Reklame i sporiji rad racunara

1

Reklame i sporiji rad racunara

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Ovako u poslednje vreme kad idem na neki sajt ili neku temu na mycity prebaci me na drugi sajt pa sam koristio program adwcleaner i nije resio problem ovako racunar radi solidno al ponekad koci pa hocu da sve proverim.Evo izvestaja

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by KRCO (administrator) on KRCO-PC on 24-02-2015 14:56:06
Running from C:\Users\KRCO\Desktop
Loaded Profiles: KRCO (Available profiles: KRCO)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\MountPoints2: E - E:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1424445221&from=kmp&uid=WDCXWD3200AAKS-00L9A0_WD-WMAV2DV6717367173
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-25]
CHR Extension: (YouTube) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Google Search) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (CS:GO Lounge Bump Bot) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk [2015-01-17]
CHR Extension: (Refresh Monkey) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (ohlencieiipommannpdfcmfdpjjmeolj) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-02-24]
CHR Extension: (Gmail) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-25] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [26528 2014-12-24] (REALiX(tm))
S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdm64.sys [543744 2009-06-10] (Agere Systems)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S2 SPDRIVER_1507.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1507.0.0.0\jsdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:56 - 2015-02-24 14:56 - 00011325 _____ () C:\Users\KRCO\Desktop\FRST.txt
2015-02-24 14:55 - 2015-02-24 14:56 - 00000000 ____D () C:\FRST
2015-02-24 14:54 - 2015-02-24 14:54 - 02087424 _____ (Farbar) C:\Users\KRCO\Desktop\FRST64.exe
2015-02-21 18:41 - 2015-02-21 18:42 - 05135288 _____ (Piriform Ltd) C:\Users\KRCO\Desktop\spsetup128.exe
2015-02-21 18:34 - 2015-02-21 18:40 - 00000000 ____D () C:\Program Files (x86)\Winamp
2015-02-21 18:33 - 2015-02-21 18:34 - 17163336 _____ (Nullsoft, Inc.) C:\Users\KRCO\Desktop\winamp5666_full_all.exe
2015-02-21 18:24 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-21 18:24 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-21 18:24 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-21 18:24 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-21 18:15 - 2015-02-21 18:15 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\qualys
2015-02-20 17:48 - 2015-02-20 17:48 - 00455136 ____T () C:\Users\KRCO\AppData\Roaming\CrashRpt1402.dll
2015-02-20 17:48 - 2015-02-20 17:48 - 00000877 _____ () C:\Users\KRCO\Desktop\SIW x64 Home Edition.lnk
2015-02-20 17:48 - 2015-02-20 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2015-02-20 17:48 - 2015-02-20 17:48 - 00000000 ____D () C:\Program Files\SIW Home Edition
2015-02-20 17:46 - 2015-02-20 17:47 - 06324280 _____ (Topala Software Solutions ) C:\Users\KRCO\Desktop\siw-home-x64-setup.exe
2015-02-20 16:14 - 2015-02-20 16:14 - 00000622 _____ () C:\Users\KRCO\Desktop\KMPlayer.lnk
2015-02-20 16:14 - 2015-02-20 16:14 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2015-02-20 16:10 - 2015-02-20 16:11 - 35907256 _____ (PandoraTV) C:\Users\KRCO\Desktop\KMPlayer_3.9.1.133.exe
2015-02-20 16:07 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-20 16:05 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-20 16:05 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-20 16:04 - 2015-02-20 16:04 - 00000000 ____D () C:\NVIDIA
2015-02-20 15:46 - 2015-02-20 15:47 - 00000000 ____D () C:\Program Files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8
2015-02-20 15:46 - 2015-02-20 15:46 - 00205264 _____ () C:\Windows\SysWOW64\d.exe
2015-02-20 15:41 - 2015-02-22 13:51 - 00006470 _____ () C:\Windows\PFRO.log
2015-02-20 15:34 - 2015-02-20 15:35 - 00000000 ____D () C:\Program Files (x86)\cc22058d-71cf-44a6-bd72-d603db4b0d70
2015-02-20 15:34 - 2015-02-20 15:34 - 00205776 _____ () C:\Windows\SysWOW64\c.exe
2015-02-20 15:24 - 2015-02-20 15:31 - 00000000 ____D () C:\Users\KRCO\Desktop\Adil - MIX Uzivo
2015-02-20 15:24 - 2015-02-20 15:24 - 00004228 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_323035383335333531332d3437415a556c2a3223346c41
2015-02-20 15:24 - 2015-02-20 15:24 - 00001156 _____ () C:\Users\KRCO\Desktop\MP4 to MP3.lnk
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best MP4 to MP3 Converter
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Program Files (x86)\Best MP4 To MP3 Converter
2015-02-20 15:22 - 2015-02-20 15:23 - 12277300 _____ () C:\Users\KRCO\Desktop\bestmp4tomp3convertersetup.exe
2015-02-20 15:20 - 2015-02-20 15:20 - 110452328 _____ () C:\Users\KRCO\Desktop\proba.mp4
2015-02-20 15:09 - 2015-02-20 15:10 - 00103896 _____ (GreenTree Applications SRL) C:\Users\KRCO\Desktop\YTDSetup.exe
2015-02-19 18:49 - 2015-02-19 18:49 - 00000050 _____ () C:\Users\KRCO\Desktop\Offerbot.txt
2015-02-19 16:37 - 2015-02-19 16:37 - 00000000 ____D () C:\Users\KRCO\AppData\Local\Steam
2015-02-17 18:44 - 2015-02-17 18:44 - 23821006 _____ () C:\Users\KRCO\Desktop\Zvijezda Mozes Biti Ti [ZMBT] Baba Hana, Moj dilbere [Smijesno] [muzicki talent][1].mp4
2015-02-17 18:42 - 2015-02-17 18:42 - 00001309 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-02-17 18:03 - 2015-02-17 18:03 - 17612422 _____ () C:\Users\KRCO\Desktop\Zvijezda Mozes Biti Ti [ZMBT] Baba Hana, Moj dilbere [Smijesno] [muzicki talent].mp4
2015-02-17 17:40 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-17 17:40 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-17 17:40 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-17 17:40 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 13:53 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-15 13:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-15 13:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 13:53 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 13:53 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-15 13:53 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-15 13:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 13:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 13:53 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-15 13:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-15 13:53 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-15 13:53 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-15 13:53 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-15 13:53 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-15 13:53 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-15 13:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 13:53 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-15 13:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-15 13:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 13:53 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-15 13:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 13:53 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-15 13:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 13:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-15 13:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-15 13:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-15 13:53 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-15 13:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 13:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-15 13:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-15 13:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-15 13:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-15 13:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 13:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-15 13:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 13:53 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-15 13:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 13:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 13:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-15 13:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-15 13:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-15 13:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-15 13:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 13:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 13:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 13:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-15 13:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 13:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 13:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-15 13:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 13:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 13:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-15 13:52 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-15 13:52 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-15 13:52 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-15 13:52 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-15 13:52 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-15 13:52 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-15 13:52 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-15 13:52 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-15 13:52 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-15 13:52 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-15 13:52 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-15 13:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-15 13:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-15 13:52 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-15 13:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-15 13:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-15 13:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-15 13:52 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-15 13:52 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-15 13:52 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-15 13:52 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-15 13:52 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-15 13:52 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-15 13:52 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-15 13:52 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-15 13:52 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-15 13:52 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-15 13:52 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-15 13:52 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-15 13:52 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-15 13:52 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-15 13:52 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-15 13:52 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-15 13:52 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-15 13:52 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-15 13:52 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-15 13:51 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-15 13:51 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-15 13:51 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-15 13:51 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-15 13:51 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-15 13:05 - 2015-02-15 13:07 - 00000000 ____D () C:\Users\KRCO\Desktop\Nove Slike
2015-02-15 12:29 - 2015-02-15 12:29 - 00000000 ____D () C:\Users\KRCO\Documents\BioWare
2015-02-15 12:27 - 2015-02-15 12:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-15 12:27 - 2015-02-15 12:27 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-02-14 18:56 - 2015-02-14 18:57 - 00000000 ____D () C:\Users\KRCO\Desktop\cccccccccccccccccc
2015-02-14 18:33 - 2015-02-14 18:56 - 00000000 ____D () C:\Users\KRCO\Desktop\Dying.Light.Update.v1.4.0-RELOADED
2015-02-10 21:17 - 2015-02-10 21:20 - 00000000 ____D () C:\Program Files (x86)\Free YouTube Downloader
2015-02-10 13:50 - 2015-02-10 13:50 - 00001193 _____ () C:\Users\KRCO\Desktop\Evolve.lnk
2015-02-10 13:50 - 2015-02-10 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve
2015-02-10 13:31 - 2015-02-10 13:50 - 00000000 ____D () C:\Program Files (x86)\Evolve
2015-02-09 22:27 - 2015-02-10 13:11 - 00000000 ____D () C:\Users\KRCO\Desktop\Evolve
2015-02-09 20:21 - 2015-02-09 20:21 - 00000000 ____D () C:\Users\KRCO\Documents\WB Games
2015-02-09 20:16 - 2015-02-09 20:16 - 00001294 _____ () C:\Users\KRCO\Desktop\Middle Earth Shadow of Mordor.lnk
2015-02-09 20:16 - 2015-02-09 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor
2015-02-09 19:53 - 2015-02-09 20:21 - 00000000 ____D () C:\Program Files (x86)\Middle Earth Shadow of Mordor
2015-02-09 18:22 - 2015-02-09 18:22 - 00007606 _____ () C:\Users\KRCO\AppData\Local\Resmon.ResmonCfg
2015-02-09 02:18 - 2015-02-09 22:20 - 00000000 ____D () C:\Users\KRCO\Desktop\Middle Earth Shadow of Mordor
2015-02-08 16:34 - 2015-02-08 17:45 - 00000048 _____ () C:\Users\KRCO\Desktop\Hltv new pass.txt
2015-02-06 10:30 - 2015-02-06 10:30 - 00000031 _____ () C:\Users\KRCO\Desktop\wd.txt
2015-02-04 20:49 - 2015-02-04 20:49 - 00000000 ____D () C:\Users\KRCO\Documents\CPY_SAVES
2015-02-04 20:47 - 2015-02-04 13:54 - 00000000 ____D () C:\Users\KRCO\Desktop\(zabranjeno)
2015-02-04 20:46 - 2015-02-09 20:20 - 00000000 ____D () C:\Users\KRCO\Desktop\Update
2015-02-04 19:38 - 2015-02-04 20:45 - 00000000 ____D () C:\Users\KRCO\Desktop\Metal.Gear.Solid.V.Ground.Zeroes.UPDATE.1.0.0.3-CPY
2015-02-03 22:51 - 2015-02-03 22:52 - 00000000 ____D () C:\Users\KRCO\Desktop\BrownBunnies - Tori Taylor
2015-02-01 20:42 - 2015-02-01 20:50 - 00001861 _____ () C:\Users\KRCO\Desktop\CrystalDiskMark.lnk
2015-02-01 20:42 - 2015-02-01 20:42 - 00000000 ____D () C:\Users\KRCO\AppData\Local\CrystalDiskMark
2015-02-01 20:42 - 2015-02-01 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark
2015-02-01 20:42 - 2015-02-01 20:42 - 00000000 ____D () C:\Program Files\CrystalDiskMark
2015-02-01 20:41 - 2015-02-01 20:41 - 03958888 _____ (Crystal Dew World ) C:\Users\KRCO\Desktop\CrystalDiskMark3_0_3bShizuku-en.exe
2015-02-01 20:38 - 2015-02-01 20:38 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\HD Tune Pro
2015-02-01 20:32 - 2015-02-01 20:32 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Hard Disk Sentinel
2015-02-01 20:31 - 2015-02-01 20:33 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-02-01 01:00 - 2015-02-24 14:47 - 00006339 _____ () C:\Windows\setupact.log
2015-02-01 01:00 - 2015-02-01 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-30 14:30 - 2015-01-30 14:30 - 00000000 ____D () C:\Users\KRCO\Documents\Rockstar Games
2015-01-30 14:29 - 2015-01-30 14:29 - 00000041 _____ () C:\Users\KRCO\Desktop\Rockstar social club.txt
2015-01-30 14:23 - 2015-02-14 22:23 - 00000052 _____ () C:\Users\KRCO\Desktop\REP.txt
2015-01-30 14:21 - 2015-01-30 14:21 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-01-30 14:17 - 2015-01-30 14:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2015-01-30 14:17 - 2015-01-30 14:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-30 14:01 - 2015-01-31 00:31 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-01-30 12:45 - 2015-01-30 12:45 - 00000000 ____D () C:\Users\KRCO\Documents\DyingLight
2015-01-30 12:35 - 2015-02-14 18:57 - 00000000 ____D () C:\Program Files (x86)\Dying Light
2015-01-30 12:35 - 2015-01-30 12:35 - 00000844 _____ () C:\Users\Public\Desktop\Dying Light.lnk
2015-01-28 16:33 - 2015-01-28 16:33 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-27 21:12 - 2015-02-01 17:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-27 19:16 - 2015-01-27 21:17 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 19:15 - 2015-02-01 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty
2015-01-27 18:23 - 2015-01-27 18:25 - 00000000 ____D () C:\Users\KRCO\AppData\Local\Ahead
2015-01-27 18:23 - 2015-01-27 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
2015-01-27 18:22 - 2015-01-27 19:55 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Ahead
2015-01-27 18:22 - 2015-01-27 18:22 - 00000000 ____D () C:\ProgramData\Ahead
2015-01-27 18:21 - 2015-01-27 18:21 - 00000000 ____D () C:\ProgramData\Nero
2015-01-27 18:21 - 2015-01-27 18:21 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-01-27 17:35 - 2015-01-27 17:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-27 17:35 - 2015-01-27 17:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-27 17:35 - 2015-01-27 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-27 17:26 - 2015-01-13 05:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-27 17:26 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-27 17:26 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-27 13:53 - 2009-10-11 21:58 - 01177600 _____ (AD) C:\Windows\SysWOW64\SYNSOEMU.DLL
2015-01-27 13:45 - 2015-01-27 13:45 - 00000000 ____D () C:\ProgramData\Steinberg
2015-01-27 13:44 - 2015-01-27 17:34 - 00000000 ____D () C:\Program Files (x86)\Steinberg
2015-01-27 13:44 - 2015-01-27 13:55 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Steinberg
2015-01-25 12:55 - 2015-01-25 12:57 - 00000000 ____D () C:\Users\KRCO\Desktop\Tonce nove slike

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:54 - 2014-11-25 02:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-24 14:54 - 2009-07-14 05:45 - 00028976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:54 - 2009-07-14 05:45 - 00028976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:53 - 2014-11-25 01:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 14:50 - 2014-12-24 15:40 - 01115378 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 14:47 - 2014-11-27 07:00 - 00000000 ____D () C:\ProgramData\MCShield
2015-02-24 14:47 - 2014-11-25 01:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 14:47 - 2014-11-24 22:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 14:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 14:07 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 18:39 - 2014-11-25 02:53 - 00000000 ____D () C:\KMPlayer
2015-02-21 18:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-20 16:19 - 2014-11-25 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-20 16:19 - 2014-11-24 22:13 - 00001003 _____ () C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-20 16:08 - 2014-11-25 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-20 15:35 - 2014-12-11 21:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-20 15:27 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-20 15:26 - 2014-11-26 08:37 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-20 12:51 - 2009-07-14 06:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-17 19:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 14:21 - 2009-07-14 05:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 14:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-15 13:59 - 2014-11-24 22:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 13:55 - 2014-11-24 22:58 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-15 12:02 - 2014-11-25 01:52 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\uTorrent
2015-02-11 00:16 - 2014-11-25 01:35 - 00000000 ____D () C:\Users\KRCO\AppData\Local\NVIDIA
2015-02-11 00:15 - 2014-11-26 01:37 - 00000000 ____D () C:\Users\KRCO\AppData\Local\NVIDIA Corporation
2015-02-09 19:52 - 2014-11-25 01:54 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\DAEMON Tools Lite
2015-02-07 18:24 - 2014-12-17 17:55 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Skype
2015-02-05 22:01 - 2014-11-25 02:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-05 22:01 - 2014-11-25 02:41 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-05 22:01 - 2014-11-25 02:41 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-05 22:01 - 2014-11-25 02:41 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-05 22:01 - 2014-11-24 22:51 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 22:01 - 2014-11-24 22:51 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 22:01 - 2014-08-20 07:14 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-08-20 07:14 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-11-24 22:52 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-11-24 22:52 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-11-24 22:52 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-11-24 22:52 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-11-24 22:52 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-11-24 22:52 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 17:10 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-05 13:50 - 2014-11-24 22:52 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-05 13:48 - 2014-11-25 01:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 13:48 - 2014-11-25 01:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 20:48 - 2014-12-19 12:09 - 00000000 ____D () C:\Program Files (x86)\Metal Gear Solid V Ground Zeroes
2015-02-02 23:08 - 2014-11-25 06:13 - 00000115 _____ () C:\Users\KRCO\Desktop\bitsoup.org.txt
2015-01-30 14:34 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-28 16:38 - 2014-11-25 00:31 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-27 18:25 - 2014-11-25 01:46 - 00000000 ___RD () C:\Users\KRCO\Desktop\Programi
2015-01-27 17:24 - 2014-12-25 00:18 - 00000000 ___RD () C:\Users\KRCO\Desktop\Muzika
2015-01-27 17:24 - 2014-11-25 01:46 - 00000000 ____D () C:\Users\KRCO\Desktop\Igre

==================== Files in the root of some directories =======

2015-02-20 17:48 - 2015-02-20 17:48 - 0455136 ____T () C:\Users\KRCO\AppData\Roaming\CrashRpt1402.dll
2014-11-26 08:50 - 2014-11-26 08:50 - 1396136 _____ (Object Browser) C:\Users\KRCO\AppData\Roaming\CTWFEI.exe
2014-11-26 08:49 - 2014-11-26 08:49 - 1884072 _____ (Object Browser) C:\Users\KRCO\AppData\Roaming\JZHPXIW.exe
2015-02-09 18:22 - 2015-02-09 18:22 - 0007606 _____ () C:\Users\KRCO\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\KRCO\AppData\Local\Temp\bitool.dll
C:\Users\KRCO\AppData\Local\Temp\cabex.dll
C:\Users\KRCO\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\KRCO\AppData\Local\Temp\nvStInst.exe
C:\Users\KRCO\AppData\Local\Temp\setup.exe
C:\Users\KRCO\AppData\Local\Temp\tu17p84.exe
C:\Users\KRCO\AppData\Local\Temp\unelevate.exe
C:\Users\KRCO\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed


C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 13:57

==================== End Of Log ============================



https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav KRCO95,

Pokretanje AdwCleaner na slepo bez nekih preliminarnih koraka je velika greska. Cak neki iskusniji experti prvo puste adwcleaner a zatim ciste ostatke sto je greska.
AdwareCleaner je alat koji ce ciljati samo njemu poznate unose a autori adware programa stalno menjanu default unose da bi izbegli ukalanjanje. Rezultati su zaostale vrednosti i ostecen (citaj: ne uklonjen pravilno) program ...


Bilo ako bilo, zeleo bih da pocnem sa velikim momkom ...




1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);

Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.


------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

ComboFix 15-02-16.01 - KRCO 02/24/2015 15:25:40.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1862 [GMT 1:00]
Running from: c:\users\KRCO\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8\27ac1880-c6fc-47ac-9549-8461991ea982.dll
c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8\6e8db635-70f1-4f97-8829-e98bb98abecb.dll
c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8\987f8399-ab08-44c2-918e-5f79b577abd8.dll
c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8\c73e66a7-f4a1-4246-a57a-fa8665a5c27c.dll
c:\program files (x86)\Adobe\3ef0d304-9548-46ab-b454-1ba05c30be0d.dll
c:\program files (x86)\Adobe\cc22058d-71cf-44a6-bd72-d603db4b0d70.dll
c:\program files (x86)\cc22058d-71cf-44a6-bd72-d603db4b0d70\50927ef2-b71c-4f1f-b09f-70cb492b7a14.dll
c:\program files (x86)\cc22058d-71cf-44a6-bd72-d603db4b0d70\7a4199a4-4669-4f86-babd-ed32f9db0486.dll
c:\windows\msdownld.tmp
c:\windows\SysWow64\c.exe
c:\windows\SysWow64\d.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPDRIVER_1507.0.0.0
-------\Service_SPDRIVER_1507.0.0.0
.
.
((((((((((((((((((((((((( Files Created from 2015-01-24 to 2015-02-24 )))))))))))))))))))))))))))))))
.
.
2015-02-24 14:35 . 2015-02-24 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-24 13:55 . 2015-02-24 13:57 -------- d-----w- C:\FRST
2015-02-21 17:35 . 2015-02-21 17:40 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2015-02-21 17:34 . 2015-02-21 17:40 -------- d-----w- c:\program files (x86)\Winamp
2015-02-21 17:24 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-21 17:24 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-21 17:24 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-21 17:24 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-21 17:15 . 2015-02-21 17:15 -------- d-----w- c:\users\KRCO\AppData\Roaming\qualys
2015-02-21 12:22 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{466329FA-CE1B-4E4F-B15E-E4994EE2AFA2}\mpengine.dll
2015-02-20 16:48 . 2015-02-20 16:48 455136 ----atw- c:\users\KRCO\AppData\Roaming\CrashRpt1402.dll
2015-02-20 16:48 . 2015-02-24 14:08 -------- d-----w- c:\program files\SIW Home Edition
2015-02-20 15:07 . 2015-02-05 17:57 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-20 15:04 . 2015-02-20 15:04 -------- d-----w- C:\NVIDIA
2015-02-20 14:46 . 2015-02-24 14:31 -------- d-----w- c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8
2015-02-20 14:34 . 2015-02-24 14:32 -------- d-----w- c:\program files (x86)\cc22058d-71cf-44a6-bd72-d603db4b0d70
2015-02-20 14:24 . 2015-02-20 14:24 -------- d-----w- c:\program files\Common Files\ShopperPro
2015-02-20 14:24 . 2015-02-20 14:24 -------- d-----w- c:\program files (x86)\Best MP4 To MP3 Converter
2015-02-19 15:37 . 2015-02-19 15:37 -------- d-----w- c:\users\KRCO\AppData\Local\Steam
2015-02-17 16:40 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-17 16:40 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-17 16:40 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-17 16:40 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-15 12:52 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-15 12:51 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-15 12:51 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-15 12:51 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-15 12:51 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-15 12:51 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-15 11:27 . 2015-02-15 11:27 -------- d-----w- c:\programdata\Origin
2015-02-15 11:27 . 2015-02-15 11:27 -------- d-----w- c:\programdata\Electronic Arts
2015-02-10 20:17 . 2015-02-10 20:20 -------- d-----w- c:\program files (x86)\Free YouTube Downloader
2015-02-10 12:31 . 2015-02-10 12:50 -------- d-----w- c:\program files (x86)\Evolve
2015-02-09 18:53 . 2015-02-09 19:21 -------- d-----w- c:\program files (x86)\Middle Earth Shadow of Mordor
2015-02-01 19:42 . 2015-02-01 19:42 -------- d-----w- c:\users\KRCO\AppData\Local\CrystalDiskMark
2015-02-01 19:42 . 2015-02-01 19:42 -------- d-----w- c:\program files\CrystalDiskMark
2015-02-01 19:38 . 2015-02-01 19:38 -------- d-----w- c:\users\KRCO\AppData\Roaming\HD Tune Pro
2015-02-01 19:32 . 2015-02-01 19:32 -------- d-----w- c:\users\KRCO\AppData\Roaming\Hard Disk Sentinel
2015-02-01 19:31 . 2015-02-01 19:33 -------- d-----w- c:\program files (x86)\Hard Disk Sentinel
2015-01-30 13:21 . 2015-01-30 13:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2015-01-30 13:17 . 2015-01-30 13:17 -------- d-----w- c:\windows\SysWow64\xlive
2015-01-30 13:17 . 2015-01-30 13:17 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2015-01-30 13:01 . 2015-01-30 23:31 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-01-30 11:35 . 2015-02-14 17:57 -------- d-----w- c:\program files (x86)\Dying Light
2015-01-28 15:33 . 2015-01-28 15:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2015-01-27 20:12 . 2015-02-01 16:33 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-01-27 20:03 . 2015-01-27 20:03 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2015-01-27 17:23 . 2015-01-27 17:25 -------- d-----w- c:\users\KRCO\AppData\Local\Ahead
2015-01-27 17:22 . 2015-01-27 18:55 -------- d-----w- c:\users\KRCO\AppData\Roaming\Ahead
2015-01-27 17:22 . 2015-01-27 17:22 -------- d-----w- c:\programdata\Ahead
2015-01-27 17:21 . 2015-01-27 17:22 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2015-01-27 17:21 . 2015-01-27 17:21 -------- d-----w- c:\programdata\Nero
2015-01-27 17:21 . 2015-01-27 17:21 -------- d-----w- c:\program files (x86)\Nero
2015-01-27 16:35 . 2015-01-27 16:36 -------- d-----w- c:\program files\CCleaner
2015-01-27 16:26 . 2015-01-13 04:15 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-01-27 16:26 . 2015-01-10 08:07 1895240 ----a-w- c:\windows\system32\nvdispco6434725.dll
2015-01-27 16:26 . 2015-01-10 08:07 1556808 ----a-w- c:\windows\system32\nvdispgenco6434725.dll
2015-01-27 12:53 . 2009-10-11 20:58 1177600 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2015-01-27 12:53 . 2015-01-27 12:53 -------- d-----w- c:\program files (x86)\Common Files\VST3
2015-01-27 12:45 . 2015-01-27 12:45 -------- d-----w- c:\programdata\Steinberg
2015-01-27 12:44 . 2015-01-27 16:34 -------- d-----w- c:\program files (x86)\Steinberg
2015-01-27 12:44 . 2015-01-27 12:55 -------- d-----w- c:\users\KRCO\AppData\Roaming\Steinberg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-15 12:55 . 2014-11-24 21:58 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 21:01 . 2014-11-25 01:41 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-02-05 21:01 . 2014-11-25 01:41 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2015-02-05 21:01 . 2014-11-25 01:41 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-02-05 21:01 . 2014-11-25 01:41 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-02-05 21:01 . 2014-11-24 21:51 74056 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2014-11-24 21:51 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-05 21:01 . 2014-08-20 06:14 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-05 19:07 . 2014-11-24 21:52 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2014-11-24 21:52 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2014-11-24 21:52 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2014-11-24 21:52 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2014-11-24 21:52 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2014-11-24 21:52 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 12:50 . 2014-11-24 21:52 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2014-12-24 14:33 . 2014-12-24 14:33 26528 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-19 12:21 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-19 12:21 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-13 10:08 . 2014-12-24 10:54 1895056 ----a-w- c:\windows\system32\nvdispco6434709.dll
2014-12-13 10:08 . 2014-12-24 10:54 1556624 ----a-w- c:\windows\system32\nvdispgenco6434709.dll
2014-12-11 17:47 . 2015-01-19 12:21 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-19 12:21 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-19 12:21 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-19 12:21 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"MCShield Monitor"="c:\program files (x86)\MCShield\MCShieldRTM.exe" [2014-04-11 650816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 17:54 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 00:43]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 00:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-05 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-02-05 1514528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\IoctlSvc.exe
.
**************************************************************************

.
Completion time: 2015-02-24 15:49:01 - machine was rebooted
ComboFix-quarantined-files.txt 2015-02-24 14:48
.
Pre-Run: 113,969,229,824 bytes free
Post-Run: 113,344,217,088 bytes free
.
- - End Of File - - 09C359391BD34FBA10806E4E89F95146
A36C5E4F47E84449FF07ED3517B43A31



https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

U redu, nacinili smo fin napredak. Idemo dalje ...




Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

c:\program files\Common Files\ShopperPro;fs
FFDefaults;
ohlencieiipommannpdfcmfdpjjmeolj;chr
CHRDefaults;
AutoClean;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.




Arrow Resetuj oba browsera, Firefox i Chrome na njihova default (podrazumevana) podesavanja. Evo kako to da uradis;

https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings
https://support.google.com/chrome/answer/3296214?hl=en


Arrow Reci mi kakvo je sada stanje?

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Evo rezultata sad je bolje i za sad mi ne izbacuje vise nista a i cini mi se da radi za nijansu brze racunar i chrome ne mogu da verujem hvala ti puno car si ! Reci mi sta je bio kvar i sta sad ja ustvari sad radio sve ? Ziveli

Zoek.exe v5.0.0.0 Updated 23-February-2015
Tool run by KRCO on Tue 02/24/2015 at 16:24:29.34.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KRCO\Desktop\fff\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

2/24/2015 4:25:11 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\987f8399-ab08-44c2-918e-5f79b577abd8 deleted successfully
C:\PROGRA~2\cc22058d-71cf-44a6-bd72-d603db4b0d70 deleted successfully
C:\PROGRA~2\InstallShield Installation Information deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Winamp deleted successfully
C:\PROGRA~2\COMMON~1\VST3 deleted successfully
C:\Program Files\SIW Home Edition deleted successfully
C:\Users\KRCO\AppData\Roaming\Opera Software deleted successfully
C:\Users\KRCO\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c29e510-d865-4c4d-a13b-aed14025dee2} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16C5220-8F8C-4CA9-B144-25FC5DB3FBE6} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F15A936-D2D1-4276-AC79-DEE916151B88} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{534B5F68-1F8B-4DF0-A6C4-ABEFAFF41BCA} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57ACE3BE-C177-4236-94E5-B52F9F11EA9} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57F55A5-9343-467E-A1A1-3CDDE7C6EA12} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A79974C-12A5-4265-B44D-AD1CCA396E8D} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B06320A-B335-47FC-8CCE-DEEB8471EEBF} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86B9DE04-5ED5-4B75-87DF-E68A89C5AC79} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86EDCC21-6EF4-4BB4-A1BD-97F26935DE51} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B969E9-F601-4C27-A39D-7A9E1ED91348} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CEA5515-7707-4F91-B163-C69CFCB663ED} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900bd2ee-db2a-4820-b63a-d01a00b10b6b} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96750C57-8BBB-4BAB-889F-74E869828227} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97F40F35-8E9B-4817-9C3F-B6D57C27657B} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A60E581-8239-4DE2-A4E0-E2BBDADAC89B} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FAB90BC-8F62-4A71-988A-572EEA2F3477} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1567AC6-AF39-4C72-8C7C-CCA229991224} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A61CF2B0-8FB8-4B69-B89D-A2F3CBBD35DD} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9AC24A9-8DA9-4B2C-B9BF-EE335EA4C292} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9DCC085-C301-4827-8F9-153F4F7675} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9753C6-9776-472B-8AD9-73121A125854} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0AAA9F3-289-4834-BC5-18402EFFEC95} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2179D29-65D9-4A02-95C6-DA23358A7985} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B322D185-793-49FF-8890-64CA62C2C5D2} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B859B726-5E6C-4E5C-BDD4-AE19A30CA56} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C120FBEC-DC36-4C5E-A6EB-6E46A21AC875} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7B653CB-2CF9-4C34-BAA7-195E2F48B40} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4F6FE02-6F22-471A-933A-A6FDADAE2DCE} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7304F81-2C44-4F67-90CA-162C7E99646} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8B8AE41-A46E-41AA-8657-EEBED52D7FE4} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da373667-534d-4b05-a854-8a0e636e3abd} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD72B49C-43B2-4379-A551-D937569E3F3E} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E026F5CE-6EB6-45D5-B324-6F24CDF13BFB} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4C0A0CA-C7C4-459A-BD11-3143ABA27963} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea94b084-4ea0-472b-99bb-a478e8ef8acb} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c29e510-d865-4c4d-a13b-aed14025dee2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900bd2ee-db2a-4820-b63a-d01a00b10b6b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da373667-534d-4b05-a854-8a0e636e3abd} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea94b084-4ea0-472b-99bb-a478e8ef8acb} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\987f8399-ab08-44c2-918e-5f79b577abd8 not found
C:\PROGRA~2\cc22058d-71cf-44a6-bd72-d603db4b0d70 not found
C:\PROGRA~2\InstallShield Installation Information not found
C:\PROGRA~2\MSXML 4.0 not found
C:\PROGRA~2\Winamp not found
C:\PROGRA~2\Uninstall Information deleted
c:\program files\Common Files\ShopperPro deleted
C:\PROGRA~2\1a4c4052-fbfc-4489-a8b8-7ce7471487e4 deleted
C:\Users\KRCO\AppData\Roaming\CrashRpt1402.dll deleted
C:\PROGRA~3\ReviverSoft\PC Reviver deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\KRCO\AppData\Local\Installer deleted
C:\Users\Public\Documents\GOOBZO deleted
C:\Users\Public\Documents\ShopperPro deleted
C:\Users\Public\Documents\YTAHelper deleted
C:\windows\SysNative\Tasks\SPBIW_UpdateTask_Time_323035383335333531332d3437415a556c2a3223346c41 deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted
C:\Users\KRCO\AppData\Roaming\CTWFEI.exe deleted
C:\Users\KRCO\AppData\Roaming\JZHPXIW.exe deleted

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

Google Drive - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
CS GO Lounge Bump Bot - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk
Refresh Monkey - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd
Google Wallet - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
ohlencieiipommannpdfcmfdpjjmeolj - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj
Gmail - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.savegames.us_0.localstorage deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.savegames.us_0.localstorage-journal deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage-journal deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KRCO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KRCO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=46 folders=38 30048919 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\KRCO\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KRCO\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Tue 02/24/2015 at 16:40:51.24 ======================

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Naravno da radi brze, s'a si mislio.


Instalirao si legitimni Best MP4 To MP3 Converter program pre 4 dana i uz njega doveo raznoraznog adware usled nepravilne instalacije, nisi citao sta instaliras, samo si kliktao 'next > next'.

Bilo je tu i ostalog raznog smeca ... sve smo to ocistili, citaj to kao da smo okupali Windows. Sada je cist i mirise. Very Happy






Odradimo jos ARK proveru, znaj da je ovo cista formalnost, ne ocekujem da cemo naci neki ozbiljan RootKit.





Preuzmi program GMER, RootKit Detektor i sačuvati ga na Desktop:
Napomena: alat nosi nasumice generisan naziv. Na samoj ikonici će jasno pisati GMER.


Dvoklikom pokreni GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;
klikni dugme [Scan] i sačekaj da skeniranje bude završeno;
klikni dugme [Save ...] - izveštaj sačuvaj na Desktop pod nazivom ARK;

kliknite taster >>> i odaberite Autostart karticu;
klikni dugme [Scan];
po završetku kratkotrajnog skeniranja, klikni [Copy];
otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop pod nazivom autostart;



Priloži oba GMER izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Hmm jeste secam se to sam neki mix sa youtube prvo dw a on bio drugi format pa posto hocu u kolimada slusam skinuo sam taj program i konvertovao u mp3 dobro sto si mi rekao...evo ova dva fajla pa "baci" pogled valjda nema nista Very Happy

https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Na zalost, ne mogu te proglasiti cistim na osnovu GMER logova. Moramo jos jednu proveru da uradimo...







Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Evo na kraju je pisalo da nije detektovan virus...evo izvestaja

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.02.25.04
rootkit: v2015.02.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
KRCO :: KRCO-PC [administrator]

2/25/2015 1:46:29 PM
mbar-log-2015-02-25 (13-46-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 343502
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

E sada mogu da te oslobodim. Razz





Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 779 korisnika na forumu :: 1 registrovan, 0 sakrivenih i 778 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: pein