problem sa browserom bitable.com

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Prilikom otvaranja browsera ( Mozzila Firefox ) kao pocetna stranica mi se pojavljuje bitable.com

otprilike tri dana ima kako se to pocelo ispoljavati, a ne mogu sa sigurnoscu reci sta sam u to vrijeme instalisao osim da je to bio neki auslogics defragmentor i neki mp3 cutter koje sam deinstalisao
pokusavao sam sa system restore i nije pomoglo
takodje sam vratio browser na pocetna podesavanja pa ni to nije pomoglo
od zastite ne koristim nijedan antivirus vec samo malwarebytes Anti-Malware i skoro sam skenirao sa Sophos-om
strpljivo cu sacekati vasu pomoc i rado prihvatiti svaki savjet a posebno onaj koji se odnosi na navedeni problem, a svakako su mi dobrodosli svajeti i misljenja oko eventualnih gresaka koje cinim

FRST.txt :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by dacho (administrator) on DACHO-PC on 14-11-2014 14:13:48
Running from C:\Users\dacho\Downloads
Loaded Profile: dacho (Available profiles: dacho)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Box, Inc.) C:\Program Files\Box\Box for Office\UpgradeService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\dacho\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Yandex) C:\Users\dacho\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe
(Yandex) C:\Users\dacho\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\S-1-5-21-627342324-2705115303-4245852246-1000\...\Run: [uTorrent] => C:\Users\dacho\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-30] (BitTorrent Inc.)
HKU\S-1-5-21-627342324-2705115303-4245852246-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-627342324-2705115303-4245852246-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-627342324-2705115303-4245852246-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {472d7e0f-709e-3d42-adf8-3ccc2f0ed21c} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {697ea78e-7d56-3e3d-9463-70807d4e6c6c} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {d9161200-fd91-3d5f-91bf-3b63c48f2ee4} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {3e98134b-38c1-3752-87b3-7dc5a5c95620} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = bitable.com/
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 79.143.160.20 79.143.168.8

FireFox:
========
FF ProfilePath: C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420
FF Homepage: google.ba/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml

Chrome:
=======
CHR Profile: C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoSavve) - C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\faigimllchebknoimjdjepgfgmmahlon [2014-09-28]
CHR Extension: (PhotoMania) - C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj [2014-09-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Box for Office Upgrade Service; C:\Program Files\Box\Box for Office\UpgradeService.exe [25632 2014-11-03] (Box, Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28184 2014-09-24] (Box, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-10-22] (RaMMicHaeL)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2009-08-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20736 2009-08-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2009-08-11] (LG Electronics Inc.)
R3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 14:13 - 2014-11-14 14:14 - 00010229 _____ () C:\Users\dacho\Downloads\FRST.txt
2014-11-14 14:13 - 2014-11-14 14:13 - 01108480 _____ (Farbar) C:\Users\dacho\Downloads\FRST.exe
2014-11-14 14:13 - 2014-11-14 14:13 - 00000000 ____D () C:\FRST
2014-11-14 13:51 - 2014-11-14 13:51 - 00000000 ____D () C:\Users\dacho\Documents\Old Firefox Data
2014-11-14 13:49 - 2014-11-14 13:49 - 00153859 _____ () C:\Users\dacho\Documents\bookmarks.html
2014-11-14 13:34 - 2014-11-14 13:34 - 00007466 _____ () C:\Users\dacho\Documents\install.txt
2014-11-12 14:52 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 14:52 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 14:52 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 14:52 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 14:52 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 14:52 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 14:52 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 14:52 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:52 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 14:52 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 14:52 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 14:52 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 14:52 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 14:52 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 14:52 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 14:52 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 14:52 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 14:52 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 14:52 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 14:52 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 14:52 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 14:52 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 14:52 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 14:52 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 14:52 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 14:52 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 14:52 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 14:52 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:52 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:52 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 14:52 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 14:52 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:52 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:52 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:52 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:52 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:52 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:52 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:52 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:52 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:52 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 14:52 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 14:52 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 14:52 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 14:52 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 14:52 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 14:52 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 14:52 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 14:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 14:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:51 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 14:51 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 14:51 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 14:51 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 14:51 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 14:51 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 14:39 - 2014-11-14 13:27 - 00000840 _____ () C:\Windows\setupact.log
2014-11-12 14:39 - 2014-11-12 14:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-11 17:17 - 2014-11-14 13:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-11 16:20 - 2014-11-14 13:35 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-10 19:54 - 2014-11-10 19:54 - 00000011 ____R () C:\Windows\amunres.lsl
2014-11-10 13:18 - 2014-11-10 13:18 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Apple Computer
2014-11-09 23:22 - 2014-11-14 13:24 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-09 23:16 - 2014-11-09 23:21 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\CyberLink
2014-11-09 23:16 - 2014-11-09 23:16 - 00000000 ____D () C:\Users\dacho\Documents\CyberLink
2014-11-09 23:14 - 2014-11-14 13:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-09 23:13 - 2014-11-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-09 23:13 - 2014-11-14 13:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-09 23:13 - 2014-11-14 13:24 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-09 23:12 - 2014-11-14 13:25 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-11-09 23:12 - 2014-11-14 13:24 - 00000000 ____D () C:\ProgramData\Apple
2014-11-09 23:12 - 2014-11-09 23:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-09 23:12 - 2014-11-09 23:12 - 00000000 ____D () C:\Users\dacho\AppData\Local\Apple
2014-11-09 23:12 - 2014-11-09 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-09 23:11 - 2014-11-14 13:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2014-11-09 23:07 - 2014-11-14 13:24 - 00000000 ____D () C:\ProgramData\Temp
2014-11-09 23:07 - 2014-11-14 13:24 - 00000000 ____D () C:\ProgramData\install_clap
2014-11-09 23:07 - 2014-11-09 23:25 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-09 23:07 - 2014-11-09 23:14 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-09 14:00 - 2014-11-07 15:10 - 00000117 _____ () C:\Users\dacho\Documents\kako ste se osjecali.txt
2014-11-09 13:00 - 2014-11-05 23:32 - 00000035 _____ () C:\Users\dacho\Documents\histats.txt
2014-11-08 18:28 - 2014-11-13 21:09 - 00000270 _____ () C:\Users\dacho\Documents\youtub.txt
2014-11-08 16:49 - 2014-11-08 16:49 - 00000000 ____D () C:\Users\dacho\AppData\Local\Audiggle_LTD
2014-11-08 16:43 - 2014-11-14 13:25 - 00000000 ____D () C:\Program Files\Audiggle
2014-11-08 16:43 - 2014-11-08 16:51 - 00000000 ____D () C:\Users\dacho\Documents\Audiggle
2014-11-08 16:21 - 2014-11-12 14:45 - 00000000 ____D () C:\Program Files\RelevantKnowledge
2014-11-08 14:26 - 2014-11-08 14:26 - 00000000 ____D () C:\ProgramData\Auslogics
2014-11-07 21:33 - 2014-11-14 13:24 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2014-11-07 21:33 - 2014-11-07 21:33 - 00000000 ____D () C:\Program Files\NirSoft
2014-11-04 20:33 - 2009-08-11 09:58 - 00024832 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbmodem.sys
2014-11-04 20:33 - 2009-08-11 09:58 - 00020736 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbdiag.sys
2014-11-04 20:33 - 2009-08-11 09:58 - 00013056 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbbus.sys
2014-11-04 20:32 - 2014-11-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite II
2014-11-04 20:32 - 2009-07-09 20:08 - 00630784 _____ (ComponentOne) C:\Windows\system32\vsflex8u.ocx
2014-11-04 20:32 - 2009-07-09 19:58 - 01164728 _____ (NuMedia Soft, Inc.) C:\Windows\system32\NMSDVDXU.dll
2014-11-04 20:32 - 2009-07-09 19:58 - 00419240 _____ (VideoSoft) C:\Windows\system32\Vsflex7L.ocx
2014-11-04 20:32 - 2009-07-09 19:58 - 00244416 _____ (Microsoft Corporation) C:\Windows\system32\Msflxgrd.ocx
2014-11-04 20:31 - 2014-11-04 20:31 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\InstallShield
2014-11-04 19:42 - 2014-11-14 13:25 - 00000000 ____D () C:\Program Files\LG Electronics
2014-11-04 18:53 - 2014-11-04 18:53 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\WebExtend
2014-11-04 17:58 - 2014-11-04 18:01 - 00040555 _____ () C:\V041114_17.370001.3gp
2014-11-04 16:38 - 2014-11-14 13:24 - 00000000 ____D () C:\Program Files\Opera
2014-11-04 16:38 - 2014-11-04 16:38 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-11-04 16:38 - 2014-11-04 16:38 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Opera Software
2014-11-04 16:38 - 2014-11-04 16:38 - 00000000 ____D () C:\Users\dacho\AppData\Local\Opera Software
2014-11-03 13:37 - 2014-11-03 13:37 - 00000000 ____D () C:\Users\dacho\AppData\Local\Box
2014-10-31 20:43 - 2014-11-04 19:28 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-25 11:49 - 2014-10-25 11:49 - 00000648 _____ () C:\Users\dacho\Desktop\d@Ccho.lnk
2014-10-24 19:24 - 2014-10-25 14:46 - 00000000 ____D () C:\ProgramData\ReviverSoft
2014-10-24 19:24 - 2014-02-01 04:12 - 00196662 _____ () C:\Windows\system32\uxstartup.bmp
2014-10-24 19:24 - 2007-11-24 06:00 - 00517120 _____ () C:\Windows\system32\CLWCP.exe
2014-10-24 19:24 - 2006-12-03 16:15 - 00069632 _____ () C:\Windows\system32\moveex.exe
2014-10-24 18:46 - 2014-10-24 18:46 - 00064488 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-10-24 18:44 - 2014-11-14 13:24 - 00000000 ____D () C:\Program Files\UX Pack
2014-10-24 18:44 - 2003-08-19 00:44 - 00118845 _____ (Matt Ginzton) C:\Windows\Flurry.scr
2014-10-23 19:30 - 2014-11-14 13:24 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\FastCopy
2014-10-23 19:30 - 2014-11-14 13:24 - 00000000 ____D () C:\Program Files\FastCopy
2014-10-21 15:55 - 2014-11-03 17:42 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\TeamViewer
2014-10-21 15:41 - 2014-10-21 15:41 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-21 15:41 - 2014-10-21 15:41 - 00000000 ____D () C:\Program Files\TeamViewer
2014-10-16 11:38 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 11:37 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 11:37 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 11:37 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 11:37 - 2014-07-17 02:39 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 11:37 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 11:37 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 11:37 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 11:37 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 11:37 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 11:37 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 11:37 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 11:37 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 11:36 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 11:36 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 11:36 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 11:36 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 11:36 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 11:36 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 13:41 - 2014-10-15 13:41 - 00000000 ____D () C:\Users\dacho\AppData\Local\fontconfig
2014-10-15 12:22 - 2014-11-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-10-15 12:22 - 2014-11-14 13:24 - 00000000 ____D () C:\Program Files\Unchecky
2014-10-15 12:22 - 2014-11-08 16:20 - 00000000 ____D () C:\ProgramData\Unchecky
2014-10-15 11:13 - 2014-11-14 13:24 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Anvsoft
2014-10-15 11:13 - 2014-11-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-10-15 11:13 - 2014-10-15 11:13 - 00000000 ____D () C:\Users\dacho\Documents\Any Video Converter
2014-10-15 11:13 - 2014-10-15 11:13 - 00000000 ____D () C:\Program Files\AnvSoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 14:14 - 2014-08-24 19:37 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\uTorrent
2014-11-14 14:05 - 2014-09-21 16:40 - 00000000 ___RD () C:\Users\dacho\YandexDisk
2014-11-14 13:36 - 2014-08-24 18:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 13:34 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 13:34 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 13:33 - 2014-08-24 17:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-14 13:31 - 2014-08-25 02:09 - 01645379 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 13:31 - 2014-08-24 18:12 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Skype
2014-11-14 13:29 - 2014-08-27 11:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-11-14 13:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 13:26 - 2014-08-24 17:26 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-11-14 13:25 - 2014-10-02 21:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-11-14 13:25 - 2014-10-01 15:49 - 00000000 ____D () C:\Program Files\Common Files\Thraex Software
2014-11-14 13:25 - 2014-09-30 19:39 - 00000000 ____D () C:\Program Files\Windows Live
2014-11-14 13:25 - 2014-09-09 14:33 - 00000000 ____D () C:\Program Files\AC3Filter
2014-11-14 13:25 - 2014-09-05 10:13 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-14 13:25 - 2014-08-25 18:11 - 00000000 ____D () C:\Program Files\Common Files\Look312P
2014-11-14 13:25 - 2014-08-25 12:34 - 00000000 ____D () C:\Program Files\Common Files\Gretech Corporation
2014-11-14 13:25 - 2014-08-24 17:36 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-11-14 13:25 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-11-14 13:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-14 13:24 - 2014-10-01 15:49 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DP Animation Maker
2014-11-14 13:24 - 2014-09-30 19:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-14 13:24 - 2014-09-30 17:39 - 00000000 ____D () C:\Program Files\DP Animation Maker
2014-11-14 13:24 - 2014-09-21 16:40 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
2014-11-14 13:24 - 2014-09-21 11:54 - 00000000 ___RD () C:\Program Files\Skype
2014-11-14 13:24 - 2014-09-21 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-14 13:24 - 2014-09-16 13:09 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\AC3Filter
2014-11-14 13:24 - 2014-09-09 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2014-11-14 13:24 - 2014-09-08 16:20 - 00000000 ____D () C:\Program Files\LG PC Suite II
2014-11-14 13:24 - 2014-09-08 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qloud Server
2014-11-14 13:24 - 2014-09-08 12:50 - 00000000 ____D () C:\Program Files\Qloud Server
2014-11-14 13:24 - 2014-09-04 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2014-11-14 13:24 - 2014-09-04 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-11-14 13:24 - 2014-08-25 18:11 - 00000000 ____D () C:\Windows\Album
2014-11-14 13:24 - 2014-08-25 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Look 312P
2014-11-14 13:24 - 2014-08-25 18:11 - 00000000 ____D () C:\Program Files\Look 312P
2014-11-14 13:24 - 2014-08-25 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-14 13:24 - 2014-08-25 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2014-11-14 13:24 - 2014-08-24 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-11-14 13:24 - 2014-08-24 20:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 13:24 - 2014-08-24 19:28 - 00000000 ___SD () C:\Users\dacho\Box Sync
2014-11-14 13:24 - 2014-08-24 19:27 - 00000000 ____D () C:\Users\dacho\AppData\Local\Box Sync
2014-11-14 13:24 - 2014-08-24 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2014-11-14 13:24 - 2014-08-24 18:28 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-14 13:24 - 2014-08-24 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-11-14 13:24 - 2014-08-24 18:23 - 00000000 ____D () C:\Program Files\Speccy
2014-11-14 13:24 - 2014-08-24 18:18 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-11-14 13:24 - 2014-08-24 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-14 13:24 - 2014-08-24 17:48 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-14 13:24 - 2014-08-24 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-14 13:24 - 2014-08-24 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2014-11-14 13:24 - 2014-08-24 17:48 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-14 13:24 - 2014-08-24 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-14 13:24 - 2014-08-24 17:37 - 00000000 ____D () C:\ProgramData\Skype
2014-11-14 13:24 - 2014-08-24 17:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-14 13:24 - 2014-08-24 17:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-14 13:24 - 2014-08-24 17:13 - 00000000 ___RD () C:\Users\dacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 13:24 - 2014-08-24 17:13 - 00000000 ___RD () C:\Users\dacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 13:24 - 2014-08-24 17:13 - 00000000 ____D () C:\Users\dacho
2014-11-14 13:24 - 2011-04-12 03:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-14 13:24 - 2011-04-12 03:24 - 00000000 ____D () C:\Windows\ShellNew
2014-11-14 13:24 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-14 13:24 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2014-11-14 13:24 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-11-14 13:24 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\spool
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ias
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2014-11-14 13:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-11-14 13:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-11-13 20:29 - 2014-09-15 13:47 - 00000000 ____D () C:\Users\dacho\AppData\Local\CrashDumps
2014-11-13 16:21 - 2014-08-24 17:46 - 00069576 _____ () C:\Users\dacho\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 16:21 - 2009-07-14 05:33 - 00304848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 21:21 - 2014-08-27 09:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 21:18 - 2014-08-27 09:27 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 17:36 - 2014-08-24 18:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 17:36 - 2014-08-24 18:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 17:53 - 2014-08-24 21:02 - 00000000 ___HD () C:\KMSEMUTEMP
2014-11-11 16:04 - 2010-11-20 22:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 23:22 - 2014-10-01 17:24 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\NVIDIA
2014-11-09 23:14 - 2014-08-24 18:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-09 14:03 - 2014-09-12 17:03 - 00000000 ____D () C:\Users\dacho\AppData\Local\Deployment
2014-11-09 13:33 - 2014-08-24 17:13 - 00000000 ____D () C:\Users\dacho\AppData\Local\VirtualStore
2014-11-09 13:06 - 2014-09-30 19:35 - 00000000 ____D () C:\Users\dacho\AppData\Local\Windows Live
2014-11-08 14:26 - 2014-08-24 17:34 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-08 14:26 - 2014-08-24 17:13 - 00001457 _____ () C:\Users\dacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-06 12:55 - 2014-08-24 19:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-05 19:30 - 2014-09-04 11:20 - 00000000 ____D () C:\Users\dacho\AppData\Local\TechSmith
2014-11-05 19:30 - 2014-09-04 11:20 - 00000000 ____D () C:\Program Files\TechSmith
2014-11-04 19:47 - 2014-09-29 12:30 - 00000000 ____D () C:\Users\dacho\Documents\LG Electronics
2014-11-04 19:42 - 2014-09-08 16:20 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\LG Electronics
2014-11-04 19:25 - 2014-08-24 18:18 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-11-03 13:34 - 2014-08-24 19:27 - 00000000 ____D () C:\Program Files\Box
2014-10-28 06:35 - 2014-08-24 17:40 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 14:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-10-20 13:52 - 2014-09-13 12:01 - 00000000 ____D () C:\Users\dacho\AppData\Local\Adobe
2014-10-17 13:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-15 12:53 - 2014-09-20 18:15 - 00000000 ____D () C:\Users\dacho\AppData\Roaming\Dropbox

Some content of TEMP:
====================
C:\Users\dacho\AppData\Local\Temp\ShellHook.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 12:30

==================== End Of Log ============================

Addition.txt :




mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bitable.com/
CHR Extension: (GoSavve) - C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\faigimllchebknoimjdjepgfgmmahlon [2014-09-28]
CHR Extension: (PhotoMania) - C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj [2014-09-28]
Task: {6F4D0F03-B1B2-4625-A263-371F6911FD60} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {FBC71122-964F-40B0-B1D1-AB31670A9C41} - System32\Tasks\UpdaterEX => C:\Users\dacho\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\dacho\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files\MyPC Backup
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum




Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Rekao bih da je problem rijesen, a prilazem i logove onako kako ste trazili od mene nakon sto sam odradio potrebno.
Fixlog.txt :


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-11-2014 01
Ran by dacho at 2014-11-14 16:35:10 Run:2
Running from C:\Users\dacho\Desktop
Loaded Profile: dacho (Available profiles: dacho)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = bitable.com/
CHR Extension: (GoSavve) - C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\faigimllchebknoimjdjepgfgmmahlon [2014-09-28]
CHR Extension: (PhotoMania) - C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj [2014-09-28]
Task: {6F4D0F03-B1B2-4625-A263-371F6911FD60} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {FBC71122-964F-40B0-B1D1-AB31670A9C41} - System32\Tasks\UpdaterEX => C:\Users\dacho\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\dacho\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files\MyPC Backup
EmptyTemp:
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\faigimllchebknoimjdjepgfgmmahlon directory not found.
C:\Users\dacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F4D0F03-B1B2-4625-A263-371F6911FD60}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBC71122-964F-40B0-B1D1-AB31670A9C41}" => Key not found.
C:\Windows\System32\Tasks\UpdaterEX not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key not found.
C:\Windows\Tasks\UpdaterEX.job not found.
"C:\Program Files\MyPC Backup" => File/Directory not found.
EmptyTemp: => Removed 18.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



mycity.rs/must-login.png

• 1Ovo se svidja korisniku: vujnovic davor
  
  Registruj se da bi pohvalio/la poruku!

Korak 1

Preuzmi Junkware Removal Tool (JRT) i sačuvaj ga na Desktop.

Zatvori browser i ostale pokrenute programe

Privremeno deaktiviraj zaštitni softver (Uputstvo);

Dvoklikom na ikonicu () pokreni program JRT;

Kod obavještenja "Press any key" pritisnuti bilo koji taster i alat ce započeti skeniranje.
Napomena: u ovisnosti od hardvera račuanra vreme skeniranja u nekim slučajevima moze da potraje.

Kada završi otvorice se Notepad sa izvještajem koji ce biti sačuvan na Desktopu pod nazivom JRT.txt

Kopiraj sadržaj tog loga u temu.



Korak 2

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

JRT log :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Ultimate x86
Ran by dacho on Sat 11/15/2014 at 14:18:27.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update clearthink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util clearthink



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/15/2014 at 14:21:06.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

zoek-results :

Zoek.exe v5.0.0.0 Updated 14-November-2014
Tool run by dacho on Sat 11/15/2014 at 14:31:14.00.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dacho\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-15-132849.log 39799 bytes

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Box\Box for Office\UpgradeService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Users\dacho\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Unchecky\bin\unchecky_svc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Unchecky\bin\unchecky_bg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\dacho\Desktop\zoek.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs

==== Services(whitelist) ======================
Powered by E Dev

R2 - [Box for Office Upgrade Service] - Box for Office Upgrade Service - c:\program files\box\box for office\upgradeservice.exe
R2 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe
R2 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe
R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files\nvidia corporation\netservice\nvnetworkservice.exe
R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files\cyberlink\shared files\richvideo.exe
R2 - [TeamViewer9] - TeamViewer 9 - c:\program files\teamviewer\version9\teamviewer_service.exe
R2 - [Unchecky] - Unchecky - c:\program files\unchecky\bin\unchecky_svc.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [BoxSyncUpdateService] - Box Sync Update Service - c:\program files\box\box sync\syncupdaterservice.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [intelide] - intelide - C:\Windows\system32\Drivers\intelide.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-11-10 18:54:18 9D47397D58EA49F48E359F50E8DF6F8B 11 ----a-r- C:\Windows\amunres.lsl
2014-10-24 17:44:51 04810EC57CBBDD1F047C8217B9F6C092 118845 ----a-w- C:\Windows\Flurry.scr
====== C:\Users\dacho\AppData\Local\Temp ====
2014-11-15 13:18:03 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\libiconv2.dll
2014-11-15 13:18:03 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\libintl3.dll
2014-11-15 13:18:03 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\pcre3.dll
2014-11-15 13:18:03 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\regex2.dll
2014-11-15 13:18:03 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\dacho\AppData\Local\Temp\sqlite3.dll
2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\dacho\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2014-11-12 13:52:46 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 13:52:43 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\System32\IMJP10K.DLL
2014-11-12 13:52:40 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 13:52:35 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\System32\msxml3.dll
2014-11-12 13:52:34 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\System32\AudioEng.dll
2014-11-12 13:52:34 F4157B3CECF19B1C266C83AFF051C97A 475136 ----a-w- C:\Windows\System32\audiosrv.dll
2014-11-12 13:52:34 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\System32\AudioSes.dll
2014-11-12 13:52:34 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-11-12 13:52:34 639B0199F4D995CD63D7328799A92B57 275968 ----a-w- C:\Windows\System32\EncDump.dll
2014-11-12 13:52:34 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-11-12 13:52:32 BC322704472B89D2C48C9B525FE7AD90 302592 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-12 13:52:32 B1C9CACC1E667E4C6FC0AFC15474035C 203776 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-12 13:52:32 AB6F34F32648142224856F2159FF08BA 254464 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-12 13:52:29 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\System32\ncrypt.dll
2014-11-12 13:52:29 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\System32\schannel.dll
2014-11-12 13:52:29 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-12 13:52:28 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\System32\msv1_0.dll
2014-11-12 13:52:28 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\System32\TSpkg.dll
2014-11-12 13:52:28 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\System32\credssp.dll
2014-11-12 13:52:28 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\System32\wdigest.dll
2014-11-12 13:52:23 F6AF80581A85F657CFCD8ADC7ED0B3DA 2379264 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 13:52:19 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 13:52:16 FCFD4F50419B4BC72E80066DA10D2E54 523776 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-12 13:52:16 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-12 13:52:16 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-12 13:52:16 1D4B52E5F3FD3875A5B3B6296F2BEB11 1059840 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-12 13:52:06 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 13:52:06 7760760CDC8BC42644A8F641BD64E496 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-12 13:52:06 6E0CFB5D1EF8A193A77364BE460A621E 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 13:52:06 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-12 13:52:05 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\Windows\System32\iedkcs32.dll
2014-11-12 13:52:05 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\Windows\System32\iernonce.dll
2014-11-12 13:52:05 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-12 13:52:05 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\Windows\System32\jsproxy.dll
2014-11-12 13:52:05 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-12 13:52:05 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- C:\Windows\System32\urlmon.dll
2014-11-12 13:52:05 17AF9A2CB9971C95245754BD5F8BC79C 683008 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-11-12 13:52:04 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-11-12 13:52:04 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-11-12 13:52:04 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-12 13:52:04 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\Windows\System32\msfeeds.dll
2014-11-12 13:52:03 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-12 13:52:03 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-12 13:52:03 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\Windows\System32\msrating.dll
2014-11-12 13:52:02 E31840C3603948EDE6D9F97C617E8E0A 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 13:52:02 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- C:\Windows\System32\wininet.dll
2014-11-12 13:52:01 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\Windows\System32\ieui.dll
2014-11-12 13:52:01 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\Windows\System32\dxtrans.dll
2014-11-12 13:52:00 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\Windows\System32\mshtmled.dll
2014-11-12 13:52:00 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\Windows\System32\ieframe.dll
2014-11-12 13:51:59 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-12 13:51:59 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-12 13:51:58 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\Windows\System32\iertutil.dll
2014-11-12 13:51:57 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\Windows\System32\mshtml.dll
2014-11-12 13:51:56 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-12 13:51:56 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-04 19:32:46 75082DE90A9DBA907B5313E7E81AB006 419240 ----a-w- C:\Windows\System32\Vsflex7L.ocx
2014-11-04 19:32:46 6B07B1A3CB4B2FAA66C889D7748C03F3 630784 ----a-w- C:\Windows\System32\vsflex8u.ocx
2014-11-04 19:32:46 63B955051316807539B8A5B7C013F4E0 1164728 ----a-w- C:\Windows\System32\NMSDVDXU.dll
2014-11-04 19:32:46 06EE7BB3C681B9FA8AF4280A154EE133 244416 ----a-w- C:\Windows\System32\Msflxgrd.ocx
====== C:\Windows\system32\drivers =====
2014-11-12 13:52:16 1E1845606C5A4579F7F3D95796CC1ED1 136632 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-04 19:33:48 AB1D28B55E176A7CF3900A169F5B5535 20736 ----a-w- C:\Windows\System32\drivers\lgusbdiag.sys
2014-11-04 19:33:48 4C1055E459C024FB517D559CF70BA322 24832 ----a-w- C:\Windows\System32\drivers\lgusbmodem.sys
2014-11-04 19:33:48 1C6FC7DA5FC05E0F10F527C83FCCFF7A 13056 ----a-w- C:\Windows\System32\drivers\lgusbbus.sys
====== C:\Windows\Tasks ======
2014-11-04 19:21:36 6E8631536C6294D17C16DDF2975ADFD6 3118 ----a-w- C:\Windows\system32\Tasks\{D9393D00-3E77-401B-8650-CDCA49630768}
2014-11-04 18:43:50 4B559AB4CF54C4C7B98FDEC3887CE744 3296 ----a-w- C:\Windows\system32\Tasks\{686BF255-F06D-4E55-B2A6-B4E7489B616F}
2014-11-04 17:32:28 0284966020CE31808EADE19C44EC9369 3406 ----a-w- C:\Windows\system32\Tasks\{CA1EDFF9-432D-4469-86BB-6911086E9384}
2014-11-04 15:38:43 39C0E8706C20A8120B893C43A811AD0B 3808 ----a-w- C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1415115521
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-09 22:13:03 -------- d-----w- C:\Program Files\QuickTime
2014-11-09 22:12:37 -------- d-----w- C:\Program Files\Common Files\Apple
2014-11-09 22:12:24 -------- d-----w- C:\Program Files\Apple Software Update
2014-11-09 22:07:56 -------- d-----w- C:\Program Files\CyberLink
2014-11-08 15:43:47 -------- d-----w- C:\Program Files\Audiggle
2014-11-07 20:33:37 -------- d-----w- C:\Program Files\NirSoft
2014-11-04 18:42:37 -------- d-----w- C:\Program Files\LG Electronics
2014-11-04 15:38:41 -------- d-----w- C:\Program Files\Opera
2014-10-24 17:44:26 -------- d-----w- C:\Program Files\UX Pack
2014-10-23 18:30:24 -------- d-----w- C:\Program Files\FastCopy
2014-10-21 14:41:33 -------- d-----w- C:\Program Files\TeamViewer
======= C: =====
2014-11-04 16:58:56 27EFCE07FB6AA4BCF4D39E109C608AB4 40555 ----a-w- C:\V041114_17.370001.3gp
====== C:\Users\dacho\AppData\Roaming ======
2014-11-10 12:18:47 -------- d-----w- C:\Users\dacho\AppData\Roaming\Apple Computer
2014-11-09 22:24:03 -------- d-----w- C:\Users\dacho\AppData\Local\ElevatedDiagnostics
2014-11-09 22:16:09 -------- d-----w- C:\Users\dacho\AppData\Roaming\CyberLink
2014-11-09 22:12:27 -------- d-----w- C:\Users\dacho\AppData\Local\Apple
2014-11-09 22:12:00 -------- d-----w- C:\Users\dacho\AppData\Locallow\Apple Computer
2014-11-08 15:49:06 -------- d-----w- C:\Users\dacho\AppData\Local\Audiggle_LTD
2014-11-07 20:33:37 -------- d-----w- C:\Users\dacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2014-11-04 19:31:27 -------- d-----w- C:\Users\dacho\AppData\Roaming\InstallShield
2014-11-04 15:38:50 -------- d-----w- C:\Users\dacho\AppData\Roaming\Opera Software
2014-11-04 15:38:50 -------- d-----w- C:\Users\dacho\AppData\Local\Opera Software
2014-11-03 12:37:55 -------- d-----w- C:\Users\dacho\AppData\Local\Box
2014-10-24 18:26:38 FE312C1FBD348D5A1F7D6F7469742787 154184 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2014-10-23 18:30:26 -------- d-----w- C:\Users\dacho\AppData\Roaming\FastCopy
2014-10-21 14:55:03 -------- d-----w- C:\Users\dacho\AppData\Roaming\TeamViewer
====== C:\Users\dacho ======
2014-11-15 13:07:35 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\dacho\Desktop\JRT.exe
2014-11-11 15:20:07 -------- d-----w- C:\ProgramData\Sophos
2014-11-09 22:22:54 -------- d-----w- C:\Users\Public\CyberLink
2014-11-09 22:14:22 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-09 22:13:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-09 22:13:03 -------- d-----w- C:\ProgramData\Apple Computer
2014-11-09 22:12:24 -------- d-----w- C:\ProgramData\Apple
2014-11-09 22:11:40 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2014-11-09 22:07:32 -------- d-----w- C:\ProgramData\CyberLink
2014-11-09 22:07:31 -------- d-----w- C:\ProgramData\Temp
2014-11-09 22:07:27 -------- d-----w- C:\ProgramData\install_clap
2014-11-04 19:32:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite II
2014-10-24 18:24:33 -------- d-----w- C:\ProgramData\ReviverSoft

====== C: exe-files ==
2014-11-15 13:18:03 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-11-15 13:07:35 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\dacho\Desktop\JRT.exe
2014-11-13 18:20:18 FF014FC26936DDB5FED71323C8C8B602 4375312 ----a-w- C:\Users\dacho\AppData\Local\NVIDIA\NvBackend\Packages\000067c0\DAO.19053070.exe
2014-11-12 18:19:14 C7A570A5106B2CCC01CAB56AB3F040EC 4375312 ----a-w- C:\Users\dacho\AppData\Local\NVIDIA\NvBackend\Packages\000067b0\DAO.19048896.exe
2014-11-12 13:52:43 7EEB4D2A17421D337F970FB5C3B24410 106496 ----a-w- C:\Windows\System32\IME\IMEJP10\imjpuexc.exe
2014-11-12 13:52:32 94972E1B98CA7277C41CD3579509C014 138912 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-11-12 13:52:32 5EDB363A2B6FC9899116656337F84463 42664 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-11-12 13:52:06 7760760CDC8BC42644A8F641BD64E496 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-12 13:52:06 6E0CFB5D1EF8A193A77364BE460A621E 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 13:52:05 B569522A58F9B53B20D16516D26E0DD8 221184 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-11-12 13:52:05 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-12 13:52:05 17AF9A2CB9971C95245754BD5F8BC79C 683008 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-11-12 13:52:03 B5724D61C7CB3FC9BACD9F8E58A77A03 468992 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-11-12 13:52:03 591C6FD1541BAFAEEE82B1F5831C8532 815280 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-11-11 18:18:25 8A1DD5CC35B493EDF8DF77C661C440CA 4375304 ----a-w- C:\Users\dacho\AppData\Local\NVIDIA\NvBackend\Packages\000067a4\DAO.19048376.exe
2014-11-10 18:16:57 151C2351A1952F866CB1A6CD2F1D3F00 4356720 ----a-w- C:\Users\dacho\AppData\Local\NVIDIA\NvBackend\Packages\0000678a\DAO.19045343.exe
2014-11-09 22:14:22 36D756C6A401D4105BBB174604E9CBD9 320472 ----a-w- C:\Program Files\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe
2014-11-09 22:14:22 36D756C6A401D4105BBB174604E9CBD9 320472 ------w- C:\ProgramData\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe
2014-11-09 22:14:14 D4218978B106A25DF03067B768D356CF 392456 ----a-w- C:\Program Files\CyberLink\WaveEditor\BigBang\CLUpdater.exe
2014-11-09 22:14:14 A01FB0B0C58319FB350A53EDAA947D36 222504 ----a-w- C:\Program Files\CyberLink\WaveEditor\MUITransfer\MUIStartMenu.exe
2014-11-09 22:14:14 7671EF9C685596187E091AEAA0991A5D 1008392 ----a-w- C:\Program Files\CyberLink\WaveEditor\WaveEditor.exe
2014-11-09 22:14:04 05E7F12C5CC788CE4A3ABB65E174CC47 42280 ----a-w- C:\ProgramData\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
2014-11-09 22:14:02 A51D90F2F9394F5EA0A3ACAE3BD2B219 163840 ------w- C:\Program Files\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\7z.exe
2014-11-09 22:13:52 E64ED912AB796C541A44843C44A86225 45584 ------w- C:\Program Files\CyberLink\Shared files\richvideoinstall.exe
2014-11-09 22:13:52 9C675492B635CC1756AE4EAB3937552A 254552 ------w- C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-11-09 22:13:52 3056C63A30364FB38AE18FC99E364BE1 41488 ------w- C:\Program Files\CyberLink\Shared files\richvideouninstall.exe
2014-11-09 22:11:51 07DA4C9BC2D66D9671D58F3B2FE9F7D9 74136 ------w- C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\UninstallVideoEssentials3BundleForPDR12.exe
2014-11-09 22:11:47 644F8049DB4AEDD517CF1465043150FF 74139 ------w- C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\UninstallVideoEssentials2BundleForPDR12.exe
2014-11-09 22:11:44 7EDA8482567192CAC1DE9D20B5D17EEF 74123 ------w- C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\UninstallVideoEssentialsBundleForPDR12.exe
2014-11-09 22:11:10 6DC004EB84B41A9A8F02B6FB5FA5CAB0 982792 ------w- C:\Program Files\CyberLink\Shared files\EffectExtractor.exe
2014-11-09 22:11:08 BC7D47B78E8DB6955E3C48C285E5D659 320472 ----a-w- C:\Program Files\InstallShield Installation Information\{E1646825-D391-42A0-93AA-27FA810DA093}\Setup.exe
2014-11-09 22:11:08 BC7D47B78E8DB6955E3C48C285E5D659 320472 ------w- C:\ProgramData\Temp\{E1646825-D391-42A0-93AA-27FA810DA093}\Setup.exe
2014-11-09 22:09:26 D5960B7AAC2138FF1F5416CA230AE0B0 225032 ----a-w- C:\Program Files\CyberLink\PowerDirector12\MUITransfer\MUIStartMenu.exe
2014-11-09 22:09:26 D257CBE35C269209DFF8DD76543FAED2 179976 ----a-w- C:\Program Files\CyberLink\PowerDirector12\OLRSubmission\OLRSubmission.exe
2014-11-09 22:09:26 9B6DC1B00335E30C2D2AB5E0C03F15C4 106248 ----a-w- C:\Program Files\CyberLink\PowerDirector12\OLRSubmission\OLRStateCheck.exe
2014-11-09 22:09:26 7B9F6CC94C4987AFDCF17FD974B0190D 438536 ----a-w- C:\Program Files\CyberLink\PowerDirector12\MUITransfer\MUIStartMenuX64.exe
2014-11-09 22:07:31 05E7F12C5CC788CE4A3ABB65E174CC47 42280 ----a-w- C:\ProgramData\Temp\{E1646825-D391-42A0-93AA-27FA810DA093}\PostBuild.exe
2014-11-09 22:07:29 A51D90F2F9394F5EA0A3ACAE3BD2B219 163840 ------w- C:\Program Files\InstallShield Installation Information\{E1646825-D391-42A0-93AA-27FA810DA093}\7z.exe
2014-11-08 15:43:47 288D0757B8909C8D66D4958C22A00BEA 688128 ----a-w- C:\Program Files\Audiggle\Audiggle.exe
=== C: other files ==
2014-11-15 13:18:02 FB39370AD0B39DB5BBC0BDEC20A077D2 10452 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\runvalues.bat
2014-11-15 13:18:02 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\prelim.bat
2014-11-15 13:18:02 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\TDL4.bat
2014-11-15 13:18:02 D74254972B01EDE311F554F11AEBD61F 14957 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\get.bat
2014-11-15 13:18:02 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\medfos.bat
2014-11-15 13:18:02 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\surfvox.bat
2014-11-15 13:18:02 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\searchlnk.bat
2014-11-15 13:18:02 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\firefox.bat
2014-11-15 13:18:02 842342D73FA6112A895093D257C36D63 187592 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\misc.bat
2014-11-15 13:18:02 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\ev_clear.bat
2014-11-15 13:18:02 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\mws.bat
2014-11-15 13:18:02 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\ask.bat
2014-11-15 13:18:02 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\iexplore.bat
2014-11-15 13:18:02 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\delfolders.bat
2014-11-15 13:18:02 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\dacho\AppData\Local\Temp\jrt\chrome.bat
2014-11-14 20:21:50 0C4F8F0DB33CE0EFCC6B7BFAE0B212D7 3869606 ----a-w- C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420\extensions\firefox@mega.co.nz.xpi
2014-11-14 17:20:53 A1B1BC6A14B437C82AC830116979E9F6 979699 ----a-w- C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2014-11-14 17:20:44 A1B1BC6A14B437C82AC830116979E9F6 979699 ----a-w- C:\Users\dacho\AppData\Local\Temp\tmp-hrf.xpi
2014-11-14 17:09:39 EA61070CB9FDBE3F820DA73CC1A2843F 197329 ----a-w- C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
2014-11-14 17:09:37 EA61070CB9FDBE3F820DA73CC1A2843F 197329 ----a-w- C:\Users\dacho\AppData\Local\Temp\tmp-7bd.xpi
2014-11-14 12:51:13 FE280177B3EDD9D162D5AFAC4C0028E6 2099358 ----a-r- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\Tangerinefox@haven667.xpi
2014-11-14 12:51:13 EA61070CB9FDBE3F820DA73CC1A2843F 197329 ----a-w- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
2014-11-14 12:51:13 A1B1BC6A14B437C82AC830116979E9F6 979699 ----a-w- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2014-11-14 12:51:13 88BEE30BE2D19634B8DE83069DDFE68B 9139 ----a-w- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\info@youtube-mp3.org.xpi
2014-11-14 12:51:13 82DC0662F3DB33AEDD9C3538E46C4C99 27481 ----a-r- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\tangerinefox-pdf.js@haven667.xpi
2014-11-14 12:51:13 7E83D5F822AA0F894B5FA0CC5D7AC9D7 1493384 ----a-r- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
2014-11-14 12:51:13 7BFA84925D1A2E89D77C476BF3B0AED5 23452 ----a-r- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\tangerinefox-abouthome@haven667.xpi
2014-11-14 12:51:13 634614B6461833174A1349EFA057824B 88730 ----a-r- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\Noia4Options@ArisT2.xpi
2014-11-14 12:51:13 0C4F8F0DB33CE0EFCC6B7BFAE0B212D7 3869606 ----a-w- C:\Users\dacho\Documents\Old Firefox Data\pkz9fbsf.default\extensions\firefox@mega.co.nz.xpi
2014-11-12 13:52:23 F6AF80581A85F657CFCD8ADC7ED0B3DA 2379264 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 13:52:16 1E1845606C5A4579F7F3D95796CC1ED1 136632 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-09 22:11:21 7EE31A35E2509DA652E4FA4DAF14D08A 3156036 ------w- C:\Program Files\CyberLink\Shared files\InteropPalette\2.0\x64\python27.zip
2014-11-09 22:11:19 7EE31A35E2509DA652E4FA4DAF14D08A 3156036 ------w- C:\Program Files\CyberLink\Shared files\InteropPalette\2.0\x86\python27.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-627342324-2705115303-4245852246-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\dacho\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\dacho\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BoxSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BoxSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Box\\Box Sync\\BoxSync.exe\" -m"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverScanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DriverScanner"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Uniblue\\DriverScanner\\launcher.exe\" delay 20000 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SyncManPath]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SyncManPath"
"hkey"="HKCU"
"command"="\"C:\\Users\\dacho\\AppData\\Roaming\\Yandex\\YandexDisk\\YandexDisk.exe\" -autostart"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2014 05:36 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\Opera scheduled Autoupdate 1415115521" [C:\Program Files\Opera\launcher.exe]
"C:\Windows\system32\tasks\{0A493F5F-FAB4-48DA-9F2D-CFDBE5D1CA35}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\Windows\system32\tasks\{9D6158B1-757B-4693-8F2F-05CD0CAA2F3F}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420
- MEGA - %ProfilePath%\extensions\firefox@mega.co.nz.xpi
- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\pkz9fbsf.default
- Noia-4 temahanterare - %ProfilePath%\extensions\Noia4Options@ArisT2.xpi
- Tangerinefox about:home - %ProfilePath%\extensions\tangerinefox-abouthome@haven667.xpi
- Tangerinefox PDF.js - %ProfilePath%\extensions\tangerinefox-pdf.js@haven667.xpi
- Tangerinefox - %ProfilePath%\extensions\Tangerinefox@haven667.xpi
- Noia 4 - %ProfilePath%\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420
67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash
EEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
1153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
9E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
BD0E2F48B3E72BA665E2D90F45F576E1 - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll - Foxit PhantomPDF Plugin for Mozilla


==== Chromium Look ======================

PhotoMania - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj
PhotoMania - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj
GoSavve - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\faigimllchebknoimjdjepgfgmmahlon
PhotoMania - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj
PhotoMania - dacho\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj
GoSavve - dacho\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\faigimllchebknoimjdjepgfgmmahlon
PhotoMania - dacho\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj
PhotoMania - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj
PhotoMania - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj
GoSavve - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\faigimllchebknoimjdjepgfgmmahlon
PhotoMania - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj
Gmail Notifier - dacho\AppData\Roaming\Opera Software\Opera Stable\Extensions\locmldbgfijjdphdbnjkggllhlcdngam
Last updated at time on date - dacho\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Sat 11/15/2014 at 14:34:46.56 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

ohodmcahedcphoipgooelhjcfahodhcj;chr
faigimllchebknoimjdjepgfgmmahlon;chr
oidhhegpmlfpoeialbgcdocjalghfpkp;chr
emtpyclsid;
emtyalltemp;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradjeno

Zoek.exe v5.0.0.0 Updated 15-November-2014
Tool run by dacho on Sat 11/15/2014 at 17:18:11.90.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dacho\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-15-132849.log 39799 bytes
C:\zoek-results2014-11-15-133446.log 39708 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\dacho\AppData\Roaming\WB.CFG deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420\extensions\firefox@mega.co.nz.xpi deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420
- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\pkz9fbsf.default
- Noia-4 temahanterare - %ProfilePath%\extensions\Noia4Options@ArisT2.xpi
- Tangerinefox about:home - %ProfilePath%\extensions\tangerinefox-abouthome@haven667.xpi
- Tangerinefox PDF.js - %ProfilePath%\extensions\tangerinefox-pdf.js@haven667.xpi
- Tangerinefox - %ProfilePath%\extensions\Tangerinefox@haven667.xpi
- Noia 4 - %ProfilePath%\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\dacho\AppData\Roaming\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420
67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash
EEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
1153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
9E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
BD0E2F48B3E72BA665E2D90F45F576E1 - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll - Foxit PhantomPDF Plugin for Mozilla


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\dacho\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\dacho\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\dacho\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Gmail Notifier - dacho\AppData\Roaming\Opera Software\Opera Stable\Extensions\locmldbgfijjdphdbnjkggllhlcdngam
Last updated at time on date - dacho\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp

==== Chromium Fix ======================

C:\Users\dacho\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp deleted successfully
C:\Users\dacho\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_oidhhegpmlfpoeialbgcdocjalghfpkp_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dacho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\096XT8KY will be deleted at reboot
C:\Users\dacho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T4N98UH will be deleted at reboot
C:\Users\dacho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCFQ7QET will be deleted at reboot
C:\Users\dacho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEKZP8P1 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\dacho\AppData\Local\Mozilla\Firefox\Profiles\9tah1vb1.default-1415969463420\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\dacho\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=210 folders=66 6400531 bytes)

==== Empty Temp Folders ======================

C:\Users\dacho\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\dacho\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\dacho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\096XT8KY" not found
"C:\Users\dacho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T4N98UH" not found
"C:\Users\dacho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCFQ7QET" not found
"C:\Users\dacho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEKZP8P1" not found

==== EOF on Sat 11/15/2014 at 17:33:41.98 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Adware bi sada trebao biti u poptunosti očišćen. Obavićemo još ARK provjeru.

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mbar-log :

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
malwarebytes.org

Database version: v2014.11.15.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17420
dacho :: DACHO-PC [administrator]

11/15/2014 6:30:05 PM
mbar-log-2014-11-15 (18-30-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 313569
Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


system-log :


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To bi bilo to.




• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.





Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v3.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield



Pozdrav.