Problem s razor web ads

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu ništa od ovoga skinuti...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Probaj odavde:

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 01 Jun 2015 0:17

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Administrator on ned 31.05.2015. at 23:57:08,41.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Administrator\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31.5.2015. 23:57:49 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\GUM23DA.tmp deleted successfully
C:\PROGRA~2\GUMB41B.tmp deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\PDFC deleted successfully
C:\PROGRA~3\Priruźna memorija deleted successfully
C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\Agfa\AppData\Local\PDFC deleted successfully
C:\Users\Dr Miljko\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-680020611-101842545-878744919-500\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUM23DA.tmp not found
C:\PROGRA~2\GUMB41B.tmp not found
C:\364.exe deleted
C:\Bginfo.exe deleted
C:\PROGRA~3\InstallMate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\SysWOW64\LavasoftTcpService.dll deleted
C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
"C:\Users\Administrator\AppData\Roaming\tor\lock" deleted
"C:\Users\Administrator\AppData\Roaming\tor\state" deleted
"C:\Users\Administrator\AppData\Roaming\tor" deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[18.04.2011. 20:24]

Bookmark Manager - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

==== Chromium Startpages ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
elltrion.mdsol.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]ctunnel.com,*":{"popups":1},"https://[*.]ppd-celltrion.mdsol.com:443,*":{"popups":1},"https://wizzair.com:443,https://wizzair.com:443":{"geolocation":2},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"19.0.1084.46","exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","password_manager_groups_for_domains":[4,4,null,null,null,null,5],"per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Administrator\\Downloads","type":1},"selectfile":{"last_directory":"C:\\Users\\Administrator\\Downloads\\CT ante"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13034435169723627"},"sync":{"suppress_start":true},"sync_promo":{"startup_count":1,"user_skipped":true,"view_count":1},"translate_accepted_count":{"bs":0,"de":0,"es":0,"hr":0,"no":0,"sl":0,"sr":0,"zh-CN":0},"translate_blocked_languages":["en","hr","sr"],"translate_denied_count":{"bs":1,"de":1,"es":1,"hr":3,"no":2,"sl":6,"sr":6,"zh-CN":1},"translate_language_blacklist":["hr"],"translate_last_denied_time":1422873422263.479,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150531__yaie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30HPFGLX will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDVXXNRS will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1NZ2J9P will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6W4EX89 will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30HPFGLX will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDVXXNRS will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1NZ2J9P will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6W4EX89 will be deleted at reboot
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Administrator\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=11 6913714 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp will be emptied at reboot
C:\Users\Agfa\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Dr Miljko\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ADMINI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30HPFGLX" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDVXXNRS" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1NZ2J9P" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6W4EX89" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30HPFGLX" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDVXXNRS" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1NZ2J9P" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6W4EX89" not deleted

==== EOF on pon 01.06.2015. at 0:19:53,86 ======================

Dopuna: 01 Jun 2015 0:19

Opet sve isto... Ovo je nešto baš nezgodno upalo...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi mi novi FRST log, i Addition log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 01 Jun 2015 0:24

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Administrator (administrator) on CZC1388KT4 on 01-06-2015 00:27:17
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Agfa & Dr Miljko & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Agfa Healthcare) C:\Program Files\Agfa\GTIClient\AutoUpdateService\AutoUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Agfa Healthcare Inc.) C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Agfa HealthCare) C:\Program Files\Agfa\GTIClient\GTIConsole\GtiConsole.exe
(IObit) C:\Users\Administrator\Desktop\Advanced SystemCare 5\ASCTray.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Agfa\java\jre1.6.0.27\bin\javaw.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Agfa\java\jre1.6.0.27\bin\javaw.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10143264 2010-04-01] (Realtek Semiconductor)
HKLM\...\Run: [GTIConsole] => C:\Program Files\Agfa\GTIClient\GTIConsole\GTIConsole.exe [172032 2011-10-31] (Agfa HealthCare)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2837864 2010-06-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-680020611-101842545-878744919-500\...\Run: [Advanced SystemCare 5] => C:\Users\Administrator\Desktop\Advanced SystemCare 5\ASCTray.exe [574296 2012-03-06] (IObit)
HKU\S-1-5-21-680020611-101842545-878744919-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-13] (Google Inc.)
HKU\S-1-5-21-680020611-101842545-878744919-500\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2013-03-04] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clinapps.lnk [2015-04-14]
ShortcutTarget: Clinapps.lnk -> C:\Program Files (x86)\Agfa\Clinapps\4.1.38.0\JVision\RUN.BAT ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-06-28] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = g.msn.com/HPCOM/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
HKU\S-1-5-21-680020611-101842545-878744919-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPCOM/19
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-680020611-101842545-878744919-500 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = google.com/search?q={searchTerms}
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-04-18] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-11] (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\microsoft office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-04-18] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-04] (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-04-18] (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-04-18] (AVAST Software)
DPF: HKLM-x32 {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///D:/CDVIEWER/CdViewer.cab
Tcpip\..\Interfaces\{74983563-4D23-45AD-A881-BD1D31A4F55A}: [NameServer] 8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-680020611-101842545-878744919-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-680020611-101842545-878744919-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-11-04]
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGFA IMPAX GTI AutoUpdateService; C:\Program Files\Agfa\GTIClient\AutoUpdateService\AutoUpdateService.exe [9216 2011-10-31] (Agfa Healthcare) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-04-18] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PACS Client Updater; C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [36864 2011-07-06] (Agfa Healthcare Inc.) [File not signed]
R2 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [1519168 2008-08-30] (UltraVNC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-04-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [64344 2011-04-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-04-18] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [600920 2011-04-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [287064 2011-04-18] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53592 2011-04-18] (AVAST Software)
S3 b7atikmdag; C:\Windows\System32\DRIVERS\b7atikmdag.sys [5832560 2011-05-06] (ATI Technologies Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-05-31] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 00:16 - 2015-05-31 23:57 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-31 23:57 - 2015-06-01 00:19 - 00012260 _____ () C:\zoek-results.log
2015-05-31 23:57 - 2015-06-01 00:13 - 00000000 ____D () C:\zoek_backup
2015-05-31 23:56 - 2015-05-31 23:56 - 01308672 _____ () C:\Users\Administrator\Downloads\zoek.exe
2015-05-31 23:50 - 2015-05-31 23:50 - 00005476 _____ () C:\Users\Administrator\Downloads\454218_621214382_AdwCleaner[S0].txt
2015-05-31 23:27 - 2015-06-01 00:20 - 00000000 ____D () C:\AdwCleaner
2015-05-31 23:26 - 2015-05-31 23:26 - 02223104 _____ () C:\Users\Administrator\Downloads\AdwCleaner.exe
2015-05-31 22:16 - 2015-05-31 22:16 - 00030596 _____ () C:\Users\Administrator\Downloads\454218_1068605920_Addition.txt
2015-05-31 22:10 - 2015-06-01 00:27 - 00012680 _____ () C:\Users\Administrator\Downloads\FRST.txt
2015-05-31 22:10 - 2015-05-31 22:11 - 00030596 _____ () C:\Users\Administrator\Downloads\Addition.txt
2015-05-31 22:09 - 2015-06-01 00:27 - 00000000 ____D () C:\FRST
2015-05-31 22:09 - 2015-05-31 22:09 - 02108928 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-05-31 21:57 - 2015-05-31 21:57 - 00001088 _____ () C:\Users\Administrator\Desktop\RegHunter.lnk
2015-05-31 21:57 - 2015-05-31 21:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Enigma Software Group
2015-05-31 21:57 - 2015-05-31 21:57 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-31 21:51 - 2015-06-01 00:19 - 00002656 _____ () C:\Windows\PFRO.log
2015-05-31 21:51 - 2015-06-01 00:19 - 00000224 _____ () C:\Windows\setupact.log
2015-05-31 21:51 - 2015-05-31 21:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-31 21:43 - 2015-05-31 21:50 - 00019305 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 21:03 - 2015-05-31 21:03 - 00029778 _____ () C:\Users\Administrator\Documents\cc_20150531_210313.reg
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-31 21:02 - 2015-05-31 21:02 - 00000000 ____D () C:\ProgramData\ATI
2015-05-31 20:40 - 2015-06-01 00:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 20:39 - 2015-05-31 20:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 20:39 - 2015-05-31 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 20:39 - 2015-05-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-31 20:39 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-31 20:39 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 20:39 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\Documents\Sports Interactive
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\Documents\CPY_SAVES
2015-05-31 08:20 - 2015-05-31 08:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Sports Interactive
2015-05-31 08:13 - 2015-05-31 20:57 - 00002896 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-31 08:13 - 2015-05-31 08:13 - 00000000 ____D () C:\searchplugins
2015-05-31 08:13 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-05-31 08:12 - 2015-06-01 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-31 08:11 - 2015-05-31 08:13 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-05-31 08:11 - 2015-05-31 08:11 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-05-31 07:48 - 2015-05-31 07:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Steam
2015-05-28 11:42 - 2015-05-28 11:42 - 00000000 ____D () C:\Users\Administrator\Desktop\DR MILJKO-MEŠA svibanj 2015
2015-05-27 13:36 - 2015-05-27 13:36 - 00000000 ____D () C:\Users\Administrator\Desktop\FZS ispiti svibanj 2015
2015-05-27 13:23 - 2015-05-27 13:36 - 00000000 ____D () C:\Users\Administrator\Documents\FZS ispiti svibanj 2015
2015-05-26 12:26 - 2015-05-26 12:27 - 00000000 ____D () C:\Users\Administrator\Desktop\tttg
2015-05-26 12:22 - 2015-05-26 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\Photoshop
2015-05-26 12:22 - 2015-05-26 12:22 - 00000000 ____D () C:\Windows\XSxS
2015-05-26 12:22 - 2011-05-02 07:04 - 171502133 _____ (Adobe Systems, Incorporated) C:\Users\Administrator\Desktop\Photoshop.exe
2015-05-25 11:28 - 2015-05-25 12:27 - 00000000 ____D () C:\Users\Administrator\Downloads\Toto Cutugno - Greatest Hits ( Disco, Dance, Pop ) 2014 @ 320
2015-05-25 11:27 - 2015-05-25 11:27 - 00017886 _____ () C:\Users\Administrator\Downloads\[kat.cr]toto.cutugno.greatest.hits.disco.dance.pop.2014.320.torrent
2015-05-22 11:47 - 2015-05-22 11:47 - 00000000 ____D () C:\Users\Administrator\Desktop\10^RTG snimak 2 exp_-lijevo koljeno,_246965
2015-05-19 13:26 - 2015-05-19 13:26 - 00000000 ____D () C:\Users\Administrator\Desktop\Ciljani snimak-kraniogram,_395494
2015-05-19 12:29 - 2005-03-26 21:40 - 03855660 _____ () C:\Users\Administrator\Desktop\Zlatan.wmv
2015-05-19 07:19 - 2015-04-29 23:06 - 00084005 _____ () C:\Users\Administrator\Desktop\Moonrise.Kingdom.2012.720p.BluRay.x264.YIFY.srt
2015-05-18 13:50 - 2015-05-18 13:50 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680020611-101842545-878744919-500Core1d09160e851193c.job
2015-05-13 08:28 - 2015-05-13 08:28 - 00000000 ____D () C:\Users\Administrator\Desktop\RTG snimak 2 exp_-desno koljeno,_392965
2015-05-12 09:25 - 2015-05-12 09:25 - 13716992 _____ () C:\Users\Administrator\Downloads\digitalna radiologija (1).ppt
2015-05-04 11:03 - 2015-05-04 11:04 - 13713920 _____ () C:\Users\Administrator\Downloads\digitalna radiologija.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 00:26 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 00:26 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 00:24 - 2009-07-14 07:13 - 00727202 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 00:20 - 2013-06-19 12:20 - 00000000 ____D () C:\Users\Administrator\Downloads\CT ante
2015-06-01 00:13 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-31 23:57 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2015-05-31 21:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-31 21:02 - 2013-01-17 09:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-05-31 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-31 20:51 - 2013-07-29 21:35 - 00000000 ____D () C:\Program Files (x86)\Rapider
2015-05-31 20:39 - 2013-03-07 13:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 19:21 - 2011-11-24 19:26 - 00000000 ____D () C:\Users\Public\Impax
2015-05-31 18:40 - 2011-11-04 15:26 - 00012087 _____ () C:\Users\Administrator\jinitiator13122.trace
2015-05-31 18:39 - 2011-10-11 23:47 - 00000000 ____D () C:\Users\Administrator
2015-05-28 13:31 - 2011-11-30 13:15 - 00000000 ____D () C:\Users\Administrator\.VirtualBox
2015-05-28 12:23 - 2015-04-13 09:00 - 00000000 ____D () C:\Users\Administrator\Desktop\Prikazi slučaja
2015-05-26 07:32 - 2012-05-23 11:32 - 00002410 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2015-05-25 12:33 - 2011-12-27 17:55 - 00000000 ____D () C:\Users\Administrator\Documents\MR nalazi mix
2015-05-19 13:09 - 2011-11-10 18:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Nalazi za dežuru
2015-05-18 13:50 - 2015-02-05 04:39 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680020611-101842545-878744919-500Core1d040ecf081b1d8.job
2015-05-18 13:07 - 2013-03-08 09:58 - 00000000 ____D () C:\Users\Administrator\Documents\Case report mix
2015-05-14 13:45 - 2015-04-02 11:27 - 00000000 ____D () C:\Users\Administrator\Desktop\UZORAK
2015-05-11 10:12 - 2014-06-26 16:47 - 00000000 ____D () C:\Users\Administrator\Documents\UZV-Dragan Mijatović
2015-05-08 07:31 - 2014-01-16 11:12 - 00000000 ____D () C:\DOCENT

==================== Files in the root of some directories =======

2011-10-11 23:47 - 2011-08-29 23:00 - 0003625 _____ () C:\Users\Administrator\AppData\Roaming\UserTile.png
2015-02-09 12:28 - 2015-02-09 12:28 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-27 16:12 - 2011-11-27 16:12 - 0004096 ____H () C:\Users\Administrator\AppData\Local\keyfile3.drm

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-01 01:04

==================== End of log ============================

Dopuna: 01 Jun 2015 0:25

ADDITION NE OTVARA!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li ga ima ne Desktopu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 01 Jun 2015 0:39

Nama ga na desktopu...

Dopuna: 01 Jun 2015 0:43

Jedan mi reče da probam s combo fix-om... Jel to riješenje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uninstaliraj RegHunter.

-------

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.