Čišćenje

Čišćenje

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

1. Provera i ako je potrebno čišćenje.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01
Ran by Zorica (administrator) on ZORICA-PC on 04-10-2014 16:15:42
Running from D:\SPor
Loaded Profile: Zorica (Available profiles: Zorica)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(New Softwares.net) C:\Windows\System32\WinFLService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
( New Softwares.net) C:\Windows\System32\WinFLTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(New Softwares.net) C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
( New Softwares.net) C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
(Skillbrains) C:\Users\Zorica\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Fences] => C:\Program Files\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [WinFLTray] => C:\Windows\system32\WinFLTray.exe [321736 2013-08-24] ( New Softwares.net)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [FLBackup] => C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2013-08-24] (New Softwares.net)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [WinThemePack Logon] => C:\Program Files\WinThemePack\Magic The Gathering Logon Screen\tweak.exe [10429625 2013-03-31] (WinThemePack.com)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [LightShot] => C:\Users\Zorica\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: E - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {0d3daa76-7b61-11e3-8c12-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {42bad087-0900-11e3-a3a0-d43d7e4ab2df} - F:\Setup.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {93dee544-d12b-11e3-b422-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-08-31] (Microsoft Corporation)
Startup: C:\Users\Zorica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files\Stardock\Fences\Fences.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xADC2A13B0D9DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
SearchScopes: HKCU - DefaultScope {DA25F8FE-1481-4A14-92F0-0E54412CC419} URL = https://search.yahoo.com/search?fr=chr-greentree_i.....484&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {DA25F8FE-1481-4A14-92F0-0E54412CC419} URL = https://search.yahoo.com/search?fr=chr-greentree_i.....484&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Zorica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Zorica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF user.js: detected! => C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\user.js
FF SearchPlugin: C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: ichmaltegoetzde - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\ich@maltegoetz.de [2014-09-08]
FF Extension: 6dfc4f5226f04e5f89c731d6de480db9 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9} [2014-09-09]
FF Extension: Website Counselor - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-09]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-26]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-26]

Chrome:
=======
CHR CustomProfile: C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-20]
CHR Extension: (Into The Mist) - C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2014-09-21]
CHR Extension: (Google новчаник) - C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx []
CHR HKLM\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files\Common Files\Spigot\GC\nta_1.0_0.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-15] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
S2 pr2ah4nc; C:\Windows\system32\pr2ah4nc.exe [407152 2007-05-18] (CODEMASTERS)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [25728 2014-01-10] (Google Inc)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-08-19] (DT Soft Ltd)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [41912 2010-07-22] (FSPro Labs)
S3 hw_usbdev; C:\Windows\System32\DRIVERS\hw_usbdev.sys [102272 2014-01-10] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-13] (Intel Corporation)
R2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2013-08-24] ()
R0 pe3ah4nc; C:\Windows\System32\drivers\pe3ah4nc.sys [64880 2007-05-18] (CODEMASTERS)
R0 ps6ah4nc; C:\Windows\System32\drivers\ps6ah4nc.sys [55160 2007-05-18] (CODEMASTERS)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [108032 2014-01-10] (QUALCOMM Incorporated)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-29] (Etron)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-08-24] ()
U4 Avgfwfd; system32\DRIVERS\avgfwd6x.sys [X]
S3 MSICDSetup; \??\G:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 16:04 - 2014-10-04 16:04 - 01100800 _____ (Farbar) C:\Users\Zorica\Downloads\FRST (1).exe
2014-10-04 09:46 - 2014-10-04 16:10 - 00000112 _____ () C:\Windows\setupact.log
2014-10-04 09:46 - 2014-10-04 16:09 - 00059602 _____ () C:\Windows\PFRO.log
2014-10-04 09:46 - 2014-10-04 09:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-03 15:52 - 2014-10-03 15:52 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\Verimatrix
2014-10-03 15:51 - 2014-10-03 15:51 - 00000000 ____D () C:\ProgramData\Verimatrix
2014-10-03 15:51 - 2014-10-03 15:51 - 00000000 ____D () C:\Program Files\Verimatrix
2014-10-03 15:50 - 2014-10-03 15:50 - 21118464 _____ () C:\Users\Zorica\Downloads\ViewRightWebInstaller.msi
2014-10-03 14:10 - 2014-10-03 14:10 - 00000703 _____ () C:\Windows\wininit.ini
2014-10-03 12:58 - 2014-10-04 16:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 12:57 - 2014-10-03 12:57 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-03 12:57 - 2014-10-03 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 12:57 - 2014-10-03 12:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-03 12:57 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 12:57 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 12:57 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 12:56 - 2014-10-03 12:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Zorica\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-03 01:07 - 2014-10-03 01:07 - 00000000 ____D () C:\ProgramData\.mono
2014-10-02 23:18 - 2014-10-02 23:18 - 00002799 _____ () C:\Windows\system32\ScanResults.xml
2014-10-02 23:04 - 2014-10-02 23:05 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-10-01 17:08 - 2014-10-01 17:08 - 00000000 ____D () C:\Users\Zorica\Documents\My Games
2014-10-01 16:45 - 2014-10-01 16:45 - 00014695 _____ () C:\Users\Zorica\Downloads\[kickass.to]real.boxing.2014.pc.multi.repack.by.xghost.torrent
2014-10-01 11:29 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 22:59 - 2014-09-29 23:04 - 00000120 _____ () C:\Windows\Reimage.ini
2014-09-29 22:58 - 2014-09-29 22:59 - 00853960 _____ (Reimage®) C:\Users\Zorica\Downloads\ReimageRepair.exe
2014-09-28 22:01 - 2014-09-28 22:01 - 00033451 _____ () C:\Users\Zorica\Downloads\69173-Home.Alone.2.1992.720p.HDTV.x264ESiR.zip
2014-09-28 22:00 - 2014-09-28 22:00 - 00033618 _____ () C:\Users\Zorica\Downloads\115780-Home.Alone.2.Lost.In.New.York.1992.720p.BluRay.x264SiNNERS.zip
2014-09-28 21:10 - 2014-09-28 21:11 - 00030580 _____ () C:\Users\Zorica\Downloads\160801-homealone2lostinnewyork.zip
2014-09-28 18:28 - 2014-09-28 18:28 - 00172106 _____ () C:\Users\Zorica\Downloads\[kickass.to]rise.of.nations.extended.edition.flt.torrent
2014-09-28 18:28 - 2014-09-28 18:28 - 00172106 _____ () C:\Users\Zorica\Downloads\[kickass.to]rise.of.nations.extended.edition.flt (1).torrent
2014-09-27 15:05 - 2014-09-27 15:05 - 00027680 _____ () C:\Users\Zorica\Downloads\142877-HomeAlone.zip
2014-09-27 15:05 - 2014-09-27 15:05 - 00027680 _____ () C:\Users\Zorica\Downloads\142877-HomeAlone (1).zip
2014-09-27 07:28 - 2014-09-27 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-26 21:48 - 2014-09-26 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-26 16:32 - 2014-09-26 16:32 - 00000000 ____D () C:\Users\Zorica\Desktop\New folder (3)
2014-09-26 16:30 - 2014-09-26 16:30 - 00000000 ____D () C:\Users\Zorica\Documents\2006 FIFA World Cup™
2014-09-26 15:40 - 2014-09-26 15:40 - 00151800 _____ () C:\Users\Zorica\Downloads\[kickass.to]fifa.world.cup.2006.pc.game.torrent
2014-09-26 15:27 - 2014-09-26 15:27 - 00001183 _____ () C:\Users\Zorica\Desktop\Play NBA 2K13 nosTEAM.lnk
2014-09-26 11:42 - 2014-10-04 16:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-26 11:41 - 2014-07-02 19:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-09-26 11:40 - 2014-07-02 21:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-26 11:40 - 2014-07-02 21:42 - 03063256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-09-26 11:40 - 2014-07-02 21:42 - 02556360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-09-26 11:40 - 2014-07-02 21:42 - 00670552 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-26 11:40 - 2014-07-02 21:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-26 11:40 - 2014-07-02 21:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-26 11:40 - 2014-07-02 07:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-26 11:36 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-24 14:09 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 02:09 - 2014-09-23 02:10 - 37184552 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Zorica\Downloads\Kies3Setup.exe
2014-09-23 02:02 - 2014-09-23 02:03 - 16007072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Zorica\Downloads\Samsung-Usb-Driver-v1.5.45.0.exe
2014-09-20 22:38 - 2014-09-20 22:38 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-20 22:38 - 2014-09-20 22:38 - 00000000 ___RD () C:\Program Files\Skype
2014-09-20 22:38 - 2014-09-20 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-20 22:38 - 2014-09-20 22:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-20 17:16 - 2014-09-20 17:16 - 00018119 _____ () C:\Users\Zorica\Downloads\[kickass.to]nba.2k13.pc.nosteam (1).torrent
2014-09-20 16:40 - 2014-09-20 16:40 - 00019679 _____ () C:\Users\Zorica\Downloads\[kickass.to]home.alone.2.lost.in.new.york.1992.1080p.brrip.x264.yify.torrent
2014-09-20 11:26 - 2014-09-20 11:26 - 00018119 _____ () C:\Users\Zorica\Downloads\[kickass.to]nba.2k13.pc.nosteam.torrent
2014-09-20 11:24 - 2014-09-20 11:24 - 00035453 _____ () C:\Users\Zorica\Downloads\[kickass.to]nba.2k13.reloaded (2).torrent
2014-09-20 11:24 - 2014-09-20 11:24 - 00035453 _____ () C:\Users\Zorica\Downloads\[kickass.to]nba.2k13.reloaded (1).torrent
2014-09-20 09:58 - 2014-09-20 09:58 - 00002259 _____ () C:\Users\Zorica\Desktop\Покретач Chrome апликација.lnk
2014-09-20 09:58 - 2014-09-20 09:58 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-15 22:11 - 2014-09-26 15:32 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\vlc
2014-09-15 22:10 - 2014-09-15 22:10 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-15 22:10 - 2014-09-15 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-15 22:09 - 2014-09-15 22:09 - 00000000 ____D () C:\Program Files\VideoLAN
2014-09-15 22:08 - 2014-09-15 22:08 - 24743106 _____ () C:\Users\Zorica\Downloads\vlc-2.1.5-win32.exe
2014-09-14 20:36 - 2014-09-14 20:36 - 00000137 _____ () C:\Users\Zorica\Desktop\photo.php.url
2014-09-10 03:28 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:28 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:28 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:28 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:28 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:28 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:28 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:28 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:28 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:28 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:28 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:28 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:28 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:28 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:28 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:28 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:28 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:28 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:28 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:27 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:27 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:26 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-09 21:26 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 21:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 21:24 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 21:24 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 21:24 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 21:24 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 23:10 - 2014-09-08 23:10 - 00000000 ____D () C:\Users\Zorica\AppData\Local\FLT
2014-09-08 23:10 - 2014-09-08 23:10 - 00000000 ____D () C:\Users\Zorica\AppData\Local\2012
2014-09-08 23:04 - 2014-09-08 23:04 - 00035449 _____ () C:\Users\Zorica\Downloads\[kickass.to]nba.2k13.reloaded.torrent
2014-09-08 23:02 - 2014-09-08 23:02 - 00144054 _____ () C:\Users\Zorica\Downloads\[kickass.to]nba.2k14.reloaded (1).torrent
2014-09-08 20:57 - 2014-09-08 20:57 - 00033097 _____ () C:\Users\Zorica\Downloads\[kickass.to]london.2012.the.official.video.game.of.the.olympic.games.flt.torrent
2014-09-07 12:41 - 2014-10-03 01:04 - 00000226 _____ () C:\Users\Zorica\BullseyeCoverageError.txt
2014-09-07 12:41 - 2014-09-07 12:41 - 01202032 _____ (Unity Technologies ApS) C:\Users\Zorica\Downloads\UnityWebPlayer (9).exe
2014-09-07 11:06 - 2014-09-07 11:06 - 01202032 _____ (Unity Technologies ApS) C:\Users\Zorica\Downloads\UnityWebPlayer (8).exe
2014-09-07 11:05 - 2014-09-07 11:05 - 01202032 _____ (Unity Technologies ApS) C:\Users\Zorica\Downloads\UnityWebPlayer (7).exe
2014-09-06 21:47 - 2014-09-06 21:47 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\WebExtend
2014-09-06 21:47 - 2014-09-06 21:47 - 00000000 ____D () C:\Program Files\SiteLookup
2014-09-06 19:44 - 2014-09-06 19:44 - 00015768 _____ () C:\Users\Zorica\Downloads\[kickass.to]pro.evolution.soccer.2013.pes.v.1.04.2012.repack.by.rg.catalyst (2).torrent
2014-09-06 19:44 - 2014-09-06 19:44 - 00015768 _____ () C:\Users\Zorica\Downloads\[kickass.to]pro.evolution.soccer.2013.pes.v.1.04.2012.repack.by.rg.catalyst (1).torrent
2014-09-06 19:39 - 2014-09-06 19:39 - 00019347 _____ () C:\Users\Zorica\Downloads\[kickass.to]pes.2014.pro.evolution.soccer.2014.v.1.12.2013.pc.repack.by.z10yded.torrent
2014-09-06 19:33 - 2014-09-06 19:33 - 00000613 _____ () C:\Users\Zorica\Desktop\335 × 500 - index.hr.URL
2014-09-06 19:05 - 2014-09-06 19:05 - 00013414 _____ () C:\Users\Zorica\Downloads\[kickass.to]pesedit.pro.evolution.soccer.2013.v.6.0.2013.pc.patch.torrent
2014-09-06 12:28 - 2014-09-06 12:28 - 00000000 ____D () C:\Users\Zorica\AppData\Local\Avg
2014-09-05 18:42 - 2014-09-26 15:44 - 00000000 ____D () C:\Users\Zorica\Documents\Euro Truck Simulator 2
2014-09-05 18:41 - 2014-09-05 18:41 - 00002525 _____ () C:\Users\Public\Desktop\Euro Truck Simulator 2 - Going East!.lnk
2014-09-05 18:41 - 2014-09-05 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCS Software
2014-09-05 18:38 - 2014-09-05 18:38 - 00000000 ____D () C:\Program Files\SCS Software
2014-09-05 18:19 - 2014-09-05 18:19 - 00087118 _____ () C:\Users\Zorica\Downloads\[kickass.to]euro.truck.simulator.2.going.east.skidrow.torrent
2014-09-04 23:43 - 2014-09-04 23:43 - 00420277 _____ () C:\Users\Zorica\Downloads\crazyfrogracer2-nocd-1_0-ENG.zip
2014-09-04 23:43 - 2014-09-04 23:43 - 00000000 ____D () C:\Users\Zorica\Downloads\crazyfrogracer2-nocd-1_0-ENG
2014-09-04 22:54 - 2014-09-26 10:59 - 00000000 ____D () C:\Users\Zorica\Documents\GameShadow
2014-09-04 22:53 - 2014-09-04 22:53 - 00002048 _____ () C:\Users\UpdatusUser\Desktop\Crazy Frog Racer 2.lnk
2014-09-04 22:53 - 2014-09-04 22:53 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-04 22:53 - 2014-09-04 22:53 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turtle Games
2014-09-04 22:53 - 2014-09-04 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turtle Games
2014-09-04 22:52 - 2014-09-04 22:52 - 00000000 ____D () C:\Program Files\Turtle Games
2014-09-04 21:50 - 2014-09-04 21:50 - 00014569 _____ () C:\Users\Zorica\Downloads\[kickass.to]crazy.frog.racer.2 (2).torrent
2014-09-04 21:39 - 2014-09-04 21:39 - 00014136 _____ () C:\Users\Zorica\Downloads\[kickass.to]crazy.frog.racer.2 (1).torrent
2014-09-04 21:32 - 2014-09-04 21:32 - 00014135 _____ () C:\Users\Zorica\Downloads\[kickass.to]crazy.frog.racer.2.torrent
2014-09-04 21:29 - 2014-09-04 21:29 - 00020424 _____ () C:\Users\Zorica\Downloads\[kickass.to]crazy.frog.racer.2.the.game.by.smart.chandru.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 16:15 - 2014-03-15 18:36 - 00000000 ____D () C:\FRST
2014-10-04 16:11 - 2013-09-30 11:00 - 00000000 ____D () C:\ProgramData\MCShield
2014-10-04 16:11 - 2013-08-19 20:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-04 16:11 - 2013-08-19 20:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 16:10 - 2014-05-17 19:51 - 00000412 _____ () C:\Windows\Tasks\PC Optimizer Pro startups.job
2014-10-04 16:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 16:08 - 2013-10-21 12:30 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\Skype
2014-10-04 15:38 - 2013-08-19 20:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 14:49 - 2014-03-05 15:44 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000UA.job
2014-10-04 14:49 - 2014-03-05 15:44 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000Core.job
2014-10-04 14:44 - 2013-09-08 22:14 - 00000378 _____ () C:\Windows\Tasks\update-S-1-5-21-2861581720-2204672646-155532148-1000.job
2014-10-04 14:30 - 2013-09-26 23:13 - 01250140 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 13:14 - 2013-09-08 22:14 - 00000378 _____ () C:\Windows\Tasks\update-sys.job
2014-10-04 11:13 - 2014-05-17 19:51 - 00000438 _____ () C:\Windows\Tasks\PC Optimizer Pro Idle.job
2014-10-04 11:00 - 2014-05-17 19:52 - 00000408 _____ () C:\Windows\Tasks\PC Optimizer Pro Scan.job
2014-10-04 09:52 - 2014-03-13 22:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-04 09:52 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 09:52 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 09:46 - 2013-09-29 22:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-03 19:21 - 2014-05-17 19:51 - 00000440 _____ () C:\Windows\Tasks\PC Optimizer Pro Updates.job
2014-10-03 14:10 - 2014-05-28 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-03 14:10 - 2014-05-28 12:41 - 00000000 ___HD () C:\Windows\system32\CTF
2014-10-03 13:09 - 2014-05-15 18:53 - 00000000 ____D () C:\Users\Zorica\AppData\Local\26814
2014-10-03 13:09 - 2014-05-13 18:45 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-03 12:58 - 2013-08-19 20:56 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\uTorrent
2014-10-03 12:54 - 2013-11-26 20:41 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\Winamp
2014-10-03 12:54 - 2013-08-19 21:04 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\DAEMON Tools Pro
2014-10-03 12:49 - 2014-05-24 18:01 - 00000000 ____D () C:\ProgramData\Big Fish
2014-10-03 12:49 - 2014-05-16 16:49 - 00000000 ____D () C:\Program Files\SpeedItup Free
2014-10-03 12:05 - 2014-05-20 07:51 - 00591051 _____ () C:\Windows\system32\_q5C84hNuFyw
2014-09-29 07:12 - 2013-09-07 11:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-26 22:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 11:42 - 2013-08-19 20:46 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-26 11:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-09-26 11:35 - 2013-08-19 20:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-26 11:03 - 2014-06-20 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-09-26 11:03 - 2014-05-16 10:12 - 00000000 ____D () C:\Program Files\JoWooD
2014-09-26 11:00 - 2013-08-19 20:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-26 10:45 - 2014-06-20 08:54 - 00000173 _____ () C:\Windows\disney.ini
2014-09-26 10:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-25 08:15 - 2013-08-19 20:54 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 19:38 - 2013-08-19 20:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 19:38 - 2013-08-19 20:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-20 22:39 - 2013-08-20 00:14 - 00000000 ____D () C:\ProgramData\Skype
2014-09-20 11:05 - 2013-10-29 23:20 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-16 02:35 - 2013-09-08 22:14 - 00000438 _____ () C:\Users\Zorica\AppData\Local\UserProducts.xml
2014-09-16 02:35 - 2013-09-08 22:14 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-09-10 21:57 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 03:26 - 2013-09-24 15:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:26 - 2013-08-31 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:12 - 2013-08-31 14:54 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 03:10 - 2014-05-07 09:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 03:04 - 2013-08-19 20:42 - 00766336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 08:13 - 2014-05-06 15:01 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-09-07 12:41 - 2013-08-19 20:38 - 00000000 ____D () C:\Users\Zorica
2014-09-06 21:44 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-06 12:30 - 2014-03-13 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 18:42 - 2013-08-28 14:42 - 00000000 ____D () C:\Users\Zorica\AppData\Local\SKIDROW
2014-09-04 22:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-04 06:11 - 2009-07-14 06:33 - 00408752 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 22:17

==================== End Of Log ============================




https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Korake prati jedan po jedan i kada završiš sa jednim, postavi prvo izvještaj (ako je tražen) i pređi na sljedeći. Ako imaš nekih nedoumica ili nešto krene kako ne treba, pitaj.


Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

DownLite



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: E - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {0d3daa76-7b61-11e3-8c12-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {42bad087-0900-11e3-a3a0-d43d7e4ab2df} - F:\Setup.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {93dee544-d12b-11e3-b422-d43d7e4ab2df} - E:\PcOptions.exe
FF user.js: detected! => C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\user.js
FF SearchPlugin: C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: ichmaltegoetzde - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\ich@maltegoetz.de [2014-09-08]
FF Extension: Website Counselor - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-09]
CHR HKLM\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx []
CHR HKLM\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files\Common Files\Spigot\GC\nta_1.0_0.crx []
C:\Program Files\Common Files\Spigot
C:\Program Files\SiteLookup
C:\Users\Zorica\AppData\Roaming\WebExtend
C:\Windows\Tasks\PC Optimizer Pro Updates.job
C:\Program Files\globalUpdate
C:\Program Files\SpeedItup Free
Call of Duty(R) 4 - Modern Warfare(TM) (Version: 1.00.0000 - Activision) Hidden
Task: {123ED3DE-9A17-46FD-A8B1-733399F9B1CE} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {1CA6454F-FBFC-41B4-9ECA-68CE7FC236AB} - System32\Tasks\PC Optimizer Pro Idle => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {36A4AA78-C147-4EA0-BE1E-A815FA75FC5C} - System32\Tasks\PC Optimizer Pro Scan => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {4F1A6A6E-5F4C-463B-B0B0-F597AE4473B5} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro Idle.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro Scan.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
C:\Program Files\PC Optimizer Pro
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:38091CBB
AlternateDataStreams: C:\ProgramData\TEMP:77E239B1
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:F1A5FE8B
C:\Windows\pss\MyPC Backup.lnk.Startup
cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f
cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedItupFree" /f
cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum





Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt



Arrow Korak 4

Preuzmi Junkware Removal Tool (JRT) i sačuvaj ga na Desktop.

Zatvori browser i ostale pokrenute programe

Privremeno deaktiviraj zaštitni softver (Uputstvo);

Dvoklikom na ikonicu () pokreni program JRT;

Kod obavještenja "Press any key" pritisnuti bilo koji taster i alat ce započeti skeniranje.
Napomena: u ovisnosti od hardvera račuanra vreme skeniranja u nekim slučajevima moze da potraje.

Kada završi otvorice se Notepad sa izvještajem koji ce biti sačuvan na Desktopu pod nazivom JRT.txt


Arrow Kopiraj sadržaj tog loga u temu.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

https://www.mycity.rs/must-login.png
----------------------------------------------------------------------------

# AdwCleaner v3.311 - Report created 04/10/2014 at 17:45:34
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Zorica - ZORICA-PC
# Running from : C:\Users\Zorica\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Program Files\Skillbrains
Folder Deleted : C:\Users\Zorica\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Zorica\AppData\Local\Skillbrains

***** [ Scheduled Tasks ] *****

Task Deleted : update-sys
Task Deleted : update-S-1-5-21-2861581720-2204672646-155532148-1000

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Zorica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SkillBrains
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\pc optimizer pro
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SkillBrains
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\prefs.js ]

Line Deleted : user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_meta.value", "%7B%22zoom.js%22%3A%7B%22id%22%3A820971%2C%22ver%22%3A39%2C%22s[...]
Line Deleted : user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=198484&p={searchTerms}");

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8129 octets] - [04/10/2014 17:44:03]
AdwCleaner[S0].txt - [8099 octets] - [04/10/2014 17:45:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8159 octets] ##########

https://www.mycity.rs/must-login.png
------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.8 (10.04.2014:1)
OS: Windows 7 Ultimate x86
Ran by Zorica on sub 04.10.2014 at 17:52:19,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update secretsauce
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update serialtrunc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util secretsauce
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util serialtrunc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611331111}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611331113}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSecretSauce_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSecretSauce_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilSecretSauce_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilSecretSauce_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SerialTrunc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SerialTrunc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSerialTrunc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSerialTrunc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilSerialTrunc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilSerialTrunc_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Zorica\AppData\Roaming\mozilla\firefox\profiles\pq6l3t1i.default\extensions\staged
Successfully deleted the following from C:\Users\Zorica\AppData\Roaming\mozilla\firefox\profiles\pq6l3t1i.default\prefs.js

user_pref("browser.search.useDBForOrder", "false");
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_820971.value", "%22try%7B%5Cr%5Cnconsole.lo
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_820976.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_820977.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_820978.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_820980.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.name", "GoPhoto.it V9.0");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.value", "%22hxxps%3A//extclickmedia-maynemyltf.netdna-s
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.name", "Torntv V9.0");
Emptied folder: C:\Users\Zorica\AppData\Roaming\mozilla\firefox\profiles\pq6l3t1i.default\minidumps [41 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sub 04.10.2014 at 17:54:46,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.04.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17280
Zorica :: ZORICA-PC [administrator]

4.10.2014 22:19:56
mbar-log-2014-10-04 (22-19-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 317039
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo. Ostaje ti još da ispratiš sljedeć korak za uklanjanje korišćenih alata:


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.


MBAR-ov folder možeš ručno obrisati sa Desktopa.



Arrow

Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v3.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield

Ko je trenutno na forumu
 

Ukupno su 1031 korisnika na forumu :: 42 registrovanih, 6 sakrivenih i 983 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: AK - 230, arsa, Bluper, Bobrock1, comi_pfc, deimos25, djolew, dragoljub11987, FOX, Georgius, Griffon vulture, ikan, kljift, kolle.the.kid, Koridor, Kubovac, kybonacci, ladro, Lieutenant, Mali Rambo, milenko crazy north, MiroslavD, mkukoleca, mrav pesadinac, naki011, nazgul75, Neutral-M, Parker, pirke96, Povratak1912, Srky Boy, stegonosa, Tas011, Toper, Tvrtko I, VJ, Vlada1389, voja64, Volkhov-M, Wrangler, zdrebac, šumar bk2