF5F306E8C97 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
F6D12679B9112358AC705A1308156F59 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
045DCEC5BBF3C9F4A0788FDF90B1DEDE - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll - Battlefield Play4Free Updater
E6728F685FA215AF79869CB1B5D4A56C - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
FC5807B1A2BCEE041A4159431ADD111B - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dpcomnokkgidfbnbfhfpofbgieghedec - C:\Program Files\EzToMP3\eztomp3.crx[09/17/2012 07:13 PM]

Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
EZ to MP3 Converter - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpcomnokkgidfbnbfhfpofbgieghedec
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://google.com/"
"Default_Page_URL"="https://google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Wed 01/07/2015 at 23:27:37.09 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

emptyalltemp;
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.



Prikazuju li ti se još reklame?