MyCity » Ambulanta -> Arhiva Ambulante » sistem pun virusa

sistem pun virusa

Napisano na dan: 28.11.2014

Strana:
1
2

sistem pun virusa

Sledeća strana

Pagination

Odgovori

Strana:
1
2

mawi medo Poslao: 28 Nov 2014 22:18 Idi na vrh
offline mawi medo Građanin Pridružio: 10 Avg 2010 Poruke: 48	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Sve je puno virusa i svega i svacega. Racunar je dosta usporen, avast stalno prijavljuje neke viruse. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01 Ran by Zeljko (administrator) on PC on 28-11-2014 22:12:07 Running from C:\Users\Zeljko\Desktop Loaded Profile: Zeljko (Available profiles: Zeljko) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (http://www.tinydm.com/) C:\Users\Zeljko\AppData\Local\DM\TinyDM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Zeljko\AppData\Local\Temp\Install_12726\ytd.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11788392 2011-04-08] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2478888 2010-11-19] (Synaptics Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [Tiny download manager] => C:\Users\Zeljko\AppData\Local\DM\TinyDM.exe [289752 2014-08-16] (http://www.tinydm.com/) HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1416\jsdrv.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [Viber] => C:\Users\Zeljko\AppData\Local\Viber\Viber.exe [936656 2014-09-02] () HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: E - E:\Autorun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {6d034201-df70-11e3-8840-206a8a4a3a52} - E:\setup.exe /autorun HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {7e3ac1d1-fb8a-11e1-9d34-c0f8da9edeaf} - E:\AutoRun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {996fbf3b-e4f6-11e3-9a5b-206a8a4a3a52} - J:\Startme.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {dc33db7e-5190-11e1-b735-c0f8da9edeaf} - E:\AutoRun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {dc33db8d-5190-11e1-b735-c0f8da9edeaf} - E:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Programs installed\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Programs installed\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Programs installed\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Programs installed\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Programs installed\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Start Page = istart.webssearches.com/?type=hp&ts=141.....X51KGF1ABS HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = istart.webssearches.com/?type=hp&ts=141.....X51KGF1ABS HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Search Page = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe istart.webssearches.com/?type=sc&ts=141.....X51KGF1ABS SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = default-search.net/search?sid=476&a.....=ds&p={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = default-search.net/search?sid=476&a.....=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-3475886133-273725518-3232655564-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3475886133-273725518-3232655564-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={sear SearchScopes: HKU\S-1-5-21-3475886133-273725518-3232655564-1000 -> {F7065812-FA1A-4CDC-B249-61831017CF3F} URL = search.yahoo.com/search?fr=chr-greentree_ie.....811&p={searchTerms} BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost64.dll No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programs installed\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~4\MICROS~1\Office14\URLREDIR.DLL No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~4\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~4\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3475886133-273725518-3232655564-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Zeljko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-3475886133-273725518-3232655564-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Zeljko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-09] FF HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-01-13] FF HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-01-13] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24] CHR Extension: (YouTube) - C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-09] CHR Extension: (Google Search) - C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-09] CHR Extension: (Google Wallet) - C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09] CHR Extension: (Gmail) - C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-09] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zeljko\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-11-21] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Zeljko\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-27] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-27] (globalUpdate) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 Microsoft SharePoint Workspace Audit Service; C:\Programs installed\Microsoft Office 2010\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2185528 2014-04-15] (AVG) S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-19] (Disc Soft Ltd) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-08-10] (Sony Mobile Communications) S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider) R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib) S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-28 22:12 - 2014-11-28 22:12 - 00024805 _____ () C:\Users\Zeljko\Desktop\FRST.txt 2014-11-28 22:11 - 2014-11-28 22:12 - 00000000 ____D () C:\FRST 2014-11-28 22:11 - 2014-11-28 22:11 - 02117632 _____ (Farbar) C:\Users\Zeljko\Desktop\FRST64.exe 2014-11-28 22:02 - 2014-11-28 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield 2014-11-28 22:02 - 2014-11-28 22:02 - 00000000 ____D () C:\ProgramData\MCShield 2014-11-28 22:02 - 2014-11-28 22:02 - 00000000 ____D () C:\Program Files (x86)\MCShield 2014-11-28 20:33 - 2014-11-28 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2014-11-28 20:33 - 2014-11-28 20:33 - 00000000 ____D () C:\Program Files (x86)\PhotoScape 2014-11-27 19:00 - 2014-11-27 19:00 - 00004324 _____ () C:\Windows\System32\Tasks\Installer_ytd 2014-11-27 18:42 - 2014-11-28 21:44 - 00001334 _____ () C:\Windows\Tasks\SW.job 2014-11-27 18:42 - 2014-11-27 18:42 - 01505752 _____ (Object Browser) C:\Users\Zeljko\AppData\Roaming\SW.exe 2014-11-27 18:42 - 2014-11-27 18:42 - 00004350 _____ () C:\Windows\System32\Tasks\SW 2014-11-27 18:41 - 2014-11-28 21:44 - 00001338 _____ () C:\Windows\Tasks\OXQC.job 2014-11-27 18:41 - 2014-11-28 21:44 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-11-27 18:41 - 2014-11-28 21:23 - 00000000 ____D () C:\Program Files (x86)\78cc8c96-3c43-4f14-9ddc-048dbfb4e731 2014-11-27 18:41 - 2014-11-27 18:46 - 00000958 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-11-27 18:41 - 2014-11-27 18:41 - 01831384 _____ (Object Browser) C:\Users\Zeljko\AppData\Roaming\OXQC.exe 2014-11-27 18:41 - 2014-11-27 18:41 - 00004354 _____ () C:\Windows\System32\Tasks\OXQC 2014-11-27 18:41 - 2014-11-27 18:41 - 00003956 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-11-27 18:41 - 2014-11-27 18:41 - 00003702 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-11-27 18:41 - 2014-11-27 18:41 - 00000000 ____D () C:\Users\Zeljko\AppData\Local\globalUpdate 2014-11-27 18:41 - 2014-11-27 18:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-11-27 18:39 - 2014-11-27 18:39 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro 2014-11-27 18:38 - 2014-11-27 18:38 - 00580544 _____ () C:\Users\Zeljko\Downloads\installer_adobe_flash_player_English.exe 2014-11-23 16:49 - 2014-11-23 16:49 - 00394433 _____ () C:\Users\Zeljko\Desktop\Raspored.polaganja.ispita.rar 2014-10-30 22:03 - 2014-10-30 22:03 - 00000000 ____D () C:\Users\Zeljko\AppData\Roaming\Orneon 2014-10-30 17:26 - 2014-10-30 17:26 - 00000000 ____D () C:\Users\Zeljko\Echoes of the Past - Wolf Healer Collectors Edition 2014-10-30 17:26 - 2014-10-30 17:26 - 00000000 ____D () C:\Users\Zeljko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Wolf Healer Collectors Edition 2014-10-30 17:26 - 2014-10-30 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Wolf Healer Collectors Edition ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-28 21:58 - 2009-07-14 05:45 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-28 21:58 - 2009-07-14 05:45 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-28 21:51 - 2011-07-12 11:23 - 02027747 _____ () C:\Windows\WindowsUpdate.log 2014-11-28 21:50 - 2014-05-22 22:13 - 00000000 ____D () C:\Users\Zeljko\AppData\Roaming\ViberPC 2014-11-28 21:49 - 2014-02-21 01:14 - 00000000 ____D () C:\Users\Zeljko\Desktop\slike 2014-11-28 21:49 - 2011-09-06 10:08 - 00000000 ___RD () C:\Users\Zeljko\Desktop\Games 2014-11-28 21:47 - 2014-05-22 22:12 - 00000000 ____D () C:\Users\Zeljko\AppData\Local\Viber 2014-11-28 21:47 - 2013-12-21 11:45 - 00000000 ____D () C:\Users\Zeljko\Desktop\fax 2014-11-28 21:44 - 2011-08-25 17:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-28 21:44 - 2011-07-12 11:41 - 00000000 ____D () C:\ProgramData\clear.fi 2014-11-28 21:43 - 2013-11-10 00:07 - 00084381 _____ () C:\Windows\setupact.log 2014-11-28 21:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-28 21:42 - 2014-02-17 01:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-28 21:42 - 2013-11-22 10:26 - 00051598 _____ () C:\Windows\PFRO.log 2014-11-28 21:41 - 2010-11-21 04:24 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-28 21:41 - 2010-11-21 04:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-28 21:41 - 2010-11-21 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2014-11-28 21:41 - 2010-11-21 04:24 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2014-11-28 21:41 - 2010-11-21 04:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll 2014-11-28 21:35 - 2013-11-25 21:30 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3475886133-273725518-3232655564-1000UA.job 2014-11-28 21:35 - 2013-11-25 21:30 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3475886133-273725518-3232655564-1000Core.job 2014-11-28 21:26 - 2013-11-09 05:12 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-28 21:26 - 2011-08-25 17:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-28 20:29 - 2009-07-14 06:13 - 00784308 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-28 19:39 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-11-28 15:54 - 2013-11-09 05:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-11-27 19:00 - 2011-08-25 11:18 - 00001643 _____ () C:\Users\Zeljko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-26 13:42 - 2014-02-17 01:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 13:42 - 2014-02-17 01:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-26 13:42 - 2014-02-17 01:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-25 20:49 - 2009-07-14 05:45 - 04989208 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-24 23:32 - 2011-08-25 11:11 - 00112088 _____ () C:\Users\Zeljko\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-24 22:56 - 2011-09-04 00:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-23 16:11 - 2013-12-22 20:04 - 00000000 ___HD () C:\Users\Zeljko\Desktop\.picasaoriginals 2014-11-22 19:58 - 2013-11-09 05:10 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-19 22:38 - 2013-12-11 19:03 - 00000000 ____D () C:\Users\Zeljko\Desktop\All expansion packs released after and including Generations 2014-11-18 21:55 - 2011-07-12 11:29 - 00789502 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-17 22:01 - 2011-08-25 18:20 - 00000000 ____D () C:\Users\Zeljko\AppData\Roaming\Skype 2014-11-17 21:27 - 2011-05-19 20:56 - 00000000 ____D () C:\ProgramData\Skype 2014-11-15 14:34 - 2014-07-20 21:23 - 00000000 ____D () C:\Users\Zeljko\Desktop\muzika 2014-11-14 16:20 - 2013-12-29 02:49 - 00003231 _____ () C:\Users\Zeljko\Desktop\New Text Document.txt 2014-11-13 17:21 - 2011-08-25 17:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-13 17:21 - 2011-08-25 17:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-01 15:48 - 2011-07-12 11:34 - 00000000 ____D () C:\ProgramData\Temp 2014-10-31 00:48 - 2013-12-10 20:19 - 00000000 ____D () C:\Users\Zeljko\AppData\Roaming\uTorrent 2014-10-30 23:07 - 2011-08-25 11:10 - 00000000 ____D () C:\Users\Zeljko 2014-10-30 23:07 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-30 22:02 - 2013-12-28 13:42 - 00000000 ____D () C:\BigFishCache 2014-10-29 21:32 - 2014-10-26 23:46 - 00000000 ____D () C:\Users\Zeljko\AppData\Local\Battle.net 2014-10-29 20:52 - 2014-10-26 23:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-10-29 20:52 - 2014-08-24 01:29 - 00000000 ____D () C:\Users\Zeljko\Desktop\milos filmovi Some content of TEMP: ==================== C:\Users\Zeljko\AppData\Local\Temp\5631~fspext.dll C:\Users\Zeljko\AppData\Local\Temp\6_Offer_3.exe C:\Users\Zeljko\AppData\Local\Temp\6_Offer_4.exe C:\Users\Zeljko\AppData\Local\Temp\7298~fspext.dll C:\Users\Zeljko\AppData\Local\Temp\9328~fspext.dll C:\Users\Zeljko\AppData\Local\Temp\appshat_generic.exe C:\Users\Zeljko\AppData\Local\Temp\BackupSetup.exe C:\Users\Zeljko\AppData\Local\Temp\bbchcabebbcab.exe C:\Users\Zeljko\AppData\Local\Temp\bitool.dll C:\Users\Zeljko\AppData\Local\Temp\BuenoSearch2.exe C:\Users\Zeljko\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\Zeljko\AppData\Local\Temp\Delta.exe C:\Users\Zeljko\AppData\Local\Temp\DeltaTB.exe C:\Users\Zeljko\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo2ugzt.dll C:\Users\Zeljko\AppData\Local\Temp\EBU3ED5.exe C:\Users\Zeljko\AppData\Local\Temp\EBU44FD.DLL C:\Users\Zeljko\AppData\Local\Temp\ffdshow.exe C:\Users\Zeljko\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Zeljko\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Zeljko\AppData\Local\Temp\MatroskaSplitter.exe C:\Users\Zeljko\AppData\Local\Temp\MybabylonTB.exe C:\Users\Zeljko\AppData\Local\Temp\MyRouter.exe C:\Users\Zeljko\AppData\Local\Temp\nsgC900.tmp.exe C:\Users\Zeljko\AppData\Local\Temp\safeguard.exe C:\Users\Zeljko\AppData\Local\Temp\SettingsManagerSetup.exe C:\Users\Zeljko\AppData\Local\Temp\Softonic_EN_1-5-9_EN-Production_10_CleanRelease.exe C:\Users\Zeljko\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Zeljko\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Zeljko\AppData\Local\Temp\uttA05B.tmp.exe C:\Users\Zeljko\AppData\Local\Temp\vcredist_x64.exe C:\Users\Zeljko\AppData\Local\Temp\vlc.exe C:\Users\Zeljko\AppData\Local\Temp\WSSetup.exe C:\Users\Zeljko\AppData\Local\Temp\_unps.exe C:\Users\Zeljko\AppData\Local\Temp\{CE0BC06A-1F0C-4A57-9C41-8733443F8693}-GoogleUpdateSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 21:30 ==================== End Of Log ============================ mycity.rs/must-login.png

Profil

Sass Drake Poslao: 29 Nov 2014 01:15 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe: Acer Backup Manager Acer Games Acer Registration Acer ScreenSaver AVG PC TuneUp 2014 Korak 2 Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. Start R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib) HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [Tiny download manager] => C:\Users\Zeljko\AppData\Local\DM\TinyDM.exe [289752 2014-08-16] (http://www.tinydm.com/) HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1416\jsdrv.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: E - E:\Autorun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {6d034201-df70-11e3-8840-206a8a4a3a52} - E:\setup.exe /autorun HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {7e3ac1d1-fb8a-11e1-9d34-c0f8da9edeaf} - E:\AutoRun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {996fbf3b-e4f6-11e3-9a5b-206a8a4a3a52} - J:\Startme.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {dc33db7e-5190-11e1-b735-c0f8da9edeaf} - E:\AutoRun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {dc33db8d-5190-11e1-b735-c0f8da9edeaf} - E:\AutoRun.exe IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=141.....X51KGF1ABS HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=141.....X51KGF1ABS HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=141.....X51KGF1ABS SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&a.....=ds&p={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&a.....=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-3475886133-273725518-3232655564-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost64.dll No File BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-01-13] FF HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-01-13] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zeljko\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-11-21] CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Zeljko\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-27] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-27] (globalUpdate) [File not signed] Task: {4C7C737D-156B-49D3-8AC2-4683DAB315A1} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-27] (globalUpdate) <==== ATTENTION Task: {7FBA53B1-5F17-4525-87CD-FA70F7D664B4} - System32\Tasks\SW => C:\Users\Zeljko\AppData\Roaming\SW.exe [2014-11-27] (Object Browser) <==== ATTENTION Task: {E64C11CB-988B-497B-80C5-9ECC0E364858} - System32\Tasks\OXQC => C:\Users\Zeljko\AppData\Roaming\OXQC.exe [2014-11-27] (Object Browser) <==== ATTENTION Task: {FBCE0F9F-3C7B-44EF-8525-B9BB02FAB8E0} - System32\Tasks\Installer_ytd => C:\Users\Zeljko\AppData\Local\Installer\Installytd_41\DC1AB4RN50.exe [2014-11-27] () <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\OXQC.job => C:\Users\Zeljko\AppData\Roaming\OXQC.exe <==== ATTENTION Task: C:\Windows\Tasks\SW.job => C:\Users\Zeljko\AppData\Roaming\SW.exe <==== ATTENTION AlternateDataStreams: C:\Windows:76E84FCD9283E22A AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:366B74CA AlternateDataStreams: C:\ProgramData\Temp:48897D41 AlternateDataStreams: C:\ProgramData\Temp:494E4266 AlternateDataStreams: C:\ProgramData\Temp:7934407E AlternateDataStreams: C:\ProgramData\Temp:BD84F7D6 AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2 AlternateDataStreams: C:\ProgramData\Temp:ED4272E5 cmd: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f cmd: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive" /f cmd: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tiny download manager" /f C:\Users\Zeljko\AppData\Local\DM C:\Program Files (x86)\ShopperPro C:\Program Files (x86)\Free Games 111 C:\Program Files (x86)\Linkey C:\Program Files (x86)\Pando Networks\Media Booster C:\Program Files (x86)\globalUpdate C:\Users\Zeljko\AppData\Local\CRE C:\Windows\System32\drivers\wStLib64.sys C:\Users\Public\Documents\ShopperPro C:\Users\Zeljko\AppData\Roaming\SW.exe C:\Users\Zeljko\AppData\Roaming\OXQC.exe C:\Users\Zeljko\AppData\Local\Installer\Installytd_41 C:\Program Files (x86)\Mobogenie C:\Users\Zeljko\AppData\Roaming\newnext.me C:\Users\Zeljko\AppData\Local\DM EmptyTemp: End U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt). Korak 3 Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop Dvoklikom pokreni program. u EULA prozoru klikni na I agree. Klikni na dugme Scan i sačekaj da se završi skeniranje. Klikni na dugme Clean i pričekaj da program završi. Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu. Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem. Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl" Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

Profil

mawi medo Poslao: 29 Nov 2014 14:04 Idi na vrh
offline mawi medo Građanin Pridružio: 10 Avg 2010 Poruke: 48	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01 Ran by Zeljko at 2014-11-29 13:45:54 Run:1 Running from C:\Users\Zeljko\Desktop Loaded Profile: Zeljko (Available profiles: Zeljko) Boot Mode: Normal ============================================== Content of fixlist: *************** Start R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib) HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [Tiny download manager] => C:\Users\Zeljko\AppData\Local\DM\TinyDM.exe [289752 2014-08-16] (http://www.tinydm.com/) HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1416\jsdrv.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: E - E:\Autorun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {6d034201-df70-11e3-8840-206a8a4a3a52} - E:\setup.exe /autorun HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {7e3ac1d1-fb8a-11e1-9d34-c0f8da9edeaf} - E:\AutoRun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {996fbf3b-e4f6-11e3-9a5b-206a8a4a3a52} - J:\Startme.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {dc33db7e-5190-11e1-b735-c0f8da9edeaf} - E:\AutoRun.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\MountPoints2: {dc33db8d-5190-11e1-b735-c0f8da9edeaf} - E:\AutoRun.exe IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Start Page = istart.webssearches.com/?type=hp&ts=141.....X51KGF1ABS HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = istart.webssearches.com/?type=hp&ts=141.....X51KGF1ABS HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Search Page = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = istart.webssearches.com/web/?type=ds&ts.....ABS&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe istart.webssearches.com/?type=sc&ts=141.....X51KGF1ABS SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = default-search.net/search?sid=476&a.....=ds&p={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = default-search.net/search?sid=476&a.....=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-3475886133-273725518-3232655564-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost64.dll No File BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-01-13] FF HKU\S-1-5-21-3475886133-273725518-3232655564-1000\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-01-13] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zeljko\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-11-21] CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Zeljko\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-27] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-27] (globalUpdate) [File not signed] Task: {4C7C737D-156B-49D3-8AC2-4683DAB315A1} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-27] (globalUpdate) <==== ATTENTION Task: {7FBA53B1-5F17-4525-87CD-FA70F7D664B4} - System32\Tasks\SW => C:\Users\Zeljko\AppData\Roaming\SW.exe [2014-11-27] (Object Browser) <==== ATTENTION Task: {E64C11CB-988B-497B-80C5-9ECC0E364858} - System32\Tasks\OXQC => C:\Users\Zeljko\AppData\Roaming\OXQC.exe [2014-11-27] (Object Browser) <==== ATTENTION Task: {FBCE0F9F-3C7B-44EF-8525-B9BB02FAB8E0} - System32\Tasks\Installer_ytd => C:\Users\Zeljko\AppData\Local\Installer\Installytd_41\DC1AB4RN50.exe [2014-11-27] () <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\OXQC.job => C:\Users\Zeljko\AppData\Roaming\OXQC.exe <==== ATTENTION Task: C:\Windows\Tasks\SW.job => C:\Users\Zeljko\AppData\Roaming\SW.exe <==== ATTENTION AlternateDataStreams: C:\Windows:76E84FCD9283E22A AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:366B74CA AlternateDataStreams: C:\ProgramData\Temp:48897D41 AlternateDataStreams: C:\ProgramData\Temp:494E4266 AlternateDataStreams: C:\ProgramData\Temp:7934407E AlternateDataStreams: C:\ProgramData\Temp:BD84F7D6 AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2 AlternateDataStreams: C:\ProgramData\Temp:ED4272E5 cmd: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f cmd: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive" /f cmd: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tiny download manager" /f C:\Users\Zeljko\AppData\Local\DM C:\Program Files (x86)\ShopperPro C:\Program Files (x86)\Free Games 111 C:\Program Files (x86)\Linkey C:\Program Files (x86)\Pando Networks\Media Booster C:\Program Files (x86)\globalUpdate C:\Users\Zeljko\AppData\Local\CRE C:\Windows\System32\drivers\wStLib64.sys C:\Users\Public\Documents\ShopperPro C:\Users\Zeljko\AppData\Roaming\SW.exe C:\Users\Zeljko\AppData\Roaming\OXQC.exe C:\Users\Zeljko\AppData\Local\Installer\Installytd_41 C:\Program Files (x86)\Mobogenie C:\Users\Zeljko\AppData\Roaming\newnext.me C:\Users\Zeljko\AppData\Local\DM EmptyTemp: End *************** wStLib64 => Service stopped successfully. wStLib64 => Service deleted successfully. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tiny download manager => value deleted successfully. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully. "HKU\S-1-5-21-3475886133-273725518-3232655564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3475886133-273725518-3232655564-1000" => Key not found. "HKU\S-1-5-21-3475886133-273725518-3232655564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d034201-df70-11e3-8840-206a8a4a3a52}" => Key deleted successfully. "HKCR\CLSID\{6d034201-df70-11e3-8840-206a8a4a3a52}" => Key not found. "HKU\S-1-5-21-3475886133-273725518-3232655564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e3ac1d1-fb8a-11e1-9d34-c0f8da9edeaf}" => Key deleted successfully. "HKCR\CLSID\{7e3ac1d1-fb8a-11e1-9d34-c0f8da9edeaf}" => Key not found. "HKU\S-1-5-21-3475886133-273725518-3232655564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{996fbf3b-e4f6-11e3-9a5b-206a8a4a3a52}" => Key deleted successfully. "HKCR\CLSID\{996fbf3b-e4f6-11e3-9a5b-206a8a4a3a52}" => Key not found. "HKU\S-1-5-21-3475886133-273725518-3232655564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc33db7e-5190-11e1-b735-c0f8da9edeaf}" => Key deleted successfully. "HKCR\CLSID\{dc33db7e-5190-11e1-b735-c0f8da9edeaf}" => Key not found. "HKU\S-1-5-21-3475886133-273725518-3232655564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc33db8d-5190-11e1-b735-c0f8da9edeaf}" => Key deleted successfully. "HKCR\CLSID\{dc33db8d-5190-11e1-b735-c0f8da9edeaf}" => Key not found. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45EC9F0-8333-465D-9728-074BD41985C9}" => Key deleted successfully. "HKCR\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Mozilla\Firefox\Extensions\\freegames4357@BestOffers => value deleted successfully. C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers => Moved successfully. HKU\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Mozilla\Firefox\Extensions\\speedtest4354@BestOffers => value deleted successfully. C:\Users\Zeljko\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp" => Key deleted successfully. C:\Users\Zeljko\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => Key deleted successfully. C:\Users\Zeljko\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx => Moved successfully. globalUpdate => Service deleted successfully. globalUpdatem => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C7C737D-156B-49D3-8AC2-4683DAB315A1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C7C737D-156B-49D3-8AC2-4683DAB315A1}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FBA53B1-5F17-4525-87CD-FA70F7D664B4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FBA53B1-5F17-4525-87CD-FA70F7D664B4}" => Key deleted successfully. C:\Windows\System32\Tasks\SW => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SW" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E64C11CB-988B-497B-80C5-9ECC0E364858}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E64C11CB-988B-497B-80C5-9ECC0E364858}" => Key deleted successfully. C:\Windows\System32\Tasks\OXQC => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OXQC" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBCE0F9F-3C7B-44EF-8525-B9BB02FAB8E0}" => Key not found. C:\Windows\System32\Tasks\Installer_ytd not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytd" => Key not found. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\OXQC.job => Moved successfully. C:\Windows\Tasks\SW.job => Moved successfully. C:\Windows => ":76E84FCD9283E22A" ADS removed successfully. C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully. C:\ProgramData\Temp => ":366B74CA" ADS removed successfully. C:\ProgramData\Temp => ":48897D41" ADS removed successfully. C:\ProgramData\Temp => ":494E4266" ADS removed successfully. C:\ProgramData\Temp => ":7934407E" ADS removed successfully. C:\ProgramData\Temp => ":BD84F7D6" ADS removed successfully. C:\ProgramData\Temp => ":BF6C81B2" ADS removed successfully. C:\ProgramData\Temp => ":ED4272E5" ADS removed successfully. ========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f ========= ERROR: Invalid Argument/Option - 'del'. Type "REG /?" for usage. ========= End of CMD: ========= ========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive" /f ========= ERROR: Invalid Argument/Option - 'del'. Type "REG /?" for usage. ========= End of CMD: ========= ========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tiny download manager" /f ========= ERROR: Invalid Argument/Option - 'del'. Type "REG /?" for usage. ========= End of CMD: ========= C:\Users\Zeljko\AppData\Local\DM => Moved successfully. "C:\Program Files (x86)\ShopperPro" => File/Directory not found. "C:\Program Files (x86)\Free Games 111" => File/Directory not found. C:\Program Files (x86)\Linkey => Moved successfully. C:\Program Files (x86)\Pando Networks\Media Booster => Moved successfully. C:\Program Files (x86)\globalUpdate => Moved successfully. C:\Users\Zeljko\AppData\Local\CRE => Moved successfully. C:\Windows\System32\drivers\wStLib64.sys => Moved successfully. C:\Users\Public\Documents\ShopperPro => Moved successfully. C:\Users\Zeljko\AppData\Roaming\SW.exe => Moved successfully. C:\Users\Zeljko\AppData\Roaming\OXQC.exe => Moved successfully. C:\Users\Zeljko\AppData\Local\Installer\Installytd_41 => Moved successfully. "C:\Program Files (x86)\Mobogenie" => File/Directory not found. "C:\Users\Zeljko\AppData\Roaming\newnext.me" => File/Directory not found. "C:\Users\Zeljko\AppData\Local\DM" => File/Directory not found. EmptyTemp: => Removed 1.9 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== mycity.rs/must-login.png

Profil

Sass Drake Poslao: 29 Nov 2014 14:09 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idemo dalje: Korak 1 Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. `cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive" /f cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tiny download manager" /f` U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt). Korak 2 Preuzmi Junkware Removal Tool (JRT) i sačuvaj ga na Desktop. Zatvori browser i ostale pokrenute programe Privremeno deaktiviraj zaštitni softver (Uputstvo); Dvoklikom na ikonicu () pokreni program JRT; Kod obavještenja "Press any key" pritisnuti bilo koji taster i alat ce započeti skeniranje. Napomena: u ovisnosti od hardvera račuanra vreme skeniranja u nekim slučajevima moze da potraje. Kada završi otvorice se Notepad sa izvještajem koji ce biti sačuvan na Desktopu pod nazivom JRT.txt Kopiraj sadržaj tog loga u temu. Korak 3 Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop. Zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; dvoklikom pokreni zoek.exe; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sljedeći tekst: `process; startupall; drivers-services-list; skipfix-iedefaults; firefoxlook; chromelook; filesrcm;` Klikni na dugme i pričekaj da se skeniranje završi. Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju. Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadržaj tog loga u poruku.

Profil

mawi medo Poslao: 29 Nov 2014 14:38 Idi na vrh
offline mawi medo Građanin Pridružio: 10 Avg 2010 Poruke: 48	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koraj 1. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01 Ran by Zeljko at 2014-11-29 14:15:57 Run:2 Running from C:\Users\Zeljko\Desktop Loaded Profile: Zeljko (Available profiles: Zeljko) Boot Mode: Normal ============================================== Content of fixlist: *************** cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive" /f cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tiny download manager" /f *************** ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f ========= The operation completed successfully. ========= End of CMD: ========= ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive" /f ========= The operation completed successfully. ========= End of CMD: ========= ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tiny download manager" /f ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog ==== Korak 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Home Premium x64 Ran by Zeljko on 29/11/2014 at 14:17:24.60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Zeljko\appdata\local\{2682A7F4-DFD1-4616-ACA2-E90EE935057B} Successfully deleted: [Empty Folder] C:\Users\Zeljko\appdata\local\{44BC8E2C-F23C-411A-9BFA-D8389AB9A158} Successfully deleted: [Empty Folder] C:\Users\Zeljko\appdata\local\{6F1D0F13-B13A-4263-8FC7-C45AF424090E} Successfully deleted: [Empty Folder] C:\Users\Zeljko\appdata\local\{7E08E78D-2F40-4A8B-832B-47F73EDC0DC3} Successfully deleted: [Empty Folder] C:\Users\Zeljko\appdata\local\{A3DD6831-FC45-4F1D-9FB4-79BC1CE31970} Successfully deleted: [Empty Folder] C:\Users\Zeljko\appdata\local\{C0B899C9-3A76-4408-A64F-CB141E2F1480} Successfully deleted: [Empty Folder] C:\Users\Zeljko\appdata\local\{C79B41F1-B259-4040-8AAF-23CFB5A00979} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29/11/2014 at 14:23:58.56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Korak 3. Zoek.exe v5.0.0.0 Updated 28-11-2014 Tool run by Zeljko on 29/11/2014 at 14:25:26.60. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Zeljko\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 29/11/2014 2:27:04 PM Zoek.exe System Restore Point Created Succesfully. ==== Running Processes ====================== C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\Online Games Manager\ogmservice.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe C:\Program Files (x86)\MCShield\MCShieldRTM.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Zeljko\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by E Dev R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe R2 - [DsiWMIService] - Dritek WMI Service - c:\program files (x86)\launch manager\dsiwmis.exe R2 - [EgisTec Ticket Service] - EgisTec Ticket Service - c:\program files (x86)\common files\egistec\services\egisticketservice.exe R2 - [ePowerSvc] - Acer ePower Service - c:\program files\acer\acer epower management\epowersvc.exe R2 - [Nero BackItUp Scheduler 4.0] - Nero BackItUp Scheduler 4.0 - c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe R2 - [ogmservice] - Online Games Manager - c:\program files (x86)\online games manager\ogmservice.exe R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe R2 - [TeamViewer9] - TeamViewer 9 - c:\program files (x86)\teamviewer\version9\teamviewer_service.exe R2 - [TuneUp.UtilitiesSvc] - AVG PC TuneUp Service - c:\program files (x86)\avg\avg pc tuneup\tuneuputilitiesservice64.exe R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [gusvc] - Google Updater Service - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\programs installed\microsoft office 2010\office14\groove.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [NMIndexingService] - NMIndexingService - c:\program files (x86)\common files\ahead\lib\nmindexingservice.exe [x] S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [Sony PC Companion] - Sony PC Companion - c:\program files (x86)\sony\sony pc companion\pccservice.exe S3 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe ==== Drivers(whitelist) ====================== Powered by E Dev ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Zeljko\AppData\Local\Temp ==== 2014-11-29 13:17:14 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\libiconv2.dll 2014-11-29 13:17:14 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\libintl3.dll 2014-11-29 13:17:14 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\pcre3.dll 2014-11-29 13:17:14 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\regex2.dll 2014-11-29 13:17:14 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-11-29 12:53:35 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\clear.fiClient\cabarc.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2014-11-28 22:01:52 2FAF47D7BDBD17E638AD8306B12E5CC0 3562 ----a-w- C:\Windows\Sysnative\Tasks\YTDownloaderUpd ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-11-28 21:02:13 -------- d-----w- C:\PROGRA~2\MCShield 2014-11-28 19:33:15 -------- d-----w- C:\PROGRA~2\PhotoScape 2014-11-27 17:41:36 -------- d-----w- C:\PROGRA~2\78cc8c96-3c43-4f14-9ddc-048dbfb4e731 ======= C: ===== ====== C:\Users\Zeljko\AppData\Roaming ====== 2014-11-27 18:00:00 -------- d-----w- C:\Users\Zeljko\AppData\Local\Installer 2014-10-30 21:03:20 -------- d-----w- C:\Users\Zeljko\AppData\Roaming\Orneon 2014-10-30 16:26:44 -------- d-----w- C:\Users\Zeljko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Wolf Healer Collectors Edition ====== C:\Users\Zeljko ====== 2014-11-29 13:16:52 C254F3ECEB9B1AC795BA6B25DE008EBA 1707646 ----a-w- C:\Users\Zeljko\Desktop\JRT.exe 2014-11-29 12:53:31 5A6F21141B846BD3CE1ED0BD0F19C3AF 2148864 ----a-w- C:\Users\Zeljko\Desktop\AdwCleaner.exe 2014-11-28 21:11:41 AD94C6A77FCEBDE1B56B4B124D65805D 2117632 ----a-w- C:\Users\Zeljko\Desktop\FRST64.exe 2014-11-28 21:02:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield 2014-11-28 21:02:13 -------- d-----w- C:\ProgramData\MCShield 2014-11-28 19:33:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2014-11-27 17:38:41 518C474CAF826031C9039FE860F582C5 580544 ----a-w- C:\Users\Zeljko\Downloads\installer_adobe_flash_player_English.exe 2014-10-30 16:26:44 -------- d-----w- C:\Users\Zeljko\Echoes of the Past - Wolf Healer Collectors Edition 2014-10-30 16:26:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Wolf Healer Collectors Edition ====== C: exe-files == 2014-11-28 21:02:15 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\ProgramData\MCShield\MCShield-Setup.exe 2014-11-28 19:33:23 10084FFC18FE7FB90F81290B291EFBC3 85114 ----a-w- C:\Program Files (x86)\PhotoScape\uninstall.exe 2014-11-27 18:00:00 7A7F8F059D9454233C9A52421E729C5A 1129856 ----a-w- C:\FRST\Quarantine\C\Users\Zeljko\AppData\Local\Installer\Installytd_41\DC1AB4RN50.exe 2014-11-27 17:41:30 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe 2014-11-27 17:41:29 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe 2014-11-27 17:41:29 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\GoogleUpdate.exe 2014-11-27 17:41:28 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe 2014-11-27 17:41:28 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe 2014-11-27 09:27:25 9D83E2859AC027E8C505CB4D1931AF47 1117264 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.71\39.0.2171.71_39.0.2171.65_chrome_updater.exe === C: other files == 2014-11-29 13:17:14 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\prelim.bat 2014-11-29 13:17:14 EBAA7BD799FC68980A6A8594BB14A950 190569 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\misc.bat 2014-11-29 13:17:14 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\TDL4.bat 2014-11-29 13:17:14 BC28D90D34DB7AC6BB5789BF3C9E8FDB 14957 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\get.bat 2014-11-29 13:17:14 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\medfos.bat 2014-11-29 13:17:14 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\surfvox.bat 2014-11-29 13:17:14 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\searchlnk.bat 2014-11-29 13:17:14 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\firefox.bat 2014-11-29 13:17:14 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\ev_clear.bat 2014-11-29 13:17:14 813FA9E2180EE3BB5EFCE744009B5611 10880 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\runvalues.bat 2014-11-29 13:17:14 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\ask.bat 2014-11-29 13:17:14 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\iexplore.bat 2014-11-29 13:17:14 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\delfolders.bat 2014-11-29 13:17:14 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\mws.bat 2014-11-29 13:17:14 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Zeljko\AppData\Local\Temp\jrt\chrome.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" "Viber"="C:\Users\Zeljko\AppData\Local\Viber\Viber.exe StartMinimized" "MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe" "Tiny download manager"="C:\Users\Zeljko\AppData\Local\DM\TinyDM.exe /M" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" "Viber"="C:\Users\Zeljko\AppData\Local\Viber\Viber.exe StartMinimized" "MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe" "Tiny download manager"="C:\Users\Zeljko\AppData\Local\DM\TinyDM.exe /M" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Programs installed\\Microsoft Office 2010\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent Sync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BitTorrent Sync" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\BitTorrent Sync\\BTSync.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Device Detection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Device Detection" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\FUJIFILM\\MyFinePix Studio\\dd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Zeljko\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OfficeSyncProcess" "hkey"="HKCU" "command"="\"C:\\Programs installed\\Microsoft Office 2010\\Office14\\MSOSYNC.EXE\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM.EXE" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RGSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RGSC" "hkey"="HKCU" "command"="C:\\Games\\Rockstar Games\\GTA IV\\Rockstar Games Social Club\\RGSCLauncher.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sony PC Companion" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Viber] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Viber" "hkey"="HKCU" "command"="\"C:\\Users\\Zeljko\\AppData\\Local\\Viber\\Viber.exe\" StartMinimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Zeljko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] "path"="C:\\Users\\Zeljko\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MagicDisc.lnk" "backup"="C:\\Windows\\pss\\MagicDisc.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MAGICD~1\\MAGICD~1.EXE " "item"="MagicDisc" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Zeljko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] "path"="C:\\Users\\Zeljko\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk" "backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~4\\MICROS~1\\Office14\\ONENOTEM.EXE /tsr" "item"="OneNote 2010 Screen Clipper and Launcher" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/11/2014 01:42 PM] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3475886133-273725518-3232655564-1000Core.job --a------ C:\Users\Zeljko\AppData\Local\Facebook\Update\FacebookUpdate.exe [25/11/2013 09:30 PM] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3475886133-273725518-3232655564-1000UA.job --a------ C:\Users\Zeljko\AppData\Local\Facebook\Update\FacebookUpdate.exe [25/11/2013 09:30 PM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/11/2013 05:10 AM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\elbyExecuteWithUAC" [C:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3475886133-273725518-3232655564-1000Core" [C:\Users\Zeljko\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3475886133-273725518-3232655564-1000UA" [C:\Users\Zeljko\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\YTDownloaderUpd" [C:\Program Files (x86)\YTDownloader\updater.exe] "C:\Windows\SysNative\tasks\{907714D7-662E-4E2B-A21F-AC2DEF9B0C27}" [C:\Users\Zeljko\Desktop\league-of-light-wicked-harvest-ce_s1_l1_gF8358T1L1_d2379641481.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [06/08/2014 12:27 PM] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/08/2014 12:26 PM] Google Drive - Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Voice Search Hotword (Beta) - Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn YouTube - Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {2286021F-505A-46F1-8D8B-25872ACAA3C9} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear" {72DD096F-8D56-4D70-8AB1-E1F2B1037242} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {F7065812-FA1A-4CDC-B249-61831017CF3F} Yahoo! Search Url="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on 29/11/2014 at 14:34:27.61 ======================

Profil

Sass Drake Poslao: 29 Nov 2014 19:10 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; dvoklikom pokreni zoek.exe; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sljedeći tekst: `[HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Run];r "Tiny download manager"=-;r C:\Users\Zeljko\AppData\Local\DM;fs [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r "Tiny download manager"=-;r C:\Windows\SysNative\tasks\YTDownloaderUpd;fs C:\Program Files (x86)\YTDownloader;fs emptyclsid; emptyalltemp; autoclean;` Klikni na dugme i pričekaj da se skeniranje završi. Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju. Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadržaj tog loga u poruku.

Profil

mawi medo Poslao: 30 Nov 2014 20:12 Idi na vrh
offline mawi medo Građanin Pridružio: 10 Avg 2010 Poruke: 48	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zoek.exe v5.0.0.0 Updated 29-11-2014 Tool run by Zeljko on 30/11/2014 at 19:34:42.26. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Zeljko\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-11-29-133427.log 29596 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\78cc8c96-3c43-4f14-9ddc-048dbfb4e731 deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Pando Networks deleted successfully C:\PROGRA~2\PokerStars deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\SlySoft deleted successfully C:\Users\Zeljko\AppData\Roaming\.StarMade deleted successfully C:\Users\Zeljko\AppData\Roaming\TP deleted successfully C:\Users\Zeljko\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Zeljko\AppData\Local\Installer deleted successfully C:\Users\Zeljko\AppData\Local\PokerStars deleted successfully C:\Users\Zeljko\AppData\Local\PokerStars.NET deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F7065812-FA1A-4CDC-B249-61831017CF3F} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Classes\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00110d64-637c-4858-a065-bcfea9485700} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09d5744e-a208-4589-bd13-503a469d2504} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{197D351C-9E14-451A-BD1E-5324915E2B82} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AADA9DC-8465-45EE-87D9-584931C6B073} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1cbd9c47-8994-4580-806d-ae46b5623216} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20DFBF5A-4A6E-45CE-953E-A9FA8FC03E} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2761f6e9-755d-4800-a9e5-a76179e4be8a} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29F1CCD4-41BF-47D1-A9BB-D5BF47DF677} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C48082C-2B27-4A94-BFDA-9F8BE84899AB} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D331AAB-292D-4808-B05B-BFE9B929F2B0} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{481D8879-5111-477F-89A6-112A49CEC1E2} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FE05BF2-435-42B6-A1FE-79774F2ABBBE} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54A60FF5-36ED-4A2C-A366-56AC8BAC870} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D899299-6AD6-4DD5-BF52-71D4DD116CC0} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E3D9D9B-1FA8-4015-B393-A257EF541C4B} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D68E860-12CF-4B6A-B6C9-D17CC07F5B2C} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70103849-B087-4CE4-9CA1-C5F08B3C5CB1} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{732F2B41-9A78-4F51-9D7D-C6EDAB21C546} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{742E68E4-810F-4DFB-BCDA-771D95775E5C} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{807f27b9-6b33-4e7f-9ef3-b11cf7d93bad} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AE51ACA-64B0-4993-85C7-D61895F81EA7} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c609465-cb5b-4101-92cf-b583bbd42d6a} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DB48788-3F6C-4E6F-AA16-9A9B2F84ED0} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96D3CCCB-5DEF-457C-87A9-3E96F8D8F33A} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B2AD217-DCAD-4A72-86AD-FCE5235FD30} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DB3988E-F535-4CAD-B5BD-4DD18D6EB3F8} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a29b304c-2ec1-47c7-ae99-31bed2e82d6a} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A44E46B7-ACBD-47DD-AFD-72DD271578FD} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A952FDE2-5C91-4195-8BA0-4157CD953DD} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE8414F5-D7A7-49F3-B817-C5D75F5B4692} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFCB7247-DA57-4A4A-AFC0-1D172652C3B8} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3F3C295-3DE4-479B-81C8-3CA72E5DE7} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC36B545-65D-4F94-BACE-DFCE99CAC560} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE0A2985-BC4B-4AEE-BB25-6EB8A950E55C} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0D5D70E-4405-4BB7-8440-BA16BC9BE2BD} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1C76695-1FBF-44E6-B76A-5A6C355D8D6} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2F3947C-3ABD-4228-BB95-8492B8B1BED2} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3363993-3882-4DF3-9280-92732A95F29C} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C46E3F42-B0E2-42EB-B919-5CE1A62827D6} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c4c77cdd-d209-45c0-8762-75ca428f7dde} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC1B9269-7DD9-4F4C-BF7-3D464CC2C5BB} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3F0CCE4-9711-478A-9E57-2629F82EE5C} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECDD3DE0-8F7D-4173-B87C-57A776147B8A} deleted successfully HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F112AF91-FCD8-4407-8442-6D7BE665A66} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-3475886133-273725518-3232655564-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Tiny download manager"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Tiny download manager"=- ==== Deleting Files \ Folders ====================== C:\Users\Zeljko\AppData\Local\DM not found C:\Program Files (x86)\YTDownloader not found C:\Windows\SysNative\tasks\YTDownloaderUpd deleted C:\Users\Zeljko\.android deleted C:\PROGRA~2\Europa Universalis IV Wealth of Nations deleted C:\Users\Zeljko\AppData\Roaming\AlawarEntertainment deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Browse and Search the Internet.lnk deleted C:\PROGRA~3\InstallMate deleted C:\Users\Zeljko\AppData\Local\cache deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\tmpADD0.tmp deleted C:\Windows\Syswow64\tmpE553.tmp deleted C:\Windows\Syswow64\tmpE5C1.tmp deleted C:\Users\Zeljko\Desktop\YTDownloader.lnk deleted "C:\Users\Zeljko\AppData\Roaming\OXQC" deleted "C:\Users\Zeljko\AppData\Roaming\SW" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [06/08/2014 12:27 PM] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/08/2014 12:26 PM] Google Voice Search Hotword (Beta) - Zeljko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn ==== Chromium Fix ====================== C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.webssearches.com_0.localstorage deleted successfully C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.babylon.com_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {2286021F-505A-46F1-8D8B-25872ACAA3C9} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear" {72DD096F-8D56-4D70-8AB1-E1F2B1037242} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7FDC7BDF-6BFE-1C6D-6372-B76A4EE3DDDE} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent Sync deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Zeljko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MS1IYJM will be deleted at reboot C:\Users\Zeljko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKSB0B50 will be deleted at reboot C:\Users\Zeljko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ9DE86D will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Zeljko\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=8939 folders=153 1430053279 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Zeljko\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Zeljko\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Zeljko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MS1IYJM" not found "C:\Users\Zeljko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKSB0B50" not found "C:\Users\Zeljko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ9DE86D" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on 30/11/2014 at 20:10:50.90 ======================

Profil

Sass Drake Poslao: 30 Nov 2014 20:36 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje sistema?

Profil

mawi medo Poslao: 30 Nov 2014 21:26 Idi na vrh
offline mawi medo Građanin Pridružio: 10 Avg 2010 Poruke: 48	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad je bolje.

Profil

Sass Drake Poslao: 30 Nov 2014 21:30 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obavićemo još i ARK provjeru. Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » sistem pun virusa

Ko je trenutno na forumu

Ukupno su 1175 korisnika na forumu :: 36 registrovanih, 4 sakrivenih i 1135 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ajo baba, aleksmajstor, aramis s, bojcistv, colji, darcaud, Denaya, dzoni19, E_Kurir, goxin, Kandrbandrdzilo, Krusarac, Lieutenant, lord sir giga, Lucije Kvint, mačković, mercedesamg, mgolub, milenko crazy north, Milometer, MilosKop, nikoladim, Nobunaga, Parker, pein, repac, rovac, savaskytec, USSVoyager, Viktor Petrenko, VJ, Vlada1389, W123, YugoSlav, zdrebac, 2001

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by