MyCity » Ambulanta -> Arhiva Ambulante » Malveru sa ruskog sajta

Malveru sa ruskog sajta

Napisano na dan: 29.9.2015

Strana:
1
2

Malveru sa ruskog sajta

Sledeća strana

Pagination

Odgovori

Strana:
1
2

ScreenSaver Poslao: 29 Sep 2015 22:43 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 29 Sep 2015 22:34 Dam računar drugome i odmah problemi. Naime, prijatelj je pokušao da skine nešto sa nekog ruskog sajta i Avast je počeo da prijavljuje kako je blokirao proces i non stop obavestavao. Onda je taj ruski sajt postavio na sve pretraživače svoju stranicu kao početnu. Računar je skeniran Adw Clenaner, gde je očistio šta je našao, ali opet u browseru, posle restarta računara ruska stranica kao početna. Nakon toga Malwarebyutom i našao je sledeće Trojan Sathurbot Ni brisanje nekog Amiga iz Control Panela, kao i podešavanje u Browseru da google bude početna stranica nije bila od pomoći. Zapravo, iz browsera je uklonio pretnje, ali po radu računara imam utisak da virusi postoje Neće da vrši pretragu na adresnoj traci, već samo preusmerava na google.rs, pa sa googla hoće da ide na bilo koji sajt Evo i izveštaja: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01 Ran by SnooPy (administrator) on TANJA (29-09-2015 22:22:30) Running from C:\Users\SnooPy\Downloads Loaded Profiles: SnooPy & (Available Profiles: SnooPy) Platform: Microsoft Windows 10 Pro (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\SrTasks.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [Bonus.SSR.FR11] => C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [933640 2012-01-19] (ABBYY.) HKLM\...\Run: [ITSecMng] => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3528392 2015-08-19] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-14] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [Lync] => D:\Program Files\Microsoft Office\Office15\lync.exe [24111688 2015-08-12] (Microsoft Corporation) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [hRAK33NAtu6s] => "C:\Users\SnooPy\AppData\Local\Mail.ru\Sputnik\ptls\hRAK33NAtu6s.exe" -ptls HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [lzbkkmvidj] => explorer "http://ryadkara.ru/?utm_source=uoua03&utm_content=27855a2c57f8342969344fb2fcf90a99&utm_term=49FA0EAE2450E826AF3EE023505A0B6C" <===== ATTENTION HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Lync] => D:\Program Files\Microsoft Office\Office15\lync.exe [24111688 2015-08-12] (Microsoft Corporation) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [hRAK33NAtu6s] => "C:\Users\SnooPy\AppData\Local\Mail.ru\Sputnik\ptls\hRAK33NAtu6s.exe" -ptls HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [lzbkkmvidj] => explorer "http://ryadkara.ru/?utm_source=uoua03&utm_content=27855a2c57f8342969344fb2fcf90a99&utm_term=49FA0EAE2450E826AF3EE023505A0B6C" <===== ATTENTION HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-14] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{02ead1aa-43f4-4fa2-b5bb-a7f38a818bda}: [NameServer] 194.106.162.10,194.106.162.3 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg&gp=blackbear15 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-14] (AVAST Software) BHO: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\SnooPy\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default FF DefaultSearchEngine: Поиск@Mail.Ru FF SelectedSearchEngine: Поиск@Mail.Ru FF Homepage: [Link mogu videti samo ulogovani korisnici] FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-25] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-14] Chrome: ======= CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici] CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=blackbear15" CHR DefaultSearchURL: Default -> [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg CHR DefaultSearchKeyword: Default -> mail.ru_ CHR DefaultSuggestURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms} CHR Profile: C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast SafePrice) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-20] CHR Extension: (AdBlock) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-28] CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-19] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-14] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-14] CHR HKLM\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - [Link mogu videti samo ulogovani korisnici] CHR HKLM\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - [Link mogu videti samo ulogovani korisnici] CHR HKLM\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - [Link mogu videti samo ulogovani korisnici] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-14] (AVAST Software) S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290208 2015-07-30] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283552 2015-07-30] (Intel Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [141968 2012-09-27] (Realtek Semiconductor) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-08-19] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation) S2 Updater.Mail.Ru; C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe --s [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AIDA64Driver; C:\Program Files\FinalWire\AIDA64 Extreme\kerneld.x32 [33616 2015-03-23] () R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-14] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-14] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81728 2015-09-14] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-14] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-14] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-14] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [113592 2015-09-14] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-14] (AVAST Software) S3 BazisVirtualCDBus; C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [121176 2015-06-03] (Sysprogs OU) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-06-16] (BlueStack Systems) R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [193536 2015-07-10] (Microsoft Corporation) R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [13224 2006-10-20] (Chicony) R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35904 2015-06-26] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [55104 2012-07-18] (Intel Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek ) R3 RtkBtFilter2; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [58112 2015-06-01] (Realtek Microelectronics) R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3215360 2015-07-10] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-08-19] (Synaptics Incorporated) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [50280 2015-07-29] (Toshiba Corporation) S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation) R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [22104 2015-05-25] (SplitmediaLabs Limited) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-29 22:22 - 2015-09-29 22:23 - 00019203 _____ C:\Users\SnooPy\Downloads\FRST.txt 2015-09-29 22:22 - 2015-09-29 22:22 - 00000000 ____D C:\FRST 2015-09-29 22:15 - 2015-09-29 22:16 - 01696256 _____ (Farbar) C:\Users\SnooPy\Downloads\FRST.exe 2015-09-29 21:51 - 2015-09-29 21:54 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-09-29 21:50 - 2015-09-29 21:50 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-09-29 21:50 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-09-29 21:50 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-09-29 21:50 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-09-29 21:46 - 2015-09-29 21:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\SnooPy\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-29 21:42 - 2015-09-29 21:42 - 00016148 _____ C:\WINDOWS\system32\TANJA_SnooPy_HistoryPrediction.bin 2015-09-29 21:38 - 2015-09-29 21:38 - 01670656 _____ C:\Users\SnooPy\Downloads\adwcleaner_5.009.exe 2015-09-29 21:36 - 2015-09-29 21:36 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (3).torrent 2015-09-29 21:36 - 2015-09-29 21:36 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (2).torrent 2015-09-29 21:36 - 2015-09-29 21:36 - 00002361 _____ C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk 2015-09-29 21:36 - 2015-09-29 21:36 - 00002336 _____ C:\Users\SnooPy\Desktop\Amigo.lnk 2015-09-29 21:35 - 2015-09-29 21:35 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (1).torrent 2015-09-29 21:34 - 2015-09-29 21:34 - 00016066 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF.torrent 2015-09-29 21:34 - 2015-09-29 21:34 - 00000000 ____D C:\Users\SnooPy\Downloads\Flash SlideShow Maker Professional 2015-09-29 21:34 - 2015-09-29 21:34 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Вoйти в Интeрнет 2015-09-29 21:31 - 2015-09-29 21:35 - 06111234 _____ C:\Users\SnooPy\Downloads\Alivemedia.Flash.Slideshow.Maker.v1.2.9.2-BEAN.rar 2015-09-29 21:30 - 2015-09-29 21:30 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Поиcк в Интeрнете 2015-09-29 21:28 - 2015-09-29 21:28 - 00000000 ____D C:\Users\SnooPy\Downloads\Macromedia Flash 8 Professional 2015-09-29 21:28 - 2015-09-29 21:28 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\MailProducts 2015-09-29 21:27 - 2015-09-29 21:27 - 00016141 _____ C:\Users\SnooPy\Downloads\torrent -mach3 r3042040 torrent.torrent 2015-09-29 21:12 - 2015-09-29 21:16 - 08670724 _____ C:\Users\SnooPy\Downloads\NextWap.Net-Mach3_Cnc_+_License.rar.rar 2015-09-29 20:56 - 2015-09-29 20:56 - 01466880 _____ C:\Users\SnooPy\Downloads\Atom Pack v1.5.exe 2015-09-22 21:35 - 2015-09-22 21:36 - 00745390 _____ C:\Users\SnooPy\Downloads\shoutcast-dsp-2-3-4-windows.exe 2015-09-22 09:59 - 2015-09-26 23:23 - 04254904 _____ C:\Users\SnooPy\Desktop\milica.rar 2015-09-22 00:13 - 2015-09-22 00:13 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder (3) 2015-09-21 20:26 - 2015-09-21 20:26 - 00001210 _____ C:\Users\SnooPy\Desktop\AIDA64 Extreme.lnk 2015-09-21 20:26 - 2015-09-21 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2015-09-21 20:25 - 2015-09-21 20:25 - 00000000 ____D C:\Program Files\FinalWire 2015-09-21 20:24 - 2015-09-21 20:25 - 15630512 _____ (FinalWire Ltd. ) C:\Users\SnooPy\Downloads\aida64extreme520.exe 2015-09-20 01:52 - 2015-09-20 01:52 - 00006812 _____ C:\Users\SnooPy\Downloads\jjj1 (1).rar 2015-09-20 01:42 - 2015-09-20 01:42 - 00006812 _____ C:\Users\SnooPy\Downloads\jjj1.rar 2015-09-20 00:41 - 2015-09-26 23:22 - 00000000 ____D C:\Users\SnooPy\Desktop\milica 2015-09-19 23:36 - 2015-09-19 23:36 - 00004308 _____ C:\Users\SnooPy\Downloads\dbz_abridg_f1414352292.zip 2015-09-18 20:15 - 2015-09-18 20:15 - 07368965 _____ C:\Users\SnooPy\Downloads\TL-WN722N_V1_140918.zip 2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Sun 2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Users\SnooPy\.oracle_jre_usage 2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Program Files\Common Files\Java 2015-09-18 18:54 - 2015-09-18 18:54 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-09-18 18:54 - 2015-09-18 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-18 18:50 - 2015-09-18 18:50 - 00584288 _____ (Oracle Corporation) C:\Users\SnooPy\Downloads\JavaSetup8u60.exe 2015-09-18 14:37 - 2015-09-18 14:37 - 00042557 _____ C:\Users\SnooPy\Downloads\New-folder-3.rar 2015-09-18 14:32 - 2015-09-18 14:32 - 00008089 _____ C:\Users\SnooPy\Downloads\Untitled-1.rar 2015-09-18 14:28 - 2015-09-18 14:28 - 00035693 _____ C:\Users\SnooPy\Downloads\digimon1.rar 2015-09-18 14:26 - 2015-09-18 14:26 - 00044594 _____ C:\Users\SnooPy\Downloads\New-folder-2.rar 2015-09-18 14:12 - 2015-09-18 14:12 - 00101758 _____ C:\Users\SnooPy\Downloads\Digimon_Logo.rar 2015-09-18 14:09 - 2015-09-18 14:09 - 02204363 _____ C:\Users\SnooPy\Downloads\partytime.zip 2015-09-18 13:04 - 2015-09-18 13:04 - 01496299 _____ C:\Users\SnooPy\Downloads\templatemo_350_soft_link.rar 2015-09-16 15:53 - 2015-09-16 15:53 - 00337155 _____ C:\Users\SnooPy\Downloads\nije-mogla-da-je-ostavi-bebin-plac-vratio-majku-u-zivot-clanak-1933957.htm 2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ___RD C:\Users\SnooPy\3D Objects 2015-09-16 02:06 - 2015-09-16 02:06 - 19731964 _____ C:\Users\SnooPy\Downloads\free_css_full_site.zip 2015-09-15 23:25 - 2015-09-15 23:25 - 00549898 _____ C:\Users\SnooPy\Downloads\image-slider-widget.1.1.29.zip 2015-09-15 20:00 - 2015-09-15 20:00 - 04258324 _____ C:\Users\SnooPy\Downloads\MILICA-SAJT.zip 2015-09-15 15:29 - 2015-09-15 15:29 - 00000132 _____ C:\Users\SnooPy\AppData\Roaming\Adobe GIF Format CS6 Prefs 2015-09-15 15:27 - 2015-09-15 15:29 - 00000000 ____D C:\Users\SnooPy\AppData\Local\paint.net 2015-09-15 15:27 - 2015-09-15 15:27 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2015-09-15 15:27 - 2015-09-15 15:27 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk 2015-09-15 15:27 - 2015-09-15 15:27 - 00000000 ____D C:\Program Files\paint.net 2015-09-15 15:26 - 2015-09-15 15:26 - 06557455 _____ C:\Users\SnooPy\Downloads\paint.net.4.0.6.install.zip 2015-09-14 20:31 - 2015-09-14 20:31 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\AVAST Software 2015-09-14 20:29 - 2015-09-14 20:29 - 00002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-09-14 20:29 - 2015-09-14 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-09-14 20:28 - 2015-09-14 20:28 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00113592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00081728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-09-14 20:28 - 2015-09-14 20:27 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-09-14 20:28 - 2015-09-14 20:27 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-09-14 20:27 - 2015-09-14 20:27 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-09-14 20:23 - 2015-09-14 20:23 - 00000000 ____D C:\Program Files\AVAST Software 2015-09-14 20:20 - 2015-09-14 20:20 - 05481336 _____ (Avast Software s.r.o.) C:\Users\SnooPy\Downloads\avast_free_antivirus_setup_online_cnet.exe 2015-09-14 20:00 - 2015-09-14 20:00 - 00302161 _____ C:\Users\SnooPy\Downloads\267198_492103620_CBS.rar 2015-09-13 23:02 - 2015-09-13 23:05 - 00000430 _____ C:\Users\SnooPy\.swfinfo 2015-09-13 01:35 - 2015-09-13 01:38 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder (2) 2015-09-11 19:57 - 2015-09-11 19:57 - 01100672 _____ C:\Users\SnooPy\Downloads\Kristijan Golubović - Skok na Zoricu Markovic i društvo - FARMA 6.mp4 2015-09-09 22:52 - 2015-09-09 22:52 - 00000000 ____D C:\WINDOWS\PCHEALTH 2015-09-09 02:18 - 2015-09-02 02:31 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-09-09 02:18 - 2015-09-02 02:30 - 01134080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-09-09 02:18 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-09 02:18 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-09-09 02:18 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-09-09 02:18 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-09 02:18 - 2015-08-27 07:19 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-09 02:18 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-09-09 02:18 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-09 02:18 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-09 02:18 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-09 02:18 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-09 02:18 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-09 02:18 - 2015-08-27 07:11 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll 2015-09-09 02:18 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-09 02:18 - 2015-08-27 07:10 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-09-09 02:18 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-09 02:17 - 2015-09-02 04:04 - 00069208 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-09-09 02:17 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-06 22:26 - 2015-09-06 22:26 - 00000000 ____D C:\Users\SnooPy\Documents\Adobe 2015-09-06 22:22 - 2015-09-06 22:22 - 00000000 ____D C:\Users\SnooPy\AppData\Local\4kdownload.com 2015-09-06 12:00 - 2015-09-06 12:00 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Macromedia 2015-09-06 11:55 - 2015-09-06 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia 2015-09-06 11:55 - 2015-09-06 11:57 - 00000000 ____D C:\Program Files\Common Files\Macromedia 2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\WINDOWS\system32\QuickTime 2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\ProgramData\Macromedia 2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\Program Files\Macromedia 2015-09-06 11:54 - 2015-09-06 11:54 - 00000000 ____D C:\WINDOWS\Downloaded Installations 2015-09-06 11:54 - 2015-09-06 11:54 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2015-09-06 02:06 - 2015-09-06 02:06 - 00000000 ____D C:\Users\SnooPy\Documents\Anvsoft 2015-09-06 02:06 - 2015-09-06 02:06 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Anvsoft 2015-09-04 21:21 - 2015-09-04 21:21 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2015-09-04 21:21 - 2015-09-04 21:21 - 00000000 ____D C:\Users\Public\Documents\Adobe 2015-09-04 00:23 - 2015-09-04 00:23 - 00000000 ____D C:\Users\SnooPy\Documents\My Smilebox Creations 2015-09-02 13:17 - 2015-09-18 13:56 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder 2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ___RD C:\Program Files\Skype 2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-09-01 00:31 - 2015-09-18 15:21 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-09-01 00:31 - 2015-09-18 15:21 - 00000986 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-09-01 00:31 - 2015-09-01 01:57 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\TeamViewer 2015-09-01 00:30 - 2015-09-18 15:21 - 00000000 ____D C:\Program Files\TeamViewer 2015-08-31 15:51 - 2015-08-31 15:51 - 00000000 ____D C:\Program Files\DIFX 2015-08-31 15:50 - 2015-08-31 15:50 - 00000000 ____D C:\adb ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-29 22:23 - 2015-07-23 00:08 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-09-29 22:23 - 2015-07-23 00:08 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-09-29 22:22 - 2015-07-19 16:14 - 00002196 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-29 21:42 - 2015-07-19 16:12 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-29 21:42 - 2015-07-19 16:04 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-29 21:41 - 2015-08-19 01:55 - 00013246 _____ C:\WINDOWS\PFRO.log 2015-09-29 21:41 - 2015-07-10 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-29 21:41 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\sru 2015-09-29 21:41 - 2015-07-10 08:59 - 01835008 ___SH C:\WINDOWS\system32\config\BBI 2015-09-29 21:40 - 2015-07-21 09:58 - 00000000 ____D C:\AdwCleaner 2015-09-29 21:37 - 2015-07-19 17:24 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\uTorrent 2015-09-29 21:28 - 2015-07-19 16:12 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-29 21:28 - 2013-08-22 10:17 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2015-09-29 19:54 - 2015-08-17 23:21 - 00762368 ___SH C:\Users\SnooPy\Desktop\Thumbs.db 2015-09-29 12:37 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2015-09-29 10:52 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-09-25 20:42 - 2015-07-29 01:08 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Skype 2015-09-23 02:25 - 2015-07-19 16:10 - 00000000 ___DO C:\Users\SnooPy\SkyDrive 2015-09-22 09:31 - 2015-07-10 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-18 18:57 - 2015-07-19 17:39 - 00000000 ____D C:\ProgramData\Oracle 2015-09-18 18:55 - 2015-08-19 02:08 - 00000000 ____D C:\Users\SnooPy 2015-09-18 18:54 - 2015-08-13 20:04 - 00000000 ____D C:\Program Files\Java 2015-09-17 19:01 - 2015-07-28 21:36 - 00000000 ____D C:\Users\SnooPy\Documents\VSO Downloader 2015-09-17 18:23 - 2015-08-19 02:22 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-17 02:23 - 2015-07-10 11:53 - 00021926 _____ C:\WINDOWS\setupact.log 2015-09-15 18:12 - 2015-07-10 10:29 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-09-15 18:12 - 2015-07-10 10:29 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-09-15 17:05 - 2015-08-29 16:23 - 00000132 _____ C:\Users\SnooPy\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-09-15 16:02 - 2015-08-18 15:08 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Windows Live 2015-09-15 00:51 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\rescache 2015-09-15 00:30 - 2015-07-10 12:49 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\winrm 2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\WCN 2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\slmgr 2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\dsc 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\fr-FR 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\Com 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\IME 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Help 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows Defender 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Common Files\System 2015-09-15 00:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\de-DE 2015-09-14 21:52 - 2015-08-21 22:15 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2015-09-14 20:21 - 2015-07-23 15:42 - 00000000 ____D C:\ProgramData\AVAST Software 2015-09-13 10:37 - 2015-07-19 16:12 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Google 2015-09-12 11:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\it-IT 2015-09-12 04:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\pt-BR 2015-09-12 03:48 - 2015-07-10 11:53 - 03613248 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-12 03:47 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-09-10 20:29 - 2015-08-18 12:48 - 00000000 ____D C:\Users\SnooPy\Desktop\FOLDERS 2015-09-10 19:43 - 2015-07-19 16:12 - 00000000 ____D C:\Program Files\Google 2015-09-10 19:38 - 2015-08-20 18:41 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-09-10 19:37 - 2015-08-21 23:19 - 00000000 ____D C:\Program Files\Flash Slideshow Maker Professional 2015-09-10 19:37 - 2015-07-19 17:33 - 00000000 ____D C:\Program Files\Adobe 2015-09-09 23:11 - 2015-07-19 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-09-09 23:11 - 2015-07-19 17:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 23:10 - 2015-07-22 09:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-09 22:58 - 2013-08-22 08:13 - 00000167 _____ C:\WINDOWS\win.ini 2015-09-09 22:49 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\restore 2015-09-09 00:40 - 2015-07-22 07:48 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-09-07 23:11 - 2015-07-19 19:52 - 00000000 ____D C:\ProgramData\Temp 2015-09-06 22:26 - 2015-07-19 16:07 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Adobe 2015-09-06 12:00 - 2015-07-19 16:11 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Macromedia 2015-09-06 11:51 - 2015-07-19 16:07 - 00000000 ____D C:\Users\SnooPy\AppData\Local\VirtualStore 2015-09-06 03:12 - 2015-07-19 16:50 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\BSplayer 2015-09-05 23:58 - 2015-07-19 17:33 - 00000000 ____D C:\ProgramData\Adobe 2015-09-05 08:01 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-09-04 20:17 - 2015-08-21 22:42 - 00041472 ___SH C:\Users\SnooPy\Downloads\Thumbs.db 2015-09-01 00:38 - 2015-07-29 01:08 - 00002630 _____ C:\Users\Public\Desktop\Skype.lnk 2015-09-01 00:38 - 2015-07-29 01:08 - 00000000 ____D C:\ProgramData\Skype 2015-08-31 15:51 - 2015-07-19 18:14 - 00011818 _____ C:\WINDOWS\DPINST.LOG ==================== Files in the root of some directories ======= 2015-09-15 15:29 - 2015-09-15 15:29 - 0000132 _____ () C:\Users\SnooPy\AppData\Roaming\Adobe GIF Format CS6 Prefs 2015-08-29 16:23 - 2015-09-15 17:05 - 0000132 _____ () C:\Users\SnooPy\AppData\Roaming\Adobe PNG Format CS6 Prefs Some files in TEMP: ==================== C:\Users\SnooPy\AppData\Local\Temp\hIryUu4EX1xV.exe C:\Users\SnooPy\AppData\Local\Temp\hRAK33NAtu6s.exe C:\Users\SnooPy\AppData\Local\Temp\LCgK4y5AcqSw.exe C:\Users\SnooPy\AppData\Local\Temp\sqlite3.dll C:\Users\SnooPy\AppData\Local\Temp\ujzwArG0TPHY.exe C:\Users\SnooPy\AppData\Local\Temp\wekJaDGTyCQ0.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-25 11:48 ==================== End of FRST.txt ============================ [Link mogu videti samo ulogovani korisnici] Dopuna: 29 Sep 2015 22:43 Nakon ponovnog restarta, radi brisanja onoga sto je malwarebyte nasao, racunar sporo pali, i kada pristupim nekog stranici, pojavljuje se jos jedna ruska pored nje

Profil

helen1 Poslao: 29 Sep 2015 23:29 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: CreateRestorePoint: Task: {11514310-205F-4649-B22B-C1502C472C0B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {2819454B-DDA9-46D1-A8DF-436405E329E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {32F1EDEF-19FC-4ED9-945B-E1A33686F97C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3E82A776-801C-41BF-9BC6-6E9F435F217D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {4803961B-F32D-4043-BB65-34F86B5BD3FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {4F1B6C24-BA9D-4478-9645-A5D50CC14AA9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {51581615-749B-43F1-9D43-4C15FA2F1763} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {6F93D0CB-89CB-4A8E-A74D-A2000184C75C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {7089D603-9EC5-4A85-9DD6-D93EC4A5E49F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {A0D13729-A935-4A69-A47D-724E37239E7F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {F81E12EA-BFE1-42DF-A485-B3CB2519624D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION AlternateDataStreams: C:\Program Files\ABBYY FineReader 11:Win32App AlternateDataStreams: C:\Program Files\BlueStacks:Win32App AlternateDataStreams: C:\Program Files\Freemake:Win32App AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App AlternateDataStreams: C:\Program Files\Microsoft SQL Server Compact Edition:Win32App AlternateDataStreams: C:\Program Files\Microsoft.NET:Win32App AlternateDataStreams: C:\Program Files\Mozilla Firefox:Win32App AlternateDataStreams: C:\Program Files\Panda USB Vaccine:Win32App AlternateDataStreams: C:\Program Files\TeamViewer:Win32App AlternateDataStreams: C:\Program Files\Windows Live:Win32App AlternateDataStreams: C:\Program Files\WinRAR:Win32App AlternateDataStreams: C:\Program Files\Common Files\Adobe:Win32App AlternateDataStreams: C:\Program Files\Common Files\Adobe AIR:Win32App AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App AlternateDataStreams: C:\Program Files\Common Files\Macromedia:Win32App AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App AlternateDataStreams: C:\Program Files\Common Files\Skype:Win32App AlternateDataStreams: C:\ProgramData\Macromedia:Win32App AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App AlternateDataStreams: C:\ProgramData\regid.1995-08.com.techsmith:Win32App AlternateDataStreams: C:\ProgramData\TechSmith:Win32App AlternateDataStreams: C:\ProgramData\Temp:0A8E2C33 AlternateDataStreams: C:\ProgramData\Temp:8423A1CF AlternateDataStreams: C:\Users\SnooPy\SkyDrive:ms-properties AlternateDataStreams: C:\Users\SnooPy\AppData\Local\JDownloader v2.0:Win32App HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [hRAK33NAtu6s] => "C:\Users\SnooPy\AppData\Local\Mail.ru\Sputnik\ptls\hRAK33NAtu6s.exe" -ptls HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [lzbkkmvidj] => explorer "http://ryadkara.ru/?utm_source=uoua03&utm_content=27855a2c57f8342969344fb2fcf90a99&utm_term=49FA0EAE2450E826AF3EE023505A0B6C" <===== ATTENTION HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [hRAK33NAtu6s] => "C:\Users\SnooPy\AppData\Local\Mail.ru\Sputnik\ptls\hRAK33NAtu6s.exe" -ptls HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [lzbkkmvidj] => explorer "http://ryadkara.ru/?utm_source=uoua03&utm_content=27855a2c57f8342969344fb2fcf90a99&utm_term=49FA0EAE2450E826AF3EE023505A0B6C" <===== ATTENTION HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=blackbear15 HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=blackbear15 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear15 BHO: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\SnooPy\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll No File FF DefaultSearchEngine: Поиск@Mail.Ru FF SelectedSearchEngine: Поиск@Mail.Ru FF Homepage: hxxp://mail.ru/cnt/10445?gp=blackbear15 CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636 CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=blackbear15" CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg CHR DefaultSearchKeyword: Default -> mail.ru_ CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms} S2 Updater.Mail.Ru; C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe --s [X] EmptyTemp: 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

ScreenSaver Poslao: 30 Sep 2015 00:03 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad mi je prikilom paljenja ponudio dodatke za Chrome sa tih ruskih sajtova Fix result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01 Ran by SnooPy (2015-09-29 23:44:54) Run:1 Running from C:\Users\SnooPy\Desktop Loaded Profiles: SnooPy (Available Profiles: SnooPy) Boot Mode: Normal ============================================== fixlist content: *************** CreateRestorePoint: Task: {11514310-205F-4649-B22B-C1502C472C0B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {2819454B-DDA9-46D1-A8DF-436405E329E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {32F1EDEF-19FC-4ED9-945B-E1A33686F97C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3E82A776-801C-41BF-9BC6-6E9F435F217D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {4803961B-F32D-4043-BB65-34F86B5BD3FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {4F1B6C24-BA9D-4478-9645-A5D50CC14AA9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {51581615-749B-43F1-9D43-4C15FA2F1763} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {6F93D0CB-89CB-4A8E-A74D-A2000184C75C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {7089D603-9EC5-4A85-9DD6-D93EC4A5E49F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {A0D13729-A935-4A69-A47D-724E37239E7F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {F81E12EA-BFE1-42DF-A485-B3CB2519624D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION AlternateDataStreams: C:\Program Files\ABBYY FineReader 11:Win32App AlternateDataStreams: C:\Program Files\BlueStacks:Win32App AlternateDataStreams: C:\Program Files\Freemake:Win32App AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App AlternateDataStreams: C:\Program Files\Microsoft SQL Server Compact Edition:Win32App AlternateDataStreams: C:\Program Files\Microsoft.NET:Win32App AlternateDataStreams: C:\Program Files\Mozilla Firefox:Win32App AlternateDataStreams: C:\Program Files\Panda USB Vaccine:Win32App AlternateDataStreams: C:\Program Files\TeamViewer:Win32App AlternateDataStreams: C:\Program Files\Windows Live:Win32App AlternateDataStreams: C:\Program Files\WinRAR:Win32App AlternateDataStreams: C:\Program Files\Common Files\Adobe:Win32App AlternateDataStreams: C:\Program Files\Common Files\Adobe AIR:Win32App AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App AlternateDataStreams: C:\Program Files\Common Files\Macromedia:Win32App AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App AlternateDataStreams: C:\Program Files\Common Files\Skype:Win32App AlternateDataStreams: C:\ProgramData\Macromedia:Win32App AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App AlternateDataStreams: C:\ProgramData\regid.1995-08.com.techsmith:Win32App AlternateDataStreams: C:\ProgramData\TechSmith:Win32App AlternateDataStreams: C:\ProgramData\Temp:0A8E2C33 AlternateDataStreams: C:\ProgramData\Temp:8423A1CF AlternateDataStreams: C:\Users\SnooPy\SkyDrive:ms-properties AlternateDataStreams: C:\Users\SnooPy\AppData\Local\JDownloader v2.0:Win32App HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [hRAK33NAtu6s] => "C:\Users\SnooPy\AppData\Local\Mail.ru\Sputnik\ptls\hRAK33NAtu6s.exe" -ptls HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [lzbkkmvidj] => explorer "http://ryadkara.ru/?utm_source=uoua03&utm_content=27855a2c57f8342969344fb2fcf90a99&utm_term=49FA0EAE2450E826AF3EE023505A0B6C" <===== ATTENTION HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [hRAK33NAtu6s] => "C:\Users\SnooPy\AppData\Local\Mail.ru\Sputnik\ptls\hRAK33NAtu6s.exe" -ptls HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [lzbkkmvidj] => explorer "http://ryadkara.ru/?utm_source=uoua03&utm_content=27855a2c57f8342969344fb2fcf90a99&utm_term=49FA0EAE2450E826AF3EE023505A0B6C" <===== ATTENTION HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg&gp=blackbear15 SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg&gp=blackbear15 BHO: Ïîčñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\SnooPy\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll No File FF DefaultSearchEngine: ?????@Mail.Ru FF SelectedSearchEngine: ?????@Mail.Ru FF Homepage: [Link mogu videti samo ulogovani korisnici] CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici] CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=blackbear15" CHR DefaultSearchURL: Default -> [Link mogu videti samo ulogovani korisnici]{SearchTerms}&fr=ntg CHR DefaultSearchKeyword: Default -> mail.ru_ CHR DefaultSuggestURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms} S2 Updater.Mail.Ru; C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe --s [X] EmptyTemp: *************** Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11514310-205F-4649-B22B-C1502C472C0B}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11514310-205F-4649-B22B-C1502C472C0B}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2819454B-DDA9-46D1-A8DF-436405E329E8}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2819454B-DDA9-46D1-A8DF-436405E329E8}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32F1EDEF-19FC-4ED9-945B-E1A33686F97C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32F1EDEF-19FC-4ED9-945B-E1A33686F97C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E82A776-801C-41BF-9BC6-6E9F435F217D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E82A776-801C-41BF-9BC6-6E9F435F217D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4803961B-F32D-4043-BB65-34F86B5BD3FB}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4803961B-F32D-4043-BB65-34F86B5BD3FB}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F1B6C24-BA9D-4478-9645-A5D50CC14AA9}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F1B6C24-BA9D-4478-9645-A5D50CC14AA9}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51581615-749B-43F1-9D43-4C15FA2F1763}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51581615-749B-43F1-9D43-4C15FA2F1763}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F93D0CB-89CB-4A8E-A74D-A2000184C75C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F93D0CB-89CB-4A8E-A74D-A2000184C75C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7089D603-9EC5-4A85-9DD6-D93EC4A5E49F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7089D603-9EC5-4A85-9DD6-D93EC4A5E49F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0D13729-A935-4A69-A47D-724E37239E7F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0D13729-A935-4A69-A47D-724E37239E7F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F81E12EA-BFE1-42DF-A485-B3CB2519624D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F81E12EA-BFE1-42DF-A485-B3CB2519624D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully. C:\Program Files\ABBYY FineReader 11 => ":Win32App" ADS removed successfully.. C:\Program Files\BlueStacks => ":Win32App" ADS removed successfully.. C:\Program Files\Freemake => ":Win32App" ADS removed successfully.. C:\Program Files\Microsoft Office => ":Win32App" ADS removed successfully.. C:\Program Files\Microsoft Silverlight => ":Win32App" ADS removed successfully.. C:\Program Files\Microsoft SQL Server Compact Edition => ":Win32App" ADS removed successfully.. C:\Program Files\Microsoft.NET => ":Win32App" ADS removed successfully.. C:\Program Files\Mozilla Firefox => ":Win32App" ADS removed successfully.. C:\Program Files\Panda USB Vaccine => ":Win32App" ADS removed successfully.. C:\Program Files\TeamViewer => ":Win32App" ADS removed successfully.. C:\Program Files\Windows Live => ":Win32App" ADS removed successfully.. C:\Program Files\WinRAR => ":Win32App" ADS removed successfully.. C:\Program Files\Common Files\Adobe => ":Win32App" ADS removed successfully.. C:\Program Files\Common Files\Adobe AIR => ":Win32App" ADS removed successfully.. C:\Program Files\Common Files\DESIGNER => ":Win32App" ADS removed successfully.. C:\Program Files\Common Files\Macromedia => ":Win32App" ADS removed successfully.. C:\Program Files\Common Files\microsoft shared => ":Win32App" ADS removed successfully.. C:\Program Files\Common Files\Skype => ":Win32App" ADS removed successfully.. C:\ProgramData\Macromedia => ":Win32App" ADS removed successfully.. C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App" ADS removed successfully.. C:\ProgramData\regid.1995-08.com.techsmith => ":Win32App" ADS removed successfully.. C:\ProgramData\TechSmith => ":Win32App" ADS removed successfully.. C:\ProgramData\Temp => ":0A8E2C33" ADS removed successfully.. C:\ProgramData\Temp => ":8423A1CF" ADS removed successfully.. C:\Users\SnooPy\SkyDrive => ":ms-properties" ADS removed successfully.. C:\Users\SnooPy\AppData\Local\JDownloader v2.0 => ":Win32App" ADS removed successfully.. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Windows\CurrentVersion\Run\\hRAK33NAtu6s => value removed successfully. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lzbkkmvidj => value removed successfully. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\hRAK33NAtu6s => value not found. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\lzbkkmvidj => value not found. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. "HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => key removed successfully. HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found. HKU\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found. HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}" => key removed successfully. HKCR\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} => key not found. Firefox DefaultSearchEngine removed successfully. Firefox SelectedSearchEngine removed successfully. Firefox "homepage" removed successfully. Chrome HomePage removed successfully. Chrome StartupUrls removed successfully. Chrome DefaultSearchURL removed successfully. Chrome DefaultSearchKeyword removed successfully. Chrome DefaultSuggestURL removed successfully. Updater.Mail.Ru => service removed successfully. EmptyTemp: => 1.3 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 23:54:25 ====

Profil

helen1 Poslao: 30 Sep 2015 08:17 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop. Raspakuj arhivu u neki folder (uputstvo), a zatim: zatvori browser i ostale pokrenute programe; privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ; dvoklikom pokreni zoek na ikonicu programa ; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sledeći tekst: `emptyclsid; emptyfolderscheck;delete emptyalltemp; autoclean; FFdefaults; CHRdefaults; shortcutfix; iedefaults;` Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku.

Profil

ScreenSaver Poslao: 30 Sep 2015 16:37 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Sep 2015 16:33 Zoek.exe v5.0.0.1 Updated 28-09-2015 Tool run by SnooPy on Wed 09/30/2015 at 15:57:45.37. Microsoft Windows 10 Pro 10.0.10240 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\SnooPy\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 9/30/2015 4:01:02 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Comms deleted successfully C:\PROGRA~2\Socusoft deleted successfully C:\PROGRA~2\SoftwareDistribution deleted successfully C:\Users\SnooPy\AppData\Local\NetworkTiles deleted successfully C:\Users\SnooPy\AppData\Local\PackageStaging deleted successfully C:\Users\SnooPy\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully HKEY_USERS\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4212904740-3236283883-1755456372-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully HKEY_USERS\S-1-5-21-4212904740-3236283883-1755456372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default\prefs.js: user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006"); user_pref("browser.newtab.url", "about:newtab"); user_pref("browser.search.defaultengine", "Google (avast)"); user_pref("browser.search.order.1", "Google (avast)"); user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006"); user_pref("browser.search.useDBForOrder", false); Added to C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\Users\SnooPy\.android deleted C:\PROGRA~2\Package Cache deleted C:\Users\SnooPy\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\system32\GroupPolicy\Machine deleted C:\WINDOWS\system32\GroupPolicy\User deleted C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default\Invalidprefs.js deleted C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default\.autoreg deleted C:\Users\SnooPy\Desktop\VSO Downloader 4.lnk deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09/14/2015 08:28 PM] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default 0A1788EE70EF444DABA1E958092F4B85 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat 7D127425BBE91DF37448A7F44C1DDA52 - C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 0A7CFC4EE9CC3206B1DC522FCB8C3DB1 - C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll - Silverlight Plug-In 9291708CCD967887AF94BE708B43D64D - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013 FE5E10A1775D5B0EE862DBF3BC1283D3 - C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U60 41E59AEE190362FD0D6EF71DE5DCE427 - C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.600.27 0B8378EA70622A6F3EC50CC4AF62764C - C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.101 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[09/14/2015 08:27 PM] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09/14/2015 08:27 PM] ilamgbdaebkbpkkmfmmfbnaamkhijdek - No path found[] ofdgafmdegfkhfdfkmllfefmcmcjllec - No path found[] pnooffjhclkocplopffdbcdghmiffhji - No path found[] Avast SafePrice - SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck AdBlock - SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Avast Online Security - SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\SnooPy\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe C:\Users\SnooPy\Desktop\JDownloader 2.lnk - C:\Users\SnooPy\AppData\Local\JDownloader v2.0\JDownloader2.exe C:\Users\SnooPy\Desktop\Subtitle Workshop.lnk - C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe C:\Users\SnooPy\Desktop\µTorrent.lnk - C:\Users\SnooPy\Desktop\FOLDERS\EA Download Manager.lnk - C:\Program Files\Electronic Arts\EADM\Core.exe C:\Users\SnooPy\Desktop\FOLDERS\Freemake Video Downloader.lnk - C:\Program Files\Freemake\Freemake Video Downloader\FreemakeVideoDownloader.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\ABBYY FineReader 11.lnk - C:\Windows\Installer\{F1100000-0011-0000-0001-074957833700}\_SHCT_FineReader_1_3E36FF39D91C47F89277D9CEE94684B9.exe C:\Users\Public\Desktop\Apps.lnk - C:\Users\Public\Libraries\Apps.library-ms C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\Camtasia Studio 8.lnk - C:\Program Files\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\paint.net.lnk - C:\Program Files\paint.net\PaintDotNet.exe C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{6A0549A9-1B96-498C-ACBC-3943001FEB19}\SkypeIcon.exe C:\Users\Public\Desktop\Start BlueStacks.lnk - C:\Program Files\BlueStacks\HD-StartLauncher.exe C:\Users\Public\Desktop\TeamViewer 10.lnk - C:\Program Files\TeamViewer\TeamViewer.exe C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files\Winamp\winamp.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk - C:\Users\SnooPy\AppData\Local\Amigo\Application\amigo.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\SnooPy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Downloader.lnk - C:\Program Files\Freemake\Freemake Video Downloader\Uninstall\unins000.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk - C:\Users\SnooPy\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk - C:\Users\SnooPy\AppData\Local\JDownloader v2.0\JDownloader2Update.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk - C:\Users\SnooPy\AppData\Local\JDownloader v2.0\JDownloader2.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Program Files\Windows Defender\MSASCui.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files\WinRAR\Rar.txt C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files\WinRAR\WhatsNew.txt C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk - C:\Program Files\Webteh\BSPlayer\bsplayer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk - D:\Program Files\Adobe Bridge CS6\Bridge.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk - D:\Program Files\Adobe Dreamweaver CS6\Dreamweaver.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk - D:\Program Files\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk - D:\Program Files\Adobe Photoshop CS6\Photoshop.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk - C:\WINDOWS\DevicesFlow\DevicesFlow.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk - C:\Program Files\Electronic Arts\EADM\Core.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk - C:\WINDOWS\System32\Control.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk - C:\WINDOWS\MiracastView\MiracastView.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk - C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk - C:\Program Files\paint.net\PaintDotNet.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk - C:\WINDOWS\PrintDialog\PrintDialog.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files\TeamViewer\TeamViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk - D:\Program Files\The Sims 4\Game\Bin\TS4.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\ABBYY FineReader 11.lnk - C:\Windows\Installer\{F1100000-0011-0000-0001-074957833700}\ICON_FineReader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\ABBYY Screenshot Reader.lnk - C:\Windows\Installer\{F1100000-0011-0000-0001-074957833700}\ICON_Bonus.Screenshotreader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\User's Guide.lnk - C:\Program Files\ABBYY FineReader 11\FineCmd.exe "C:\Program Files\ABBYY FineReader 11\Guide\"Guide_<uiname>.pdf -lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\File (PDF, Image) to Microsoft Word.lnk - C:\Windows\Installer\{F1100000-0011-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -StartOpenConvert C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\Photo to Microsoft Word .lnk - C:\Windows\Installer\{F1100000-0011-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -StartOpenConvert C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\Scan and Save Image.lnk - C:\Windows\Installer\{F1100000-0011-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -ScanImages C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\Scan to Microsoft Word .lnk - C:\Windows\Installer\{F1100000-0011-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -StartMenuScanToWord C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\Scan to Searchable PDF.lnk - C:\Windows\Installer\{F1100000-0011-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -StartMenuScanToPdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk - C:\WINDOWS\Speech\Common\sapisvr.exe -SpeechUX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk - C:\WINDOWS\system32\mspaint.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\WINDOWS\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\WINDOWS\system32\SnippingTool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk - C:\WINDOWS\system32\psr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\WINDOWS\system32\StikyNot.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk - C:\WINDOWS\system32\WFS.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk - C:\Program Files\Windows NT\Accessories\wordpad.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk - C:\WINDOWS\system32\xpsrchvw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk - C:\WINDOWS\system32\charmap.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk - C:\WINDOWS\system32\comexp.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk - C:\WINDOWS\system32\compmgmt.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk - C:\WINDOWS\system32\dfrgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk - C:\WINDOWS\system32\cleanmgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk - C:\WINDOWS\system32\eventvwr.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk - C:\WINDOWS\system32\iscsicpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk - C:\WINDOWS\system32\MdSched.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources.lnk - C:\WINDOWS\system32\odbcad32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk - C:\WINDOWS\system32\perfmon.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\WINDOWS\system32\printmanagement.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk - C:\WINDOWS\system32\perfmon.exe /res C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\WINDOWS\system32\secpol.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk - C:\WINDOWS\system32\services.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk - C:\WINDOWS\system32\msconfig.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk - C:\WINDOWS\system32\msinfo32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk - C:\WINDOWS\system32\taskschd.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk - C:\WINDOWS\system32\WF.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk - C:\Program Files\BlueStacks\HD-StartLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player\BS.Player FREE.lnk - C:\Program Files\Webteh\BSPlayer\bsplayer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player\Uninstall BS.Player FREE.lnk - C:\Program Files\Webteh\BSPlayer\uninstall.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme\AIDA64 Extreme Documentation.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme\AIDA64 Extreme on the Web.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Downloader.lnk - C:\Program Files\Freemake\Freemake Video Downloader\FreemakeVideoDownloader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_60\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_60\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_60\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia\Macromedia Extension Manager.lnk - C:\WINDOWS\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\EMARPPRODUCTICON.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia\Macromedia Flash 8 Video Encoder.lnk - C:\WINDOWS\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia\Macromedia Flash 8.lnk - C:\Program Files\Macromedia\Flash 8\Flash.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia\Macromedia Flash Player 8.lnk - C:\Program Files\Macromedia\Flash 8\Players C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia\Readme Files\Macromedia Extension Manager Readme.lnk - C:\WINDOWS\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\READMEICON.htm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia\Readme Files\Macromedia Flash 8 Readme.lnk - C:\Program Files\Macromedia\Flash 8\Readme.htm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Skype for Business Recording Manager.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine.lnk - C:\Program Files\Panda USB Vaccine\USBVaccine.exe /resident /shownow C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Uninstall Panda USB Vaccine.lnk - C:\Program Files\Panda USB Vaccine\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk - C:\WINDOWS\system32\control.exe /name Microsoft.DefaultPrograms C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe /7 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Recorder 8.lnk - C:\Windows\Installer\{765AD29A-7EF5-4456-8F6F-83467E52AB52}\CamtasiaIcons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Studio 8.lnk - C:\Windows\Installer\{765AD29A-7EF5-4456-8F6F-83467E52AB52}\CamtasiaIcons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Subtitle Workshop.lnk - C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Uninstall Subtitle Workshop.lnk - C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\VSO Downloader 4\Translate VSO Downloader 4.lnk - C:\ProgramData\VSO\VSO Downloader\4\Lang\EditLoc_online.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\VSO Downloader 4\Uninstall VSO Downloader 4.lnk - C:\Program Files\VSO\VSO Downloader\4\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\VSO Downloader 4\VSO Downloader 4.lnk - C:\Program Files\VSO\VSO Downloader\4\VsoDownloader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Uninstall Winamp.lnk - C:\Program Files\Winamp\uninstwa.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\What's New.lnk - C:\Program Files\Winamp\whatsnew.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Safe Mode).lnk - C:\Program Files\Winamp\winamp.exe /SAFE=1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk - C:\Program Files\Winamp\winamp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu\WinCDEmu Settings.lnk - C:\Program Files\WinCDEmu\vmnt.exe /settings C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files\WinRAR\WhatsNew.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Amigo.lnk - C:\Users\SnooPy\AppData\Local\Amigo\Application\amigo.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files\Webteh\BSPlayer\bsplayer.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk - C:\Users\SnooPy\AppData\Local\JDownloader v2.0\JDownloader2.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk - C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VSO Downloader 4.lnk - C:\Program Files\VSO\VSO Downloader\4\VsoDownloader.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files\Winamp\winamp.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Amigo.lnk - C:\Users\SnooPy\AppData\Local\Amigo\Application\amigo.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BS.lnk - C:\Program Files\Webteh\BSPlayer\bsplayer.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 10.lnk - C:\Program Files\TeamViewer\TeamViewer.exe ==== Empty IE Cache ====================== C:\Users\SnooPy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\SnooPy\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\SnooPy\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\SnooPy\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=16 folders=16 6686226 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\SnooPy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Wed 09/30/2015 at 16:31:21.55 ====================== Dopuna: 30 Sep 2015 16:37 E sad mi se kod paljenja i kad pokrenem browser non stop vrti krug oko kursora, kao da nesto pokusava da ucita, a ne uspeva

Profil

helen1 Poslao: 30 Sep 2015 19:04 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi novi FRST log, cekiraj i Addition log.

Profil

ScreenSaver Poslao: 30 Sep 2015 19:18 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Jos cu da napomenem i to da mi se DvD drive sam otvara i to od juce, nakon sto su ti malveri poceli da prave problem. E sad ne znam da li to moze biti problem povezan sa virusima, posto su neki na netu takve slucajeve pisali i povezivali ih sa virusima? I nakon zadnjeg postavljanja loga, otvorio se, a obicno je to kad tek upalim racunar... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01 Ran by SnooPy (administrator) on TANJA (30-09-2015 19:14:31) Running from C:\Users\SnooPy\Desktop Loaded Profiles: SnooPy (Available Profiles: SnooPy) Platform: Microsoft Windows 10 Pro (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [Bonus.SSR.FR11] => C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [933640 2012-01-19] (ABBYY.) HKLM\...\Run: [ITSecMng] => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3528392 2015-08-19] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-14] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [Lync] => D:\Program Files\Microsoft Office\Office15\lync.exe [24111688 2015-08-12] (Microsoft Corporation) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-14] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{02ead1aa-43f4-4fa2-b5bb-a7f38a818bda}: [NameServer] 194.106.162.10,194.106.162.3 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms} SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms} SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms} SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms} SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-14] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default FF NewTab: about:newtab FF Homepage: about:home FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-25] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation) FF SearchPlugin: C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default\searchplugins\google-avast.xml [2015-09-29] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-14] Chrome: ======= CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici] CHR DefaultSearchURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms}&fr=xtn9 CHR DefaultSearchKeyword: Default -> mail.ru CHR DefaultSuggestURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms} CHR Profile: C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google презентације) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-30] CHR Extension: (Google документи) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-30] CHR Extension: (Google диск) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-30] CHR Extension: (YouTube) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Google Search) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-30] CHR Extension: (Avast SafePrice) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-30] CHR Extension: (Google табеле) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-30] CHR Extension: (Google документи офлајн) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-30] CHR Extension: (Avast Online Security) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-30] CHR Extension: (Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilamgbdaebkbpkkmfmmfbnaamkhijdek [2015-09-30] CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-30] CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgafmdegfkhfdfkmllfefmcmcjllec [2015-09-30] CHR Extension: (Gmail) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-30] CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnooffjhclkocplopffdbcdghmiffhji [2015-09-30] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-14] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-14] CHR HKLM\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - [Link mogu videti samo ulogovani korisnici] CHR HKLM\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - [Link mogu videti samo ulogovani korisnici] CHR HKLM\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - [Link mogu videti samo ulogovani korisnici] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-14] (AVAST Software) S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290208 2015-07-30] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283552 2015-07-30] (Intel Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [141968 2012-09-27] (Realtek Semiconductor) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-08-19] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AIDA64Driver; C:\Program Files\FinalWire\AIDA64 Extreme\kerneld.x32 [33616 2015-03-23] () R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-14] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-14] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81728 2015-09-14] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-14] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-14] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-14] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [113592 2015-09-14] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-14] (AVAST Software) S3 BazisVirtualCDBus; C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [121176 2015-06-03] (Sysprogs OU) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-06-16] (BlueStack Systems) R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [193536 2015-07-10] (Microsoft Corporation) R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [13224 2006-10-20] (Chicony) R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35904 2015-06-26] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [55104 2012-07-18] (Intel Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek ) R3 RtkBtFilter2; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [58112 2015-06-01] (Realtek Microelectronics) R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3215360 2015-07-10] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-08-19] (Synaptics Incorporated) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [50280 2015-07-29] (Toshiba Corporation) S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation) R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [22104 2015-05-25] (SplitmediaLabs Limited) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-30 19:10 - 2015-09-30 19:14 - 00017748 _____ C:\Users\SnooPy\Desktop\FRST.txt 2015-09-30 16:30 - 2015-09-30 16:30 - 00016148 _____ C:\WINDOWS\system32\TANJA_SnooPy_HistoryPrediction.bin 2015-09-30 16:29 - 2015-09-30 15:57 - 00024064 _____ C:\WINDOWS\zoek-delete.exe 2015-09-30 16:00 - 2015-09-30 16:31 - 00039378 _____ C:\zoek-results.log 2015-09-30 15:59 - 2015-09-30 15:59 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder (4) 2015-09-30 15:58 - 2015-09-30 15:59 - 04181362 _____ C:\Users\SnooPy\Downloads\zoek.zip 2015-09-30 15:57 - 2015-09-30 16:23 - 00000000 ____D C:\zoek_backup 2015-09-30 15:56 - 2015-09-30 15:56 - 01309184 _____ C:\Users\SnooPy\Desktop\zoek.exe 2015-09-29 23:43 - 2015-09-29 23:44 - 01696256 _____ (Farbar) C:\Users\SnooPy\Downloads\FRST (1).exe 2015-09-29 23:19 - 2015-09-29 23:19 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\SnooPy\Downloads\SpyHunter-Installer.exe 2015-09-29 22:30 - 2015-09-29 22:30 - 00038766 _____ C:\Users\SnooPy\Desktop\Addition.txt 2015-09-29 22:25 - 2015-09-29 22:32 - 00039097 _____ C:\Users\SnooPy\Downloads\Addition.txt 2015-09-29 22:22 - 2015-09-30 19:14 - 00000000 ____D C:\FRST 2015-09-29 22:22 - 2015-09-29 22:32 - 00042553 _____ C:\Users\SnooPy\Downloads\FRST.txt 2015-09-29 22:15 - 2015-09-29 22:16 - 01696256 _____ (Farbar) C:\Users\SnooPy\Desktop\FRST.exe 2015-09-29 21:51 - 2015-09-30 18:43 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-09-29 21:50 - 2015-09-29 21:50 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-09-29 21:50 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-09-29 21:50 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-09-29 21:50 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-09-29 21:46 - 2015-09-29 21:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\SnooPy\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-29 21:38 - 2015-09-29 21:38 - 01670656 _____ C:\Users\SnooPy\Downloads\adwcleaner_5.009.exe 2015-09-29 21:36 - 2015-09-29 21:36 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (3).torrent 2015-09-29 21:36 - 2015-09-29 21:36 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (2).torrent 2015-09-29 21:36 - 2015-09-29 21:36 - 00002361 _____ C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk 2015-09-29 21:35 - 2015-09-29 21:35 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (1).torrent 2015-09-29 21:34 - 2015-09-29 21:34 - 00016066 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF.torrent 2015-09-29 21:34 - 2015-09-29 21:34 - 00000000 ____D C:\Users\SnooPy\Downloads\Flash SlideShow Maker Professional 2015-09-29 21:34 - 2015-09-29 21:34 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Вoйти в Интeрнет 2015-09-29 21:31 - 2015-09-29 21:35 - 06111234 _____ C:\Users\SnooPy\Downloads\Alivemedia.Flash.Slideshow.Maker.v1.2.9.2-BEAN.rar 2015-09-29 21:30 - 2015-09-29 21:30 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Поиcк в Интeрнете 2015-09-29 21:28 - 2015-09-29 21:28 - 00000000 ____D C:\Users\SnooPy\Downloads\Macromedia Flash 8 Professional 2015-09-29 21:28 - 2015-09-29 21:28 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\MailProducts 2015-09-29 21:27 - 2015-09-29 21:27 - 00016141 _____ C:\Users\SnooPy\Downloads\torrent -mach3 r3042040 torrent.torrent 2015-09-29 21:12 - 2015-09-29 21:16 - 08670724 _____ C:\Users\SnooPy\Downloads\NextWap.Net-Mach3_Cnc_+_License.rar.rar 2015-09-29 20:56 - 2015-09-29 20:56 - 01466880 _____ C:\Users\SnooPy\Downloads\Atom Pack v1.5.exe 2015-09-22 21:35 - 2015-09-22 21:36 - 00745390 _____ C:\Users\SnooPy\Downloads\shoutcast-dsp-2-3-4-windows.exe 2015-09-22 09:59 - 2015-09-26 23:23 - 04254904 _____ C:\Users\SnooPy\Desktop\milica.rar 2015-09-22 00:13 - 2015-09-22 00:13 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder (3) 2015-09-21 20:26 - 2015-09-21 20:26 - 00001210 _____ C:\Users\SnooPy\Desktop\AIDA64 Extreme.lnk 2015-09-21 20:26 - 2015-09-21 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2015-09-21 20:25 - 2015-09-21 20:25 - 00000000 ____D C:\Program Files\FinalWire 2015-09-21 20:24 - 2015-09-21 20:25 - 15630512 _____ (FinalWire Ltd. ) C:\Users\SnooPy\Downloads\aida64extreme520.exe 2015-09-20 01:52 - 2015-09-20 01:52 - 00006812 _____ C:\Users\SnooPy\Downloads\jjj1 (1).rar 2015-09-20 01:42 - 2015-09-20 01:42 - 00006812 _____ C:\Users\SnooPy\Downloads\jjj1.rar 2015-09-20 00:41 - 2015-09-26 23:22 - 00000000 ____D C:\Users\SnooPy\Desktop\milica 2015-09-19 23:36 - 2015-09-19 23:36 - 00004308 _____ C:\Users\SnooPy\Downloads\dbz_abridg_f1414352292.zip 2015-09-18 20:15 - 2015-09-18 20:15 - 07368965 _____ C:\Users\SnooPy\Downloads\TL-WN722N_V1_140918.zip 2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Sun 2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Users\SnooPy\.oracle_jre_usage 2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Program Files\Common Files\Java 2015-09-18 18:54 - 2015-09-18 18:54 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-09-18 18:54 - 2015-09-18 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-18 18:50 - 2015-09-18 18:50 - 00584288 _____ (Oracle Corporation) C:\Users\SnooPy\Downloads\JavaSetup8u60.exe 2015-09-18 14:37 - 2015-09-18 14:37 - 00042557 _____ C:\Users\SnooPy\Downloads\New-folder-3.rar 2015-09-18 14:32 - 2015-09-18 14:32 - 00008089 _____ C:\Users\SnooPy\Downloads\Untitled-1.rar 2015-09-18 14:28 - 2015-09-18 14:28 - 00035693 _____ C:\Users\SnooPy\Downloads\digimon1.rar 2015-09-18 14:26 - 2015-09-18 14:26 - 00044594 _____ C:\Users\SnooPy\Downloads\New-folder-2.rar 2015-09-18 14:12 - 2015-09-18 14:12 - 00101758 _____ C:\Users\SnooPy\Downloads\Digimon_Logo.rar 2015-09-18 14:09 - 2015-09-18 14:09 - 02204363 _____ C:\Users\SnooPy\Downloads\partytime.zip 2015-09-18 13:04 - 2015-09-18 13:04 - 01496299 _____ C:\Users\SnooPy\Downloads\templatemo_350_soft_link.rar 2015-09-16 15:53 - 2015-09-16 15:53 - 00337155 _____ C:\Users\SnooPy\Downloads\nije-mogla-da-je-ostavi-bebin-plac-vratio-majku-u-zivot-clanak-1933957.htm 2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ___RD C:\Users\SnooPy\3D Objects 2015-09-16 02:06 - 2015-09-16 02:06 - 19731964 _____ C:\Users\SnooPy\Downloads\free_css_full_site.zip 2015-09-15 23:25 - 2015-09-15 23:25 - 00549898 _____ C:\Users\SnooPy\Downloads\image-slider-widget.1.1.29.zip 2015-09-15 20:00 - 2015-09-15 20:00 - 04258324 _____ C:\Users\SnooPy\Downloads\MILICA-SAJT.zip 2015-09-15 15:29 - 2015-09-15 15:29 - 00000132 _____ C:\Users\SnooPy\AppData\Roaming\Adobe GIF Format CS6 Prefs 2015-09-15 15:27 - 2015-09-15 15:29 - 00000000 ____D C:\Users\SnooPy\AppData\Local\paint.net 2015-09-15 15:27 - 2015-09-15 15:27 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2015-09-15 15:27 - 2015-09-15 15:27 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk 2015-09-15 15:27 - 2015-09-15 15:27 - 00000000 ____D C:\Program Files\paint.net 2015-09-15 15:26 - 2015-09-15 15:26 - 06557455 _____ C:\Users\SnooPy\Downloads\paint.net.4.0.6.install.zip 2015-09-14 20:31 - 2015-09-14 20:31 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\AVAST Software 2015-09-14 20:29 - 2015-09-14 20:29 - 00002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-09-14 20:29 - 2015-09-14 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-09-14 20:28 - 2015-09-14 20:28 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00113592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00081728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-09-14 20:28 - 2015-09-14 20:28 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-09-14 20:28 - 2015-09-14 20:27 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-09-14 20:28 - 2015-09-14 20:27 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-09-14 20:27 - 2015-09-14 20:27 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-09-14 20:23 - 2015-09-14 20:23 - 00000000 ____D C:\Program Files\AVAST Software 2015-09-14 20:20 - 2015-09-14 20:20 - 05481336 _____ (Avast Software s.r.o.) C:\Users\SnooPy\Downloads\avast_free_antivirus_setup_online_cnet.exe 2015-09-14 20:00 - 2015-09-14 20:00 - 00302161 _____ C:\Users\SnooPy\Downloads\267198_492103620_CBS.rar 2015-09-13 23:02 - 2015-09-13 23:05 - 00000430 _____ C:\Users\SnooPy\.swfinfo 2015-09-13 01:35 - 2015-09-13 01:38 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder (2) 2015-09-11 19:57 - 2015-09-11 19:57 - 01100672 _____ C:\Users\SnooPy\Downloads\Kristijan Golubović - Skok na Zoricu Markovic i društvo - FARMA 6.mp4 2015-09-09 22:52 - 2015-09-09 22:52 - 00000000 ____D C:\WINDOWS\PCHEALTH 2015-09-09 02:18 - 2015-09-02 02:31 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-09-09 02:18 - 2015-09-02 02:30 - 01134080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-09-09 02:18 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-09 02:18 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-09-09 02:18 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-09-09 02:18 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-09 02:18 - 2015-08-27 07:19 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-09 02:18 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-09-09 02:18 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-09 02:18 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-09 02:18 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-09 02:18 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-09 02:18 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-09 02:18 - 2015-08-27 07:11 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll 2015-09-09 02:18 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-09 02:18 - 2015-08-27 07:10 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-09-09 02:18 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-09 02:17 - 2015-09-02 04:04 - 00069208 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-09-09 02:17 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-06 22:26 - 2015-09-06 22:26 - 00000000 ____D C:\Users\SnooPy\Documents\Adobe 2015-09-06 22:22 - 2015-09-06 22:22 - 00000000 ____D C:\Users\SnooPy\AppData\Local\4kdownload.com 2015-09-06 12:00 - 2015-09-06 12:00 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Macromedia 2015-09-06 11:55 - 2015-09-06 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia 2015-09-06 11:55 - 2015-09-06 11:57 - 00000000 ____D C:\Program Files\Common Files\Macromedia 2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\WINDOWS\system32\QuickTime 2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\ProgramData\Macromedia 2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\Program Files\Macromedia 2015-09-06 11:54 - 2015-09-06 11:54 - 00000000 ____D C:\WINDOWS\Downloaded Installations 2015-09-06 11:54 - 2015-09-06 11:54 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2015-09-06 02:06 - 2015-09-06 02:06 - 00000000 ____D C:\Users\SnooPy\Documents\Anvsoft 2015-09-06 02:06 - 2015-09-06 02:06 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Anvsoft 2015-09-04 21:21 - 2015-09-04 21:21 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2015-09-04 21:21 - 2015-09-04 21:21 - 00000000 ____D C:\Users\Public\Documents\Adobe 2015-09-04 00:23 - 2015-09-04 00:23 - 00000000 ____D C:\Users\SnooPy\Documents\My Smilebox Creations 2015-09-02 13:17 - 2015-09-18 13:56 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder 2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ___RD C:\Program Files\Skype 2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-09-01 00:31 - 2015-09-18 15:21 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-09-01 00:31 - 2015-09-18 15:21 - 00000986 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-09-01 00:31 - 2015-09-01 01:57 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\TeamViewer 2015-09-01 00:30 - 2015-09-18 15:21 - 00000000 ____D C:\Program Files\TeamViewer 2015-08-31 15:51 - 2015-08-31 15:51 - 00000000 ____D C:\Program Files\DIFX 2015-08-31 15:50 - 2015-08-31 15:50 - 00000000 ____D C:\adb ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-30 18:32 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\sru 2015-09-30 18:28 - 2015-07-19 16:12 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-30 18:15 - 2015-07-19 16:04 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-30 16:31 - 2015-07-19 16:12 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-30 16:30 - 2015-08-19 01:55 - 00017706 _____ C:\WINDOWS\PFRO.log 2015-09-30 16:30 - 2015-07-10 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-30 16:29 - 2015-07-10 08:59 - 01835008 ___SH C:\WINDOWS\system32\config\BBI 2015-09-30 16:23 - 2015-08-19 02:08 - 00000000 ____D C:\Users\SnooPy 2015-09-30 16:23 - 2013-08-22 10:17 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2015-09-30 14:11 - 2015-08-17 23:21 - 00762368 ___SH C:\Users\SnooPy\Desktop\Thumbs.db 2015-09-30 14:01 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-09-29 22:39 - 2015-07-10 10:28 - 00000000 __RSD C:\WINDOWS\Media 2015-09-29 22:37 - 2015-07-19 18:28 - 00000000 ____D C:\Program Files\ABBYY FineReader 11 2015-09-29 22:23 - 2015-07-23 00:08 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-09-29 22:23 - 2015-07-23 00:08 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-09-29 22:22 - 2015-07-19 16:14 - 00002196 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-29 21:40 - 2015-07-21 09:58 - 00000000 ____D C:\AdwCleaner 2015-09-29 21:37 - 2015-07-19 17:24 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\uTorrent 2015-09-29 12:37 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2015-09-25 20:42 - 2015-07-29 01:08 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Skype 2015-09-23 02:25 - 2015-07-19 16:10 - 00000000 ___DO C:\Users\SnooPy\SkyDrive 2015-09-22 09:31 - 2015-07-10 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-18 18:57 - 2015-07-19 17:39 - 00000000 ____D C:\ProgramData\Oracle 2015-09-18 18:54 - 2015-08-13 20:04 - 00000000 ____D C:\Program Files\Java 2015-09-17 19:01 - 2015-07-28 21:36 - 00000000 ____D C:\Users\SnooPy\Documents\VSO Downloader 2015-09-17 18:23 - 2015-08-19 02:22 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-17 02:23 - 2015-07-10 11:53 - 00021926 _____ C:\WINDOWS\setupact.log 2015-09-15 18:12 - 2015-07-10 10:29 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-09-15 18:12 - 2015-07-10 10:29 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-09-15 17:05 - 2015-08-29 16:23 - 00000132 _____ C:\Users\SnooPy\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-09-15 16:02 - 2015-08-18 15:08 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Windows Live 2015-09-15 00:51 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\rescache 2015-09-15 00:30 - 2015-07-10 12:49 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\winrm 2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\WCN 2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\slmgr 2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\dsc 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\fr-FR 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\Com 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\IME 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Help 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows Defender 2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Common Files\System 2015-09-15 00:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\de-DE 2015-09-14 21:52 - 2015-08-21 22:15 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2015-09-14 20:21 - 2015-07-23 15:42 - 00000000 ____D C:\ProgramData\AVAST Software 2015-09-13 10:37 - 2015-07-19 16:12 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Google 2015-09-12 11:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\it-IT 2015-09-12 04:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\pt-BR 2015-09-12 03:48 - 2015-07-10 11:53 - 03613248 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-12 03:47 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-09-10 20:29 - 2015-08-18 12:48 - 00000000 ____D C:\Users\SnooPy\Desktop\FOLDERS 2015-09-10 19:43 - 2015-07-19 16:12 - 00000000 ____D C:\Program Files\Google 2015-09-10 19:38 - 2015-08-20 18:41 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-09-10 19:37 - 2015-08-21 23:19 - 00000000 ____D C:\Program Files\Flash Slideshow Maker Professional 2015-09-10 19:37 - 2015-07-19 17:33 - 00000000 ____D C:\Program Files\Adobe 2015-09-09 23:11 - 2015-07-19 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-09-09 23:11 - 2015-07-19 17:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 23:10 - 2015-07-22 09:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-09 22:58 - 2013-08-22 08:13 - 00000167 _____ C:\WINDOWS\win.ini 2015-09-09 22:49 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\restore 2015-09-09 00:40 - 2015-07-22 07:48 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-09-07 23:11 - 2015-07-19 19:52 - 00000000 ____D C:\ProgramData\Temp 2015-09-06 22:26 - 2015-07-19 16:07 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Adobe 2015-09-06 12:00 - 2015-07-19 16:11 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Macromedia 2015-09-06 11:51 - 2015-07-19 16:07 - 00000000 ____D C:\Users\SnooPy\AppData\Local\VirtualStore 2015-09-06 03:12 - 2015-07-19 16:50 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\BSplayer 2015-09-05 23:58 - 2015-07-19 17:33 - 00000000 ____D C:\ProgramData\Adobe 2015-09-05 08:01 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-09-04 20:17 - 2015-08-21 22:42 - 00041472 ___SH C:\Users\SnooPy\Downloads\Thumbs.db 2015-09-01 00:38 - 2015-07-29 01:08 - 00002630 _____ C:\Users\Public\Desktop\Skype.lnk 2015-09-01 00:38 - 2015-07-29 01:08 - 00000000 ____D C:\ProgramData\Skype 2015-08-31 15:51 - 2015-07-19 18:14 - 00011818 _____ C:\WINDOWS\DPINST.LOG ==================== Files in the root of some directories ======= 2015-09-15 15:29 - 2015-09-15 15:29 - 0000132 _____ () C:\Users\SnooPy\AppData\Roaming\Adobe GIF Format CS6 Prefs 2015-08-29 16:23 - 2015-09-15 17:05 - 0000132 _____ () C:\Users\SnooPy\AppData\Roaming\Adobe PNG Format CS6 Prefs ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-25 11:48 ==================== End of FRST.txt ============================ [Link mogu videti samo ulogovani korisnici]

Profil

helen1 Poslao: 30 Sep 2015 19:30 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: CreateRestorePoint: CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636 CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn9 CHR DefaultSearchKeyword: Default -> mail.ru CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} CHR Extension: (Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilamgbdaebkbpkkmfmmfbnaamkhijdek [2015-09-30] CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgafmdegfkhfdfkmllfefmcmcjllec [2015-09-30] CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnooffjhclkocplopffdbcdghmiffhji [2015-09-30] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] C:\Users\SnooPy\AppData\Local\Вoйти в Интeрнет C:\Users\SnooPy\AppData\Local\Поиcк в Интeрнете 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

ScreenSaver Poslao: 30 Sep 2015 20:14 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Sep 2015 20:11 Sad je sledece stanje: Opet nesto ''ucitava''m vrtu se krug oko kursora i opet je pitalo u Google Chrome za dodatak ''Mail.ru'' Evo loga Fix result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01 Ran by SnooPy (2015-09-30 20:02:35) Run:2 Running from C:\Users\SnooPy\Desktop Loaded Profiles: SnooPy (Available Profiles: SnooPy) Boot Mode: Normal ============================================== fixlist content: *************** CreateRestorePoint: CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici] CHR DefaultSearchURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms}&fr=xtn9 CHR DefaultSearchKeyword: Default -> mail.ru CHR DefaultSuggestURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms} CHR Extension: (Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilamgbdaebkbpkkmfmmfbnaamkhijdek [2015-09-30] CHR Extension: (???????? ???????? Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgafmdegfkhfdfkmllfefmcmcjllec [2015-09-30] CHR Extension: (?????????? ???????? Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnooffjhclkocplopffdbcdghmiffhji [2015-09-30] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] C:\Users\SnooPy\AppData\Local\?o??? ? ???e???? C:\Users\SnooPy\AppData\Local\???c? ? ???e????? *************** Restore point was successfully created. Chrome HomePage removed successfully. Chrome DefaultSearchURL removed successfully. Chrome DefaultSearchKeyword removed successfully. Chrome DefaultSuggestURL removed successfully. C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilamgbdaebkbpkkmfmmfbnaamkhijdek => moved successfully C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgafmdegfkhfdfkmllfefmcmcjllec => moved successfully C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnooffjhclkocplopffdbcdghmiffhji => moved successfully wfpcapture => service removed successfully. "C:\Users\SnooPy\AppData\Local\?o??? ? ???e????" folder move: Could not move "C:\Users\SnooPy\AppData\Local\?o??? ? ???e????" => Scheduled to move on reboot. "C:\Users\SnooPy\AppData\Local\???c? ? ???e?????" folder move: Could not move "C:\Users\SnooPy\AppData\Local\???c? ? ???e?????" => Scheduled to move on reboot. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-30 20:07:09)<= "C:\Users\SnooPy\AppData\Local\?o??? ? ???e????" => Could not move "C:\Users\SnooPy\AppData\Local\???c? ? ???e?????" => Could not move ==== End of Fixlog 20:07:09 ==== Dopuna: 30 Sep 2015 20:14

Profil

helen1 Poslao: 30 Sep 2015 20:40 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi novi FRST log samo pa da probamo posle jos jednom da vidimo sta se to desava. Nakotilo se i ne da se.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Malveru sa ruskog sajta

Ko je trenutno na forumu

Ukupno su 1239 korisnika na forumu :: 76 registrovanih, 4 sakrivenih i 1159 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 6aurora9, A.R.Chafee.Jr., amonsrb, AndrejPetar, babaroga, Banovo Brdo, bestguarder, blatruc82, bojan313, bolimejoli, boromir, Bosnjo, bpvl, burevestnik, Buzdovan, ccoogg123, celeron, Cigi, cojapop, Dare, debeli, dejno, Djota1, Dovla, DreadForce83, eagle.rs, ElGenius, Feller, Frunze, gagidjuric, Georgius, Hans Gajger, Hardenberg, JankoS, Jaz, Jeremiah, K2, kib, Kruger, leptirleptir, Lieutenant, Magistar78, Manesaur, Manjane, markoni.slo, Medojed, mikidragi, milikonst, Mineral, mist-mist, mkukoleca, Najax, nelezele, neutrino, niksa517, nisamBot, obsc, Oscar, Parker, pceklic, Peruta, Prečanin30, PrincipL, sreckop, srpskasparta, sspp, stegonosa, trpche, TTN, Veless, vensla, Vlada78, vuksa72, wolf431, Zorge, Zukov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by