MyCity » Ambulanta -> Arhiva Ambulante » Hmm, problem

Hmm, problem

Napisano na dan: 20.12.2014
1

Hmm, problem
Sledeća strana Pagination

Idi na vrh

Poslao: 20 Dec 2014 23:55
Idi na vrh
offline
  • Kuryak  Male
  • Novi MyCity građanin
  • Pridružio: 18 Nov 2008
  • Poruke: 12

Najpre veliki pozdrav doktorima,,,
zao mije sto se nisam predstavio vec upadam ovako, jbg sila Boga ne moli,,,

Primetio sam da ste se vec susretali sa youtube acceleratorom i problemima koje on nosi sa sobom,,,
pokusao sam se obracunati sa njime ali i dalje stoji vidljivi problem u Hijackthis-u pa cu i njega okaciti uz Frst,,,

Deinstalacijom youtube acceleratora nastali vec poznati problemi spajanja na internet, ali uspio sam i toda je program obrisan i da sad imam pristup webu,,,

da ne komplikujem previse shvatit cete sami iz logova,,,

Hijackthis log

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014
Ran by jelena (administrator) on JELENA-PC on 20-12-2014 23:46:47
Running from C:\Users\jelena\Desktop
Loaded Profile: jelena (Available profiles: jelena)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Engleski (Sjedinjene Države)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
() C:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2217000260-1719297150-3848716039-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2217000260-1719297150-3848716039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-2217000260-1719297150-3848716039-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-2217000260-1719297150-3848716039-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = [Link mogu videti samo ulogovani korisnici]
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2217000260-1719297150-3848716039-1000 -> {62719372-FA8D-428F-BE32-06ED4A776C1A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{3CC04514-C12B-4C1F-AFB7-B87900D1136F}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> CFBDCDC43159CCE1BD6BC1E80230076C13F6D0CD53C40724EA2DAC33FC7084B4
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Adblock Plus) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (Print) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2014-12-20]
CHR Extension: (Google Novčanik) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Photo Enlarge) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2014-12-20]
CHR StartMenuInternet: Google Chrome - Chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 23:46 - 2014-12-20 23:47 - 00008227 _____ () C:\Users\jelena\Desktop\FRST.txt
2014-12-20 23:45 - 2014-12-20 23:45 - 00017637 _____ () C:\Users\jelena\Desktop\hijackthis.log
2014-12-20 23:05 - 2014-12-20 23:06 - 00003112 _____ () C:\Users\jelena\Documents\cc_20141220_230542.reg
2014-12-20 22:19 - 2014-12-20 22:19 - 00000000 ____D () C:\ProgramData\23405448
2014-12-20 22:14 - 2014-12-20 22:14 - 00000000 ____D () C:\ProgramData\opgbnmjkicibjnefpbicnmjpcjibfmef
2014-12-20 21:32 - 2014-12-20 21:32 - 00028284 _____ () C:\Users\jelena\Documents\cc_20141220_213214.reg
2014-12-20 21:32 - 2014-12-20 21:32 - 00001314 _____ () C:\Users\jelena\Documents\cc_20141220_213232.reg
2014-12-20 19:45 - 2014-12-20 22:22 - 00000000 ____D () C:\AdwCleaner
2014-12-20 19:45 - 2014-12-20 19:45 - 02166272 _____ () C:\Users\jelena\Desktop\AdwCleaner.exe
2014-12-20 18:44 - 2014-12-20 23:46 - 00000000 ____D () C:\FRST
2014-12-20 18:39 - 2014-12-20 18:39 - 01114112 _____ (Farbar) C:\Users\jelena\Desktop\FRST.exe
2014-12-20 17:23 - 2014-12-20 17:23 - 00000000 ____D () C:\ProgramData\llmjjdnglchphfiidpbbnochglbhkihp
2014-12-20 02:30 - 2014-12-20 02:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-19 22:43 - 2014-12-19 22:43 - 00007630 _____ () C:\Users\jelena\AppData\Local\Resmon.ResmonCfg
2014-12-19 21:39 - 2014-12-19 21:39 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-19 20:28 - 2014-12-19 20:28 - 00000000 ____D () C:\Users\jelena\Documents\Stardock
2014-12-19 20:27 - 2014-12-19 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-12-19 20:27 - 2014-12-19 20:27 - 00000000 ____D () C:\Program Files\Common Files\Stardock
2014-12-19 20:24 - 2014-12-19 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-19 19:59 - 2014-12-19 19:59 - 00000000 __RSH () C:\MSDOS.SYS
2014-12-19 19:59 - 2014-12-19 19:59 - 00000000 __RSH () C:\IO.SYS
2014-12-19 17:32 - 2014-12-19 20:24 - 00000000 ____D () C:\Users\jelena\AppData\Roaming\vlc
2014-12-19 17:31 - 2014-12-19 17:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-19 16:59 - 2014-12-19 16:59 - 00000000 ____D () C:\Users\jelena\AppData\Local\Stardock
2014-12-19 16:58 - 2014-12-19 16:58 - 00000000 ____D () C:\Program Files\Stardock
2014-12-19 16:48 - 2014-12-19 20:29 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-19 16:45 - 2014-12-19 16:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jelena\Downloads\revosetup.exe
2014-12-19 16:44 - 2014-12-19 16:45 - 10801480 _____ (VS Revo Group ) C:\Users\jelena\Downloads\RevoUninProSetup.exe
2014-12-19 16:37 - 2014-12-20 22:23 - 00001340 _____ () C:\Windows\Tasks\BBHHA.job
2014-12-19 16:37 - 2014-12-20 01:51 - 00000000 ____D () C:\Program Files\0dc8bd81-a9ed-48fc-8551-84957bbd3fcd
2014-12-19 16:37 - 2014-12-19 16:37 - 01800160 _____ () C:\Users\jelena\AppData\Roaming\BBHHA.exe
2014-12-19 16:36 - 2014-12-19 16:36 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-19 16:36 - 2014-12-19 16:36 - 00000000 ____D () C:\Users\jelena\AppData\Roaming\Opera Software
2014-12-19 16:36 - 2014-12-19 16:36 - 00000000 ____D () C:\Users\jelena\AppData\Local\Opera Software
2014-12-19 16:35 - 2014-12-19 20:03 - 00000000 ____D () C:\Program Files\Opera
2014-12-19 16:35 - 2014-12-19 16:35 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-19 16:32 - 2014-12-20 22:23 - 00001340 _____ () C:\Windows\Tasks\MEGNC.job
2014-12-19 16:32 - 2014-12-20 01:51 - 00000000 ____D () C:\Program Files\017729a9-f683-467b-9aed-f2659dd3cc81
2014-12-19 16:32 - 2014-12-19 16:41 - 01800160 _____ () C:\Users\jelena\AppData\Roaming\MEGNC.exe
2014-12-19 09:30 - 2014-12-19 09:30 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-19 09:22 - 2014-12-19 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-19 09:22 - 2014-12-19 09:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-19 09:18 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 08:57 - 2014-12-19 08:57 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-19 08:57 - 2014-12-19 08:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-19 08:26 - 2014-12-19 08:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-19 08:26 - 2014-12-19 08:26 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-19 08:25 - 2014-12-19 08:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-19 08:20 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-19 08:20 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-19 08:00 - 2014-12-19 08:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-19 08:00 - 2014-12-19 08:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 08:00 - 2014-12-19 08:00 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-19 07:59 - 2014-12-19 08:01 - 00000000 ____D () C:\Users\jelena\AppData\Local\Adobe
2014-12-19 07:44 - 2014-12-19 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-19 07:43 - 2009-02-27 03:42 - 00031640 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2014-12-19 07:42 - 2014-12-19 09:03 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-12-19 07:42 - 2014-12-19 07:42 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-12-19 07:41 - 2014-12-19 07:41 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-19 07:40 - 2014-12-19 07:40 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-12-19 07:39 - 2014-12-19 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 07:39 - 2014-12-19 21:33 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-19 07:39 - 2014-12-19 07:39 - 00000000 __RHD () C:\MSOCache
2014-12-19 07:39 - 2014-12-19 07:39 - 00000000 ____D () C:\Users\jelena\AppData\Local\Microsoft Help
2014-12-19 01:04 - 2014-12-19 01:04 - 00000000 ____D () C:\Users\jelena\AppData\Local\NVIDIA
2014-12-19 01:04 - 2014-12-19 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-19 01:01 - 2014-12-20 22:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-19 01:01 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 03063256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 02556360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 00670552 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-19 01:01 - 2014-07-02 20:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-19 01:01 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-12-19 01:01 - 2014-07-02 06:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-19 01:00 - 2014-12-19 01:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-19 01:00 - 2014-12-19 01:01 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-19 00:29 - 2014-05-08 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-19 00:21 - 2014-12-19 00:21 - 00000000 ____D () C:\Windows\system32\Drivers\hr-HR
2014-12-19 00:21 - 2014-12-19 00:21 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-19 00:21 - 2014-12-19 00:21 - 00000000 ____D () C:\Windows\hr-HR
2014-12-19 00:19 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-19 00:19 - 2012-08-23 15:46 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-12-19 00:19 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-19 00:19 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-19 00:15 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-19 00:15 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-19 00:15 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-19 00:15 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-19 00:15 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-19 00:14 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-19 00:14 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-19 00:14 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-19 00:14 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-19 00:14 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-19 00:14 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-19 00:14 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-19 00:14 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-19 00:14 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-19 00:14 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-19 00:14 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-19 00:08 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-19 00:08 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-19 00:08 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-19 00:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-19 00:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-19 00:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-19 00:08 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-19 00:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-19 00:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-19 00:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-19 00:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-19 00:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-19 00:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-19 00:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-19 00:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-19 00:08 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-19 00:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-19 00:08 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-19 00:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-19 00:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-19 00:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-19 00:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-19 00:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-19 00:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-19 00:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-19 00:08 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-19 00:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-19 00:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-19 00:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-19 00:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-19 00:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-19 00:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-19 00:08 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-19 00:08 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-19 00:08 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-19 00:08 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-19 00:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-19 00:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-19 00:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-19 00:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-19 00:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-18 23:32 - 2014-12-18 23:33 - 00134588 _____ () C:\Users\jelena\Documents\cc_20141218_233232.reg
2014-12-18 22:14 - 2014-12-20 22:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 22:13 - 2014-12-18 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 22:12 - 2014-12-18 22:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-18 22:12 - 2014-12-18 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-18 22:12 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-18 22:12 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-18 22:12 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 21:35 - 2014-12-18 21:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\jelena\Desktop\HijackThis.exe
2014-12-18 20:53 - 2014-12-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-18 20:51 - 2014-12-19 19:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-26 18:12 - 2014-11-26 18:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 23:20 - 2014-07-21 00:14 - 01879833 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 23:14 - 2014-07-21 11:13 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-20 23:04 - 2014-07-21 10:48 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 22:30 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 22:30 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 22:23 - 2014-07-21 10:48 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 22:23 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 21:31 - 2014-07-21 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-20 19:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-12-20 01:52 - 2014-07-21 04:58 - 00000000 ____D () C:\Users\jelena
2014-12-20 01:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-12-20 01:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-12-19 21:45 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2014-12-19 21:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-19 20:30 - 2014-07-21 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 20:24 - 2014-07-21 04:58 - 00000000 ____D () C:\Users\jelena\AppData\Local\VirtualStore
2014-12-19 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-19 20:17 - 2014-10-04 11:24 - 00000000 ____D () C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8
2014-12-19 19:57 - 2014-07-21 10:55 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-19 19:57 - 2014-07-21 10:48 - 00000000 ____D () C:\Users\jelena\AppData\Local\Google
2014-12-19 19:57 - 2011-04-12 03:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-19 19:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-19 19:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-19 09:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-12-19 09:12 - 2014-07-21 10:48 - 00109280 _____ () C:\Users\jelena\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-19 09:12 - 2009-07-14 05:33 - 00407384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-19 09:11 - 2011-04-12 03:24 - 00000000 ____D () C:\Windows\ShellNew
2014-12-19 09:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-19 07:42 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-19 07:41 - 2014-07-21 13:18 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-12-19 07:36 - 2009-07-14 05:53 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-19 01:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2014-12-19 00:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-19 00:23 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 00:21 - 2014-07-21 14:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-19 00:21 - 2011-04-12 03:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-19 00:21 - 2011-04-12 03:16 - 00000000 ____D () C:\Windows\system32\WCN
2014-12-19 00:21 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-19 00:21 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-19 00:21 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-19 00:21 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-12-19 00:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-19 00:13 - 2014-07-21 12:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 00:11 - 2014-07-21 12:48 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 23:50 - 2014-07-21 11:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-18 22:52 - 2014-07-21 12:58 - 00000000 ____D () C:\Users\jelena\AppData\Roaming\BSplayer
2014-12-18 22:46 - 2014-08-16 11:01 - 00000000 ____D () C:\Windows\Minidump
2014-12-18 22:46 - 2014-07-21 10:10 - 00000000 ____D () C:\Windows\Panther
2014-12-18 22:23 - 2014-07-21 11:03 - 00000000 ____D () C:\Users\jelena\AppData\Local\8797
2014-12-18 22:23 - 2014-07-21 11:02 - 00000000 ____D () C:\Users\jelena\AppData\Local\8522
2014-12-18 22:23 - 2014-07-21 10:52 - 00000000 ____D () C:\Users\jelena\AppData\Local\6560
2014-12-18 20:47 - 2010-11-20 22:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 17:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-07 19:31 - 2014-09-17 18:51 - 00000008 __RSH () C:\ProgramData\ntuser.pol

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 22:41

==================== End Of Log ============================

[Link mogu videti samo ulogovani korisnici]



Poslao: 21 Dec 2014 01:38
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

Java Packages



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR Extension: (Print) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2014-12-20]
CHR Extension: (Photo Enlarge) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2014-12-20]
Task: {25710AAA-5DA2-4A71-BA98-F91CC8BEAC24} - System32\Tasks\{1A3715AE-E3CD-4A22-86D3-F32A95E3426A} => pcalua.exe -a "C:\Program Files\YouTube Accelerator\YTAUninstall.exe"
Task: {2CEC2536-78DB-4F50-84CD-E0AC1EE9EDD0} - System32\Tasks\MEGNC => C:\Users\jelena\AppData\Roaming\MEGNC.exe [2014-12-19] () <==== ATTENTION
Task: {4A43B650-AA34-486E-A62C-C83A2B3ADC7A} - System32\Tasks\{E292DF36-84BD-4061-BAF2-FB996A4119A2} => pcalua.exe -a "C:\Program Files\SavePass\Uninstall.exe" -c /fcp=1
Task: {4B817E74-5677-42A7-8E8A-EE1044A3F950} - System32\Tasks\YTAUpdate => C:\PROGRA~1\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {B9704E57-BD85-4D19-8661-B1F575DF3931} - System32\Tasks\{AB732C76-2F6F-4E83-A4DF-D2F83F394443} => pcalua.exe -a "C:\Program Files\Sense\Uninstall.exe" -c /fcp=1
Task: {D849C9E3-E4F1-4600-8AA1-D1AAE3101319} - System32\Tasks\{2796BB70-D307-40D1-8BCF-AD50675A1314} => pcalua.exe -a C:\Users\jelena\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=amt
Task: {E0F0AD81-960D-47D8-8591-900950CA1C51} - System32\Tasks\BBHHA => C:\Users\jelena\AppData\Roaming\BBHHA.exe [2014-12-19] () <==== ATTENTION
Task: C:\Windows\Tasks\BBHHA.job => C:\Users\jelena\AppData\Roaming\BBHHA.exe <==== ATTENTION
Task: C:\Windows\Tasks\MEGNC.job => C:\Users\jelena\AppData\Roaming\MEGNC.exe <==== ATTENTION
C:\ProgramData\opgbnmjkicibjnefpbicnmjpcjibfmef
C:\ProgramData\23405448
C:\ProgramData\llmjjdnglchphfiidpbbnochglbhkihp
C:\ProgramData\IHProtectUpDate
C:\Users\jelena\AppData\Roaming\MEGNC.exe
C:\Program Files\YouTube Accelerator
C:\Program Files\SavePass
C:\Program Files\Sense
C:\Users\jelena\AppData\Roaming\webssearches
C:\Users\jelena\AppData\Roaming\BBHHA.exe
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Imaš instaliranu developer verziju Google Chrome-a.
Idi u Control Idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data.
Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš.

Kada ga deinstaliraš, skini ga sa Google sajta, [Link mogu videti samo ulogovani korisnici] i instaliraj opet.



Arrow Korak 4

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt



Poslao: 21 Dec 2014 09:17
Idi na vrh
offline
  • Kuryak  Male
  • Novi MyCity građanin
  • Pridružio: 18 Nov 2008
  • Poruke: 12

Pre svega zahvaljujem za ulozeni trud,,, Zagrljaj
Urađeno i evo izvjesca,,,


[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]


Ali hijackthis jos uvijek vidi mnogo pokrenutih bad servisa

[Link mogu videti samo ulogovani korisnici]

Poslao: 21 Dec 2014 12:35
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U HijackThis logu ne vidim nijedan bad servis.


Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

Poslao: 21 Dec 2014 15:06
Idi na vrh
offline
  • Kuryak  Male
  • Novi MyCity građanin
  • Pridružio: 18 Nov 2008
  • Poruke: 12

[Link mogu videti samo ulogovani korisnici]

Poslao: 21 Dec 2014 15:15
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ne treba mi zoek.exe već zoek-results.log. Pročitaj uputstvo koej sam ti dao. Smile

Poslao: 21 Dec 2014 15:17
Idi na vrh
offline
  • Kuryak  Male
  • Novi MyCity građanin
  • Pridružio: 18 Nov 2008
  • Poruke: 12

Sorry kriva mapa,,


[Link mogu videti samo ulogovani korisnici]


Zoek.exe v5.0.0.0 Updated 21-December-2014
Tool run by jelena on ned 21.12.2014. at 15:10:31,14.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jelena\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-21-125932.log 669 bytes
C:\zoek-results2014-12-21-135940.log 38504 bytes

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Users\jelena\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k SDRSVC

==== Services(whitelist) ======================
Powered by E Dev

R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [WMPNetworkSvc] - Servis za zajedničko mrežno korištenje sadržaja za Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [NisSrv] - Microsoftova mrežna provjera - c:\program files\microsoft security client\nissrv.exe
R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Usluga Google ažuriranje (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Faks - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Usluga Google ažuriranje (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
R0 - [Mup] - MUP - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [intelide] - intelide - C:\Windows\system32\Drivers\intelide.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Upravljački program TCP/IP protokola - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - TDI upravljački program NetIO nasljeđa - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-12-19 07:26:30 2A66E81AE941E54A237490FC35D387C8 1945 ----a-w- C:\Windows\epplauncher.mif
====== C:\Users\jelena\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2014-12-19 08:18:12 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-19 07:20:54 54540EFB081D4960B5AE3E9F6BFB59A5 2744320 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-12-19 07:20:49 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\System32\mstscax.dll
2014-12-19 07:00:41 B6A67FD67FE93F26BCCE1D23757F767D 701616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2014-12-19 07:00:41 36BEBC479FA64E6BC7F7B9D4CC5D37EA 71344 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-12-19 06:43:35 C52CE534397E1D3A442FB4C88A3CBE42 31640 ----a-w- C:\Windows\System32\msonpmon.dll
2014-12-19 00:01:29 07B6B65A898EEBA1D1B4628DD2300AE2 609240 ----a-w- C:\Windows\System32\nvStreaming.exe
2014-12-19 00:01:19 982B5D8EB4B030F500F1CD32A748586F 62936 ----a-w- C:\Windows\System32\nvshext.dll
2014-12-19 00:01:18 D4DC85256833834B65E1D77CF8785D27 3063256 ----a-w- C:\Windows\System32\nvsvc.dll
2014-12-19 00:01:18 B55FA6AD6C4A74AFC85433490E97C0DE 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-12-19 00:01:18 679C33D2517AB127BBA5586419154743 377288 ----a-w- C:\Windows\System32\nvmctray.dll
2014-12-19 00:01:18 5004DAF6A37C5C73FFCF4D3935A6FE87 670552 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-12-19 00:01:18 41F26C0C40BCAF53CA05D655B7A98F3F 2556360 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-12-19 00:01:18 07D8145BCD7D20EA8694E4FD18451C18 4389848 ----a-w- C:\Windows\System32\nvcpl.dll
2014-12-19 00:01:07 AB61C78F4FF9D69F6CB174876F10F838 61728 ----a-w- C:\Windows\System32\OpenCL.dll
2014-12-18 23:29:46 F70CE04DD355A61DB6FE1B19540CF2F5 13824 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-12-18 23:19:30 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-12-18 23:19:30 3228AB5F8652EAABFF3C5FC7FD0F603A 221184 ----a-w- C:\Windows\System32\rdpudd.dll
2014-12-18 23:15:04 FF0A6E76FAE624AC74780AB008752F98 3209728 ----a-w- C:\Windows\System32\mf.dll
2014-12-18 23:15:04 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-18 23:15:04 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-18 23:15:04 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-18 23:15:04 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\System32\mfps.dll
2014-12-18 23:14:44 F37167FCDB661FD4B54CAD4755ABDD61 32256 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-12-18 23:14:44 D60E27D4BD5A91FCD17D2CB27F86738E 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-18 23:14:43 AF40D823F3B03C7899AEF2293F84D0D7 76288 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-18 23:14:43 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\System32\wksprtPS.dll
2014-12-18 23:14:43 A90F47CDCC0898733596B5070039FC15 14336 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-18 23:14:43 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\System32\tsgqec.dll
2014-12-18 23:14:43 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\System32\rdvidcrl.dll
2014-12-18 23:14:43 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\System32\mstsc.exe
2014-12-18 23:14:43 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2014-12-18 23:14:43 0FC6922517964E9D90DE84DC86F63E40 350208 ----a-w- C:\Windows\System32\wksprt.exe
2014-12-18 23:08:52 E1456E7396022EBE4E5434188D1AC8B0 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-18 23:08:50 8EBAD3A01A65D3580F3F8B9C9F608BDC 1160872 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-18 23:08:49 FC455888F04CD3B5285168DEFB90C55F 159744 ----a-w- C:\Windows\System32\aepic.dll
2014-12-18 23:08:49 E5C2BF29D0FEC787DA91D29787CDB192 873984 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-18 23:08:49 DEB2A13BDCD5939413840AF81CB91BFA 728576 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-18 23:08:49 46ED960D3A6FFF26F73AFAAAD7451B92 610304 ----a-w- C:\Windows\System32\invagent.dll
2014-12-18 23:08:48 DAC0DB8F0F6E6AF26BEBF0538B1BFCB0 315392 ----a-w- C:\Windows\System32\devinv.dll
2014-12-18 23:08:48 8CFB82DF99F9555AF4E4FF33F56A7759 337920 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-18 23:08:47 F25EC3FC42D2689301B1351E7FB6B537 202752 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-18 23:08:41 FE7875DC6ED353C42D9771458351E893 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-12-18 23:08:41 EC5A3E4E21079B9D423AA0760828D678 620032 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-12-18 23:08:41 BA6D49B511A38D9082BE885A05024CC2 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-12-18 23:08:41 759E2FAD5371512C6679FA346719493E 47104 ----a-w- C:\Windows\System32\jsproxy.dll
2014-12-18 23:08:41 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\Windows\System32\vbscript.dll
2014-12-18 23:08:41 35BD045804B67E78F4CAB72CB820AF7F 418304 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-12-18 23:08:41 2EADED07BDA52C1FC5A6D4E1CC5858F0 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-12-18 23:08:41 2ABC5587D582ACCEA30B4CF968C2A4A5 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-12-18 23:08:41 24A091B9A97E9B323B6CE8278B547B20 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-18 23:08:40 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\Windows\System32\wininet.dll
2014-12-18 23:08:39 CF9D05678B02B44FBC8D8AD8C9F30D58 478208 ----a-w- C:\Windows\System32\ieui.dll
2014-12-18 23:08:39 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\Windows\System32\dxtrans.dll
2014-12-18 23:08:38 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\Windows\System32\mshtmled.dll
2014-12-18 23:08:38 2E9E105037AC1274656C3D1125323352 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-12-18 23:08:38 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-12-18 23:08:37 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\Windows\System32\iertutil.dll
2014-12-18 23:08:36 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\Windows\System32\jscript9.dll
2014-12-18 23:08:36 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\Windows\System32\mshtml.dll
2014-12-18 23:08:34 F98B3860BB47089EA8C1504F043E90E9 342200 ----a-w- C:\Windows\System32\iedkcs32.dll
2014-12-18 23:08:34 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\Windows\System32\urlmon.dll
2014-12-18 23:08:34 DEB9476A3CD1A5819DD4504BB7C6BA66 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-12-18 23:08:34 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\Windows\System32\msfeeds.dll
2014-12-18 23:08:34 BB25F69463AD8E7E51B5D9D158B5F8DF 30720 ----a-w- C:\Windows\System32\iernonce.dll
2014-12-18 23:08:34 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-12-18 23:08:34 3F9906067851CE792303E0E64A8381E6 684544 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-12-18 23:08:33 F0BCBD8FCDA145EED53ED66C45CC378B 62464 ----a-w- C:\Windows\System32\iesetup.dll
2014-12-18 23:08:33 930F63D6BC43D4BCD937DFCECDA95F82 168960 ----a-w- C:\Windows\System32\msrating.dll
2014-12-18 23:08:33 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-12-18 23:08:32 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\Windows\System32\ieframe.dll
2014-12-18 23:08:14 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-12-18 23:08:11 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\System32\charmap.exe
2014-12-18 23:07:55 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-12-18 23:07:55 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-12-18 23:07:55 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-12-18 23:07:55 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-18 23:07:55 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\Windows\System32\WsmSvc.dll
====== C:\Windows\system32\drivers =====
2014-12-18 23:19:32 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\drivers\terminpt.sys
2014-12-18 23:19:32 65375DF758CA1872AB7EBBBA457FD5E6 14848 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-12-18 23:14:43 C6A5FBD4977305E1FA23E02C042DB463 49152 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-12-18 23:08:51 7FE680A3DFA421C4A8E4879AE4C5AAB0 74752 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-12-18 21:14:16 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-18 21:12:16 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-18 21:12:16 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-18 21:12:16 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-26 17:12:55 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
2014-12-21 07:42:35 2354BA5FE32072C5F174518E157F4EEC 3932 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2014-12-21 07:42:35 16E93C358DAA50BB0D27EAD41AD2C74F 936 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 07:42:34 B247EEA24DC7A8C00C90FD0F0DEA7978 932 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 07:42:34 93E04627D409115E93D44921416B66B9 3680 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 15:36:33 B4827B6607940C2CECB1A96EBD44F553 3832 ----a-w- C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1419003391
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-12-19 20:39:11 -------- d-----w- C:\Program Files\Common Files\DESIGNER
2014-12-19 19:27:16 -------- d-----w- C:\Program Files\Common Files\Stardock
2014-12-19 16:31:38 -------- d-----w- C:\Program Files\VideoLAN
2014-12-19 15:58:37 -------- d-----w- C:\Program Files\Stardock
2014-12-19 15:48:13 -------- d-----w- C:\Program Files\VS Revo Group
2014-12-19 15:35:29 -------- d-----w- C:\Program Files\Opera
2014-12-19 08:22:03 -------- d-----w- C:\Program Files\Microsoft Silverlight
2014-12-19 06:42:44 -------- d-----w- C:\Program Files\Microsoft Works
2014-12-19 06:42:21 -------- d-----w- C:\Program Files\Microsoft Visual Studio
2014-12-19 06:40:34 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8
2014-12-19 06:39:41 -------- d-----w- C:\Program Files\Microsoft Office
2014-12-19 00:00:49 -------- d-----w- C:\Program Files\NVIDIA Corporation
======= C: =====
2014-12-19 18:59:12 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS
2014-12-19 18:59:12 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS
====== C:\Users\jelena\AppData\Roaming ======
2014-12-21 13:58:26 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-12-21 13:58:26 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-12-21 13:58:26 -------- d-----w- C:\Users\jelena\AppData\Local\Temp
2014-12-21 13:58:26 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-12-21 13:58:26 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-12-19 21:43:53 A0834D9E05BB1EB9B3D2481B43C4BC6B 7630 ----a-w- C:\Users\jelena\AppData\Local\Resmon.ResmonCfg
2014-12-19 19:29:38 -------- d-----w- C:\Users\jelena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2014-12-19 16:32:15 -------- d-----w- C:\Users\jelena\AppData\Roaming\vlc
2014-12-19 15:59:30 -------- d-----w- C:\Users\jelena\AppData\Local\Stardock
2014-12-19 15:36:40 -------- d-----w- C:\Users\jelena\AppData\Local\Opera Software
2014-12-19 15:36:39 -------- d-----w- C:\Users\jelena\AppData\Roaming\Opera Software
2014-12-19 07:57:45 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
2014-12-19 07:57:45 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-19 06:39:46 -------- d-----w- C:\Users\jelena\AppData\Local\Microsoft Help
2014-12-19 00:04:17 -------- d-----w- C:\Users\jelena\AppData\Local\NVIDIA
2014-12-19 00:01:50 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\NVIDIA
====== C:\Users\jelena ======
2014-12-21 07:43:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-20 18:45:04 7AC98BE8593253FDDF8293E1C60B04BA 2166272 ----a-w- C:\Users\jelena\Desktop\AdwCleaner.exe
2014-12-20 17:39:21 09FA6560469ECD71D6F330AD3D27359A 1113600 ----a-w- C:\Users\jelena\Desktop\FRST.exe
2014-12-19 19:27:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-12-19 19:24:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-19 15:45:09 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\jelena\Downloads\revosetup.exe
2014-12-19 15:44:34 5F200A1A68AB2FCD74F3D9324955EFDB 10801480 ----a-w- C:\Users\jelena\Downloads\RevoUninProSetup.exe
2014-12-19 08:22:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-19 06:44:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-19 06:39:40 -------- d-----w- C:\ProgramData\Microsoft Help
2014-12-19 00:04:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-19 00:01:41 -------- d-----w- C:\ProgramData\NVIDIA
2014-12-19 00:00:54 -------- d-----w- C:\ProgramData\NVIDIA Corporation

====== C: exe-files ==
2014-12-21 07:43:25 205E775B4B2C165922203A390B115523 40747600 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.95\39.0.2171.95_chrome_installer.exe
2014-12-21 07:42:33 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
2014-12-21 07:42:33 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
2014-12-21 07:42:32 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe
2014-12-21 07:42:32 3B48AD813C32CC752341B390477AB92B 880784 ----a-w- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
2014-12-21 07:42:31 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdate.exe
2014-12-21 07:42:31 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
2014-12-21 07:42:31 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
2014-12-21 07:42:31 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
2014-12-20 18:45:04 7AC98BE8593253FDDF8293E1C60B04BA 2166272 ----a-w- C:\Users\jelena\Desktop\AdwCleaner.exe
2014-12-20 17:39:21 09FA6560469ECD71D6F330AD3D27359A 1113600 ----a-w- C:\Users\jelena\Desktop\FRST.exe
2014-12-19 19:29:39 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
2014-12-19 19:27:31 B8160BEEA290D06839634ADCDC454928 380928 ----a-w- C:\Program Files\Stardock\ObjectDock\Lang\ODTranslateAid.exe
2014-12-19 19:27:17 B0B8BE5736A798808F08CF63AC07A5C6 3444008 ----a-w- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
2014-12-19 19:27:17 2DE21D94BB9516513BAA75DD9DEE0F21 106760 ----a-w- C:\Program Files\Stardock\ObjectDock\Dock64.exe
2014-12-19 19:27:12 3A938ED2427DF10E571041069E6980CB 162304 ----a-w- C:\Program Files\Stardock\ObjectDock\UNWISE.EXE
2014-12-19 19:24:15 52437302E4A48A6915AFE987423A1587 275217 ----a-w- C:\Program Files\VideoLAN\VLC\uninstall.exe
2014-12-19 15:45:09 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\jelena\Downloads\revosetup.exe
2014-12-19 15:44:34 5F200A1A68AB2FCD74F3D9324955EFDB 10801480 ----a-w- C:\Users\jelena\Downloads\RevoUninProSetup.exe
2014-12-19 15:36:32 EEF3F22892837F327BD609CDDB0961C4 466040 ----a-w- C:\Program Files\Opera\launcher.exe
2014-12-19 15:36:32 D949F74A64BA9181348D740EA233FE3B 3227768 ----a-w- C:\Program Files\Opera\26.0.1656.60\opera_autoupdate.exe
2014-12-19 15:36:32 0D9A46339F79E568B4A21CFDFDBB635F 535160 ----a-w- C:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
2014-12-19 15:36:32 01FAAA8678A4B7A618ECB0E6B8531A3D 73336 ----a-w- C:\Program Files\Opera\26.0.1656.60\wow_helper.exe
2014-12-19 15:36:31 A3DAE3974C421BC03B6C0B84FDCB5612 1265272 ----a-w- C:\Program Files\Opera\26.0.1656.60\installer.exe
2014-12-19 15:36:31 16C09F21868E91A0BCE25B4AA7C67114 50337912 ----a-w- C:\Program Files\Opera\26.0.1656.60\opera.exe
2014-12-19 08:18:12 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-19 07:02:00 95B8A4245A6CD37D36E56FAE5A23E2B1 463152 ----a-w- C:\MSOCache\All Users\{90120000-0100-041A-0000-0000000FF1CE}-C\setup.exe
2014-12-19 07:01:52 5A432A042DAE460ABE7199B758E8606C 145184 ----a-w- C:\MSOCache\All Users\{90120000-0100-041A-0000-0000000FF1CE}-C\ose.exe
2014-12-19 07:01:50 C6D0721E9156EB2A40A04BB38BE0B2A5 813384 ----a-w- C:\MSOCache\All Users\{90120000-006E-041A-0000-0000000FF1CE}-C\DW20.EXE
2014-12-19 07:01:50 29E177C7BB7343F365F12AD9A8AF4C48 434528 ----a-w- C:\MSOCache\All Users\{90120000-006E-041A-0000-0000000FF1CE}-C\dwtrig20.exe
2014-12-19 07:00:41 B6A67FD67FE93F26BCCE1D23757F767D 701616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2014-12-19 00:05:26 AA5D818D6FF0AD757D0DA4A982B63F37 331952 ----a-w- C:\Users\jelena\AppData\Local\NVIDIA\NvBackend\Packages\000063ef\DRS update.18761999.exe
2014-12-19 00:01:57 5E12F3C445931555B33BB63A7798AEE8 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{A3B474FB-E7AB-45F4-BC89-3230CE3EB015}\setup.exe
2014-12-19 00:01:51 5E12F3C445931555B33BB63A7798AEE8 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{1D4E2B55-50C7-424D-8321-5791DD36D886}\setup.exe
2014-12-19 00:01:49 F6C586C6D7A253ACA913FB49831797DE 1795872 ----a-w- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
2014-12-19 00:01:30 E97C9A5DD0E5CA746718C4874EC9C360 2604544 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvsttest.exe
2014-12-19 00:01:30 946B936D054FD437669DB963336C2AD0 1900888 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvstview.exe
2014-12-19 00:01:30 15D20333674D1F9BD576F89887E60435 8351520 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\NVStWiz.exe
2014-12-19 00:01:29 C030E7E24BA459FF95F5ACF56910F7A3 439752 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvstreg.exe
2014-12-19 00:01:29 5EA8C7C5CDF228E16C571DAAD8CE5360 827680 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe
2014-12-19 00:01:29 5DA84663B5DC64AF9D5E944D809A6099 413128 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2014-12-19 00:01:29 265738053949C8AACD43C5556196BD31 1101088 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe
2014-12-19 00:01:29 148372BA8B6185A49927EC4820BC3BF3 896344 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\NvStereoUtilityOGL.exe
2014-12-19 00:01:29 07B6B65A898EEBA1D1B4628DD2300AE2 609240 ----a-w- C:\Windows\System32\nvStreaming.exe
2014-12-19 00:01:18 EA09FCC1DA2548150A8EFD84AC3FD99A 64456 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp.exe
2014-12-19 00:01:18 A55C7D137652544A3B96BEC3473CD24B 5919520 ----a-w- C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
2014-12-19 00:01:18 8E18B7366F88ABB9B322A8C96A081151 1818968 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2014-12-19 00:01:18 73DFCA5CDC2E24473841A6AB39AE0CDF 2801952 ----a-w- C:\Program Files\NVIDIA Corporation\Control Panel Client\NvGpuUtilization.exe
2014-12-19 00:01:18 60AFE8883F45F41234BEEEF16660129A 940320 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
2014-12-19 00:01:18 5004DAF6A37C5C73FFCF4D3935A6FE87 670552 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-12-19 00:01:16 4EA9134CB273B4F0E07C36171B568FA7 412504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{F8B802C1-6FF4-44D4-BB6B-806681E3DC54}\setup.exe
2014-12-19 00:01:02 B12A490B9F29FC2A8DFAD0103B8B9448 76096 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{EF46F655-ACB7-4CC8-BBBE-450124C369E2}\nvsetup.exe
2014-12-19 00:01:02 8AEAB3267798CA03960FF4D0181FB89B 30509040 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{EF46F655-ACB7-4CC8-BBBE-450124C369E2}\NvCplSetupEng.exe
2014-12-19 00:01:02 50D6A68C67232609649DD6B6F0BA65E9 18752896 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.{275629FB-67AC-4523-82FC-4762C3EFE46D}\3DVision.exe
2014-12-19 00:01:00 931CABEBCAB4623AB64718496DC2BC1F 80082168 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{EF46F655-ACB7-4CC8-BBBE-450124C369E2}\NvCplSetupInt.exe
2014-12-19 00:01:00 54B0AC0509E09ACDC701802190FFBCEA 379864 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{EF46F655-ACB7-4CC8-BBBE-450124C369E2}\dbInstaller.exe
2014-12-19 00:00:56 5E12F3C445931555B33BB63A7798AEE8 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{95FD1F62-045B-401D-8BCE-DFF5CB67DFC4}\setup.exe
2014-12-18 23:15:04 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-18 23:15:04 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-18 23:14:44 D60E27D4BD5A91FCD17D2CB27F86738E 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-18 23:14:43 AF40D823F3B03C7899AEF2293F84D0D7 76288 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-18 23:14:43 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\System32\mstsc.exe
2014-12-18 23:14:43 0FC6922517964E9D90DE84DC86F63E40 350208 ----a-w- C:\Windows\System32\wksprt.exe
2014-12-18 23:08:50 8EBAD3A01A65D3580F3F8B9C9F608BDC 1160872 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-18 23:08:49 2CBC9BFDA640160A1E8AB5F14B1634F9 62624 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe
2014-12-18 23:08:47 F2E2F379E2B3F44206AD4A2B6746A36C 42656 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-12-18 23:08:47 0E7DF272B045808C95A1B2CB06AF8DBE 138912 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-12-18 23:08:41 FE7875DC6ED353C42D9771458351E893 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-12-18 23:08:41 24A091B9A97E9B323B6CE8278B547B20 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-18 23:08:34 A8A8FD02E3A9264A603892DE1F522166 221184 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-12-18 23:08:34 3F9906067851CE792303E0E64A8381E6 684544 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-12-18 23:08:33 43CE0C99DBC0F96DB2B7259B0BE0930E 468992 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-12-18 23:08:31 A24BFBAE8B50A6780B68FF3673FAB52F 815280 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-12-18 23:08:14 DEF30B58859FBA3458DCA4057AAABA7A 40448 ----a-w- C:\Windows\servicing\GC32\tzupd.exe
2014-12-18 23:08:11 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\System32\charmap.exe
2014-12-18 23:07:55 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
=== C: other files ==
2014-12-19 18:59:12 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS
2014-12-19 18:59:12 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS
2014-12-19 15:43:46 52DE60AE2E529F3A54516FB116C198F7 757111 ----a-w- C:\Users\jelena\AppData\Roaming\Opera Software\Opera Stable\dictionaries\hr.zip
2014-12-19 00:02:00 F4992A26D629288ADBBDC3A715629FA1 163104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{112A1DA7-CCC8-4422-99A7-8EBC8C345684}\nvhda64.sys
2014-12-19 00:02:00 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{112A1DA7-CCC8-4422-99A7-8EBC8C345684}\nvhda64v.sys
2014-12-19 00:02:00 C210DB4776C094D9A7A0EAAE8E45A5DE 452056 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{B707FB24-2C78-4461-8A2E-59E83E2233D1}\nvstusb64.sys
2014-12-19 00:02:00 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{112A1DA7-CCC8-4422-99A7-8EBC8C345684}\nvhda32v.sys
2014-12-19 00:02:00 71E400FE3AFBA04B82DFD7F732905DBD 435416 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{B707FB24-2C78-4461-8A2E-59E83E2233D1}\nvstusb32.sys
2014-12-19 00:02:00 47FEB587AAE06F6717FCABF8BCF184FD 129312 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{112A1DA7-CCC8-4422-99A7-8EBC8C345684}\nvhda32.sys
2014-12-19 00:01:57 F7CDB1E9976C6ED003D70648A858D221 15704 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{A3B474FB-E7AB-45F4-BC89-3230CE3EB015}\NVI2SystemService64.sys
2014-12-19 00:01:57 223A20CFCD3DB8334342D8A3AF7A4FA3 16840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{A3B474FB-E7AB-45F4-BC89-3230CE3EB015}\NVI2SystemService32.sys
2014-12-19 00:01:55 F4992A26D629288ADBBDC3A715629FA1 163104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{AA7804B1-4B80-4E74-8B18-EFFE3E439D6F}\nvhda64.sys
2014-12-19 00:01:55 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{AA7804B1-4B80-4E74-8B18-EFFE3E439D6F}\nvhda64v.sys
2014-12-19 00:01:55 C210DB4776C094D9A7A0EAAE8E45A5DE 452056 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{D4D4D375-A116-4BE4-811C-7A3CB5442B15}\nvstusb64.sys
2014-12-19 00:01:55 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{AA7804B1-4B80-4E74-8B18-EFFE3E439D6F}\nvhda32v.sys
2014-12-19 00:01:55 71E400FE3AFBA04B82DFD7F732905DBD 435416 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{D4D4D375-A116-4BE4-811C-7A3CB5442B15}\nvstusb32.sys
2014-12-19 00:01:55 47FEB587AAE06F6717FCABF8BCF184FD 129312 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{AA7804B1-4B80-4E74-8B18-EFFE3E439D6F}\nvhda32.sys
2014-12-19 00:01:51 F7CDB1E9976C6ED003D70648A858D221 15704 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{1D4E2B55-50C7-424D-8321-5791DD36D886}\NVI2SystemService64.sys
2014-12-19 00:01:51 223A20CFCD3DB8334342D8A3AF7A4FA3 16840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{1D4E2B55-50C7-424D-8321-5791DD36D886}\NVI2SystemService32.sys
2014-12-19 00:00:56 F7CDB1E9976C6ED003D70648A858D221 15704 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{95FD1F62-045B-401D-8BCE-DFF5CB67DFC4}\NVI2SystemService64.sys
2014-12-19 00:00:56 223A20CFCD3DB8334342D8A3AF7A4FA3 16840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{95FD1F62-045B-401D-8BCE-DFF5CB67DFC4}\NVI2SystemService32.sys
2014-12-18 23:19:32 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\DriverStore\FileRepository\termmou.inf_x86_neutral_0e28c761f9ae155a\terminpt.sys
2014-12-18 23:19:32 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_x86_neutral_339f71420b21f4a1\terminpt.sys
2014-12-18 23:19:32 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\drivers\terminpt.sys
2014-12-18 23:19:32 65375DF758CA1872AB7EBBBA457FD5E6 14848 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-12-18 23:19:31 57C527AF84748B5C2F5178C499C0B81F 27136 ----a-w- C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_x86_neutral_93ae7b205b7d38be\TsUsbGD.sys
2014-12-18 23:14:44 7E6E0797EB91F1D63641058416044313 26880 ----a-w- C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_x86_neutral_9002d2f3f0cfc5e0\TsUsbGD.sys
2014-12-18 23:14:43 C6A5FBD4977305E1FA23E02C042DB463 49152 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-12-18 23:08:51 7FE680A3DFA421C4A8E4879AE4C5AAB0 74752 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-12-18 21:14:16 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-18 21:12:16 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-18 21:12:16 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-18 21:12:16 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2217000260-1719297150-3848716039-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21.12.2014. 08:42]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21.12.2014. 08:42]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Opera scheduled Autoupdate 1419003391" [C:\Program Files\Opera\launcher.exe]

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Could not determine latest Stable Version)


Google Slides - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
selector is not a valid CSS selector - jelena\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{62719372-FA8D-428F-BE32-06ED4A776C1A} Google Url="https://www.google.com/search?q={searchTerms}"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=92 folders=18 1475692 bytes)

==== EOF on ned 21.12.2014. at 15:13:56,37 ======================

Poslao: 21 Dec 2014 15:24
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

oidhhegpmlfpoeialbgcdocjalghfpkp;chr
emptyalltemp;
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

Poslao: 21 Dec 2014 15:52
Idi na vrh
offline
  • Kuryak  Male
  • Novi MyCity građanin
  • Pridružio: 18 Nov 2008
  • Poruke: 12

log
[Link mogu videti samo ulogovani korisnici]

Poslao: 21 Dec 2014 15:53
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

MyCity » Ambulanta -> Arhiva Ambulante » Hmm, problem

Ko je trenutno na forumu
 

Ukupno su 1118 korisnika na forumu :: 92 registrovanih, 10 sakrivenih i 1016 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 015, 9k38, Ailton, alberto, Aleksa 3215, Aleksej, AleksSE, Alexa77, alexbr, Alibaba1981, ArchaBasha, Armadillo, Arsenije, Ba4e, bbelic, bobo85, Bobrock1, bokki, brufen, Centauro, Cian, coaaco, Dare, darkdruid72, Dejan_vw, Denaya, Djokislav, Draganeli, Drugsparrow, dule10savic, eagle.rs, ElvisP, FOX, Hemi, HrcAk47, hyla, ivan1973, Jakonjveliki, jodzula, Jose, Jovan1983, Kobrim, KonstantinR, Kubovac, ladro, LjutaGuja, Mae, Magistar78, mikidragi, milenko crazy north, milos.cbr, MilosKop, milutin134, Mldo, momcilob55, Mzee, nekdo, NNPD, opt1, Orc, Paklenica, pein, Petarvu, PlayerOne, Podljub, Povratak1912, procesor, proka89, radoznao, Razdroid, Relixiran, repac, SamostalniReferent, Shadows1, Shinobi, Smajser, ss10, stegonosa, Str2022, styg, suton, synergia, Tafocus, tenkiasta71, vensla, vladaa012, vladas87, Vlado82, voja64, Vojkan Petrovic, yrraf, zlaya011