Neželjene reklame u Mozili

Neželjene reklame u Mozili

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Изгледа да сам (опет) закачио неки малвер. Трагао сам за неким филмом по сајтовима, и након тога су почеле да искачу рекламе у Мозили. Покушао сам да то решим помоћу ADWCLEANER-a и MBAR-a, али безуспешно.
Када користим Operu, искачућих реклама нема.

Шаљем фајлове које је креирао FRST.EXE:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Miroslav Maričić (administrator) on WR-1250MM on 02-02-2015 17:01:38
Running from C:\Users\Miroslav Maričić\Desktop\АЛАТИ
Loaded Profiles: Miroslav Maričić (Available profiles: Miroslav Maričić & Guest)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ABBYY (BIT Software)) C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Atheros) C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Atheros Commnucations) C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
() C:\Program Files\Mobilni Internet\ModemListener.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 2\creator-ws.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Dell Wireless\Bluetooth Suite\btvstack.exe [877696 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Dell Wireless\Bluetooth Suite\athbttray.exe [696448 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1433692 2000-01-01] (IDT, Inc.)
HKLM\...\Run: [EaseUs Watch] => C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs Tray] => C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253512 2013-09-04] ()
HKLM\...\Run: [ModemListener] => C:\Program Files\Mobilni Internet\ModemListener.exe [98304 2010-07-12] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\Run: [SPDriver] => C:\Program Files\ShopperPro\JSDriver\1489.0.0.0\jsdrv.exe
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\MountPoints2: {4e9eb80c-85cb-11e2-ae6f-3859f9a3fb5a} - G:\SISetup.exe
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\MountPoints2: {6e060d74-4423-11e1-9a26-3859f9a3fb5a} - E:\autorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {2440bcbf-9c91-4498-8f73-8f0c3670ce4d} URL = http://www.findamo.com/search.html?&q={searchTerms}&cid=3975ch=2
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {9478214f-b58f-420c-ad87-239923bf3c27} URL = http://www.searchshock.com/search.html?&q={searchTerms}&cid=3975
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {f3c71182-38f2-49dc-8244-7b07c078ccf9} URL = http://www.findamo.com/search.html?&q={searchTerms}&cid=3975ch=2
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166

FireFox:
========
FF ProfilePath: C:\Users\Miroslav Maričić\AppData\Roaming\Mozilla\Firefox\Profiles\rlwtyu0w.default
FF NewTab: hxxp://www.findamo.com?&cid=3975ch=2
FF Homepage: hxxp://www.google.rs/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @devalvr.com/DevalVR 3D plugin,version=1.0,application/x-devalvrx -> C:\ProgramData\DevalVR\npdevalvr.dll (www.devalvr.com)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @parallelgraphics.com/Cortona -> C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npdevalvr.dll (www.devalvr.com)
FF SearchPlugin: C:\Users\Miroslav Maričić\AppData\Roaming\Mozilla\Firefox\Profiles\rlwtyu0w.default\searchplugins\SearchShock.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: Sense - C:\Users\Miroslav Maričić\AppData\Roaming\Mozilla\Firefox\Profiles\rlwtyu0w.default\Extensions\e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.com [2015-02-01]
FF Extension: Ge-Force - C:\Users\Miroslav Maričić\AppData\Roaming\Mozilla\Firefox\Profiles\rlwtyu0w.default\Extensions\PDVDZDW52397720@XDDWJXW57740856.com [2015-02-01]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-15]

Chrome:
=======
CHR Profile: C:\Users\Miroslav Maričić\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google документи) - C:\Users\Miroslav Maričić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-06]
CHR Extension: (YouTube) - C:\Users\Miroslav Maričić\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-06]
CHR Extension: (Google претрага) - C:\Users\Miroslav Maričić\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-06]
CHR Extension: (Google новчаник) - C:\Users\Miroslav Maričić\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR Extension: (Gmail) - C:\Users\Miroslav Maričić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-18]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe http://isearch.omiga-plus.com/?type=sc&ts=1422.....X61R7B7EDB

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-06] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software))
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Dell Wireless\Ath_CoexAgent.exe [151552 2010-10-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files\Dell Wireless\Bluetooth Suite\adminservice.exe [171136 2013-02-06] (Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277024 2012-09-18] (Intel Corporation)
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-06-17] () [File not signed]
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [303186 2000-01-01] (IDT, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Atheros)
S2 mailUpdate; C:\ProgramData\MailUpdate\mailUpdate.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-15] ()
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35968 2013-02-06] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [44160 2013-02-06] (Windows (R) Win 7 DDK provider)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-18] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [299648 2013-02-06] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [98432 2013-02-06] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25728 2013-02-06] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [148096 2013-02-06] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60544 2013-02-06] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [264704 2013-02-06] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [470656 2013-02-06] (Atheros)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [51784 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [41544 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [15944 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [186952 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 GT680x; C:\Windows\System32\Drivers\Gt680x.sys [12416 2006-06-17] ( )
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-04-03] (REALiX(tm))
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [3741696 2012-09-18] (Intel Corporation)
R2 io.sys; C:\Windows\system32\drivers\io.sys [5152 2013-09-02] () [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [67456 2011-04-13] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [177800 2012-08-27] (Renesas Electronics Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-06-17] (TCT International Mobile Ltd)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [28160 2012-09-05] (Generic)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S2 SPDRIVER_1489.0.0.0; \??\C:\Program Files\ShopperPro\JSDriver\1489.0.0.0\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 17:01 - 2015-02-02 17:01 - 00000000 ____D () C:\FRST
2015-02-02 16:53 - 2015-02-02 16:53 - 00018062 _____ () C:\Users\Miroslav Maričić\Desktop\Opera 12 Notes.html
2015-02-02 16:53 - 2015-02-02 16:53 - 00001055 _____ () C:\Users\Public\Desktop\Opera 25.lnk
2015-02-02 16:53 - 2015-02-02 16:53 - 00001055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 25.lnk
2015-02-02 16:42 - 2015-02-02 16:42 - 00000000 ___RD () C:\Users\Miroslav Maričić\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-02 15:46 - 2015-02-02 15:46 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Miroslav Maričić\Downloads\mbar-1.08.3.1004.exe
2015-02-02 15:31 - 2015-02-02 15:31 - 00796632 _____ (Aff) C:\Users\Miroslav Maričić\Downloads\FlvPlayerSetup.exe
2015-02-01 15:37 - 2015-02-01 15:44 - 00000000 ____D () C:\Users\Miroslav Maričić\.smplayer
2015-02-01 15:32 - 2015-02-01 15:33 - 19193552 _____ (Igor Pavlov) C:\Users\Miroslav Maričić\Downloads\fet-5.26.0.exe
2015-02-01 14:57 - 2015-02-01 14:57 - 00000954 _____ () C:\Users\Miroslav Maričić\Desktop\Liveistream.lnk
2015-02-01 14:57 - 2015-02-01 14:57 - 00000954 _____ () C:\Users\Guest\Desktop\Liveistream.lnk
2015-02-01 14:56 - 2015-02-01 14:56 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Liveistream
2015-02-01 14:56 - 2015-02-01 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
2015-02-01 14:56 - 2015-02-01 14:56 - 00000000 ____D () C:\Program Files\Liveistream
2015-02-01 14:52 - 2015-02-01 14:52 - 01511384 _____ (Sense+) C:\Users\Miroslav Maričić\AppData\Roaming\UERRV.exe
2015-02-01 14:52 - 2015-02-01 14:52 - 00001380 _____ () C:\Windows\Tasks\UERRV.job
2015-02-01 14:51 - 2015-02-01 14:52 - 00000000 ____D () C:\Program Files\b293b0ed-4515-48e8-8fd9-956160943535
2015-02-01 14:51 - 2015-02-01 14:51 - 01997784 _____ (Sense+) C:\Users\Miroslav Maričić\AppData\Roaming\CIIAYI.exe
2015-02-01 14:51 - 2015-02-01 14:51 - 00001382 _____ () C:\Windows\Tasks\CIIAYI.job
2015-02-01 14:51 - 2015-02-01 14:51 - 00000000 ____D () C:\Program Files\1acf32df-b1fe-4175-996d-52aaa728b99a
2015-02-01 14:50 - 2015-02-01 14:50 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-02-01 14:48 - 2015-02-01 14:49 - 00595736 _____ () C:\Users\Miroslav Maričić\Downloads\setup.exe
2015-01-31 23:28 - 2015-02-02 16:42 - 00003472 _____ () C:\Windows\PFRO.log
2015-01-31 17:15 - 2015-01-31 17:15 - 00088064 _____ () C:\Users\Miroslav Maričić\Downloads\1_PPP(1).xls
2015-01-29 22:23 - 2015-01-29 22:23 - 00000000 ____D () C:\Users\Miroslav Maričić\Documents\PPP
2015-01-29 22:22 - 2015-01-29 22:22 - 00088064 _____ () C:\Users\Miroslav Maričić\Downloads\1_PPP.xls
2015-01-28 23:16 - 2015-01-28 23:16 - 01428818 _____ () C:\Users\Miroslav Maričić\Downloads\hwgui-2.19-b2.src.zip
2015-01-28 22:58 - 2015-01-28 22:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-27 12:10 - 2015-01-27 12:11 - 00000000 ____D () C:\Sv. Sava 2015
2015-01-26 22:48 - 2015-01-26 22:48 - 02194432 _____ () C:\Users\Miroslav Maričić\Downloads\adwcleaner_4.109.exe
2015-01-26 21:16 - 2015-01-26 21:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 20:57 - 2015-01-26 20:57 - 05325208 _____ (Piriform Ltd) C:\Users\Miroslav Maričić\Downloads\ccsetup502.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Miroslav Maričić\AppData\Roaming\UERRV
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Miroslav Maričić\AppData\Roaming\CIIAYI
2015-01-25 12:35 - 2015-01-25 12:35 - 00000587 _____ () C:\Users\Miroslav Maričić\Documents\Blaupunkt TV.txt
2015-01-22 12:58 - 2015-02-02 16:42 - 00002581 _____ () C:\Windows\setupact.log
2015-01-22 12:58 - 2015-01-22 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-21 22:54 - 2015-01-21 22:54 - 00000997 _____ () C:\Users\Miroslav Maričić\Desktop\Notepad++.lnk
2015-01-21 22:54 - 2015-01-21 22:54 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-21 22:48 - 2015-01-21 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMG.3.4.0
2015-01-21 22:42 - 2015-01-21 22:44 - 84398890 _____ (Roberto Lopez ) C:\Users\Miroslav Maričić\Downloads\HMG.3.4.0.Setup.exe
2015-01-18 20:39 - 2015-01-18 20:39 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Local\SmallBasic
2015-01-18 20:36 - 2015-01-18 20:36 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Basic
2015-01-18 20:34 - 2015-01-18 20:34 - 06021120 _____ () C:\Users\Miroslav Maričić\Downloads\SmallBasic.msi
2015-01-18 20:33 - 2015-01-18 20:33 - 00010700 _____ () C:\Users\Miroslav Maričić\Downloads\resenjaOpstinsko2014.zip
2015-01-18 20:29 - 2015-01-18 20:29 - 00012520 _____ () C:\Users\Miroslav Maričić\Downloads\testPrimerOpstinsko2014.zip
2015-01-18 20:28 - 2015-01-18 20:28 - 20644896 _____ () C:\Users\Miroslav Maričić\Downloads\Drzavno2014OsnovciIzvorniKodovi.zip
2015-01-18 20:28 - 2015-01-18 20:28 - 00020328 _____ () C:\Users\Miroslav Maričić\Downloads\zadaciOpstinsko2014(1).zip
2015-01-18 12:56 - 2015-01-18 12:56 - 00020328 _____ () C:\Users\Miroslav Maričić\Downloads\zadaciOpstinsko2014.zip
2015-01-14 16:08 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:08 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:08 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 16:08 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:08 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-12 21:17 - 2015-01-12 21:20 - 19198767 _____ (Igor Pavlov) C:\Users\Miroslav Maričić\Downloads\fet-5.25.0.exe
2015-01-10 23:50 - 2015-01-10 23:50 - 09088473 _____ () C:\Users\Miroslav Maričić\Downloads\LiveUpdate.zip
2015-01-10 21:03 - 2015-01-10 21:03 - 05773995 _____ () C:\Users\Miroslav Maričić\Downloads\Realtek_LAN_PCIE_MB.zip
2015-01-10 20:57 - 2015-01-10 20:57 - 18142597 _____ () C:\Users\Miroslav Maričić\Downloads\Intel_G33_SVGA_XP_MB.zip
2015-01-10 20:47 - 2015-01-10 20:47 - 08001594 _____ () C:\Users\Miroslav Maričić\Downloads\intel_345_inf_mb.zip
2015-01-09 16:06 - 2015-01-09 16:06 - 00042868 _____ () C:\Users\Miroslav Maričić\Downloads\CALIGRF.ttf
2015-01-09 16:06 - 2015-01-09 16:06 - 00038864 _____ () C:\Users\Miroslav Maričić\Downloads\BRUSHSC.ttf
2015-01-05 08:14 - 2015-01-09 18:39 - 00135712 _____ () C:\Users\Miroslav Maričić\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 08:09 - 2015-01-09 18:35 - 00471072 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 17:01 - 2014-04-20 17:36 - 00000000 ____D () C:\Users\Miroslav Maričić\Desktop\АЛАТИ
2015-02-02 16:56 - 2014-01-30 20:06 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Local\Deployment
2015-02-02 16:56 - 2012-09-26 22:08 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 16:53 - 2013-10-13 18:38 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\Opera Software
2015-02-02 16:53 - 2013-10-13 18:38 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Local\Opera Software
2015-02-02 16:53 - 2012-01-15 00:09 - 00000000 ____D () C:\Program Files\Opera
2015-02-02 16:49 - 2012-01-14 20:57 - 00880130 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 16:48 - 2014-09-08 06:45 - 01096739 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 16:48 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 16:48 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 16:43 - 2014-10-08 21:02 - 00000000 ____D () C:\ProgramData\MCShield
2015-02-02 16:42 - 2014-12-09 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 16:42 - 2012-09-26 22:08 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 16:42 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 16:40 - 2012-02-21 08:39 - 00000000 ____D () C:\Program Files\Portable Microsoft Office 2007 Enterprise
2015-02-02 16:35 - 2012-04-08 17:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 15:47 - 2014-03-27 13:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 15:46 - 2014-12-09 18:48 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 15:40 - 2012-01-21 15:48 - 00000000 ___SD () C:\Users\Miroslav Maričić\Documents\My Webs
2015-02-02 15:38 - 2013-06-09 12:10 - 00000000 ____D () C:\Program Files\TeamViewer
2015-02-02 15:34 - 2014-04-20 13:54 - 00000000 ____D () C:\AdwCleaner
2015-02-01 15:37 - 2012-01-14 20:53 - 00000000 ____D () C:\Users\Miroslav Maričić
2015-02-01 15:35 - 2014-07-25 14:19 - 00000000 ____D () C:\Users\Miroslav Maričić\Documents\Rasporedi časova
2015-02-01 15:34 - 2012-01-17 00:01 - 00000000 ____D () C:\Program Files\FET
2015-02-01 14:57 - 2014-02-06 13:00 - 00001214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-01 14:57 - 2014-02-06 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-01 14:57 - 2014-01-15 21:32 - 00000987 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-01 14:57 - 2014-01-15 21:32 - 00000975 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-01 14:57 - 2012-01-15 00:09 - 00000901 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-01 14:57 - 2012-01-15 00:09 - 00000889 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-01 14:57 - 2012-01-14 20:53 - 00001134 _____ () C:\Users\Miroslav Maričić\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-01 14:52 - 2013-11-01 18:25 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-01 14:51 - 2012-01-17 00:20 - 00000000 ____D () C:\Program Files\A&G Grapher
2015-02-01 14:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-31 17:25 - 2014-12-04 21:59 - 00003683 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-01-31 17:24 - 2014-12-04 21:57 - 00000897 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-31 17:24 - 2014-12-04 21:57 - 00000885 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-01-28 22:57 - 2014-08-05 07:19 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-28 22:56 - 2012-06-20 07:46 - 00000000 ____D () C:\Program Files\Java
2015-01-28 16:05 - 2012-01-19 23:00 - 00000000 ____D () C:\MiniGui
2015-01-27 14:42 - 2013-09-19 20:58 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\vlc
2015-01-27 09:02 - 2014-01-15 21:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 22:22 - 2013-06-09 12:01 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\TeamViewer
2015-01-26 22:21 - 2012-01-22 23:41 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\Skype
2015-01-26 22:20 - 2012-01-22 23:40 - 00000000 ___RD () C:\Program Files\Skype
2015-01-26 22:20 - 2012-01-22 23:40 - 00000000 ____D () C:\ProgramData\Skype
2015-01-26 20:57 - 2014-11-09 20:07 - 00000933 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 20:57 - 2012-01-16 23:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-25 14:39 - 2014-02-21 22:45 - 02197504 ___SH () C:\Users\Miroslav Maričić\Downloads\Thumbs.db
2015-01-25 12:35 - 2012-04-08 17:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 12:35 - 2012-01-21 20:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 17:51 - 2012-01-19 23:02 - 00000000 ____D () C:\MyFiles
2015-01-24 17:49 - 2012-01-14 21:32 - 00000000 ____D () C:\Intel
2015-01-21 22:54 - 2014-06-04 19:12 - 00000997 _____ () C:\Users\Guest\Desktop\Notepad++.lnk
2015-01-21 22:54 - 2013-03-18 15:46 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\Notepad++
2015-01-21 22:05 - 2014-04-03 21:40 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Roaming\Atheros
2015-01-20 21:39 - 2014-04-03 23:05 - 00000000 ____D () C:\Users\Miroslav Maričić\Documents\Bluetooth Folder
2015-01-20 20:38 - 2012-02-04 14:48 - 00000000 ____D () C:\Users\Miroslav Maričić\AppData\Local\CrashDumps
2015-01-20 20:35 - 2012-02-17 18:45 - 00000000 ___RD () C:\Users\Miroslav Maričić\Desktop\ПРОГРАМИРАЊЕ
2015-01-18 21:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-16 23:42 - 2012-01-30 15:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-14 16:41 - 2013-09-12 18:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:34 - 2012-01-14 23:11 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:45 - 2012-06-05 22:31 - 00000000 ____D () C:\Žaba
2015-01-12 08:31 - 2009-07-14 05:53 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 18:49 - 2012-01-21 00:04 - 00000000 ____D () C:\Users\Miroslav Maričić\Documents\Ksenija
2015-01-07 00:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-06 04:36 - 2012-01-14 22:33 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 18:19 - 2012-01-29 20:15 - 00000069 _____ () C:\Windows\NeroDigital.ini
2015-01-04 18:01 - 2012-05-05 21:09 - 00000000 ____D () C:\Users\Miroslav Maričić\Documents\IZBORI 2012

==================== Files in the root of some directories =======

2014-01-23 18:54 - 2014-11-08 18:56 - 0012288 _____ () C:\Program Files\_netlib2.dl2
2014-01-23 18:54 - 2014-01-23 19:25 - 0012288 _____ () C:\Program Files\_netlib3.dl2
2014-01-23 18:55 - 2014-01-23 18:54 - 0012288 _____ () C:\Program Files\_netlib4.dl2
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Miroslav Maričić\AppData\Roaming\CIIAYI
2015-02-01 14:51 - 2015-02-01 14:51 - 1997784 _____ (Sense+) C:\Users\Miroslav Maričić\AppData\Roaming\CIIAYI.exe
2013-03-30 00:56 - 2013-03-30 00:56 - 0593916 _____ () C:\Users\Miroslav Maričić\AppData\Roaming\Scorch_Install.log
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Miroslav Maričić\AppData\Roaming\UERRV
2015-02-01 14:52 - 2015-02-01 14:52 - 1511384 _____ (Sense+) C:\Users\Miroslav Maričić\AppData\Roaming\UERRV.exe
2012-02-04 14:08 - 2014-12-08 15:51 - 0008704 _____ () C:\Users\Miroslav Maričić\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-15 10:15 - 2013-04-15 10:15 - 0004096 ____H () C:\Users\Miroslav Maričić\AppData\Local\keyfile3.drm
2014-11-26 22:13 - 2014-11-26 22:13 - 0001723 _____ () C:\Users\Miroslav Maričić\AppData\Local\recently-used.xbel
2013-12-25 11:52 - 2013-12-25 11:52 - 0000067 _____ () C:\Users\Miroslav Maričić\AppData\Local\TempHOLD.run

Files to move or delete:
====================
C:\Users\Miroslav Maričić\pkcs11wrapper_32.dll


Some content of TEMP:
====================
C:\Users\Miroslav Maričić\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Miroslav Maričić\AppData\Local\Temp\playerfile.exe
C:\Users\Miroslav Maričić\AppData\Local\Temp\Quarantine.exe
C:\Users\Miroslav Maričić\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Miroslav Maričić\AppData\Local\Temp\sqlite3.dll
C:\Users\Miroslav Maričić\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 21:51

==================== End Of Log ============================

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

closeprocesses:
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\MountPoints2: {4e9eb80c-85cb-11e2-ae6f-3859f9a3fb5a} - G:\SISetup.exe
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\MountPoints2: {6e060d74-4423-11e1-9a26-3859f9a3fb5a} - E:\autorun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {2440bcbf-9c91-4498-8f73-8f0c3670ce4d} URL = http://www.findamo.com/search.html?&q={searchTerms}&cid=3975ch=2
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {9478214f-b58f-420c-ad87-239923bf3c27} URL = http://www.searchshock.com/search.html?&q={searchTerms}&cid=3975
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {f3c71182-38f2-49dc-8244-7b07c078ccf9} URL = http://www.findamo.com/search.html?&q={searchTerms}&cid=3975ch=2
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
FF NewTab: hxxp://www.findamo.com?&cid=3975ch=2
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: Sense - C:\Users\Miroslav Maričić\AppData\Roaming\Mozilla\Firefox\Profiles\rlwtyu0w.default\Extensions\e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.com [2015-02-01]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe http://isearch.omiga-plus.com/?type=sc&ts=1422.....X61R7B7EDB
S2 mailUpdate; C:\ProgramData\MailUpdate\mailUpdate.exe -service [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S2 SPDRIVER_1489.0.0.0; \??\C:\Program Files\ShopperPro\JSDriver\1489.0.0.0\jsdrv.sys [X]
2015-02-01 14:51 - 2015-02-01 14:51 - 00000000 ____D () C:\Program Files\1acf32df-b1fe-4175-996d-52aaa728b99a
2015-02-01 14:50 - 2015-02-01 14:50 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
C:\Users\Miroslav Maričić\pkcs11wrapper_32.dll
Task: C:\Windows\Tasks\CIIAYI.job => C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\CIIAYI.exe <==== ATTENTION
Task: C:\Windows\Tasks\UERRV.job => C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\UERRV.exe <==== ATTENTION
C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\CIIAYI.exe
C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\UERRV.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:3B71D0B4
AlternateDataStreams: C:\Users\Miroslav Maričić\Documents\Re_ Računarski sistemi.eml:OECustomProperty


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Урадио сам све како си ми написао. Ево лог-фајла:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015
Ran by Miroslav Maričić at 2015-02-02 23:38:28 Run:1
Running from C:\Users\Miroslav Maričić\Desktop\АЛАТИ
Loaded Profiles: Miroslav Maričić (Available profiles: Miroslav Maričić & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
closeprocesses:
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\MountPoints2: {4e9eb80c-85cb-11e2-ae6f-3859f9a3fb5a} - G:\SISetup.exe
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\...\MountPoints2: {6e060d74-4423-11e1-9a26-3859f9a3fb5a} - E:\autorun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {2440bcbf-9c91-4498-8f73-8f0c3670ce4d} URL = http://www.findamo.com/search.html?&q={searchTerms}&cid=3975ch=2
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {9478214f-b58f-420c-ad87-239923bf3c27} URL = http://www.searchshock.com/search.html?&q={searchTerms}&cid=3975
SearchScopes: HKU\S-1-5-21-3498601666-3105869778-635197538-1000 -> {f3c71182-38f2-49dc-8244-7b07c078ccf9} URL = http://www.findamo.com/search.html?&q={searchTerms}&cid=3975ch=2
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
FF NewTab: hxxp://www.findamo.com?&cid=3975ch=2
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: Sense - C:\Users\Miroslav Maričić\AppData\Roaming\Mozilla\Firefox\Profiles\rlwtyu0w.default\Extensions\e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.com [2015-02-01]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe http://isearch.omiga-plus.com/?type=sc&ts=1422.....X61R7B7EDB
S2 mailUpdate; C:\ProgramData\MailUpdate\mailUpdate.exe -service [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S2 SPDRIVER_1489.0.0.0; \??\C:\Program Files\ShopperPro\JSDriver\1489.0.0.0\jsdrv.sys [X]
2015-02-01 14:51 - 2015-02-01 14:51 - 00000000 ____D () C:\Program Files\1acf32df-b1fe-4175-996d-52aaa728b99a
2015-02-01 14:50 - 2015-02-01 14:50 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
C:\Users\Miroslav Maričić\pkcs11wrapper_32.dll
Task: C:\Windows\Tasks\CIIAYI.job => C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\CIIAYI.exe <==== ATTENTION
Task: C:\Windows\Tasks\UERRV.job => C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\UERRV.exe <==== ATTENTION
C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\CIIAYI.exe
C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\UERRV.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:3B71D0B4
AlternateDataStreams: C:\Users\Miroslav Maričić\Documents\Re_ Računarski sistemi.eml:OECustomProperty
*****************

Processes closed successfully.
"HKU\S-1-5-21-3498601666-3105869778-635197538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e9eb80c-85cb-11e2-ae6f-3859f9a3fb5a}" => Key deleted successfully.
HKCR\CLSID\{4e9eb80c-85cb-11e2-ae6f-3859f9a3fb5a} => Key not found.
"HKU\S-1-5-21-3498601666-3105869778-635197538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e060d74-4423-11e1-9a26-3859f9a3fb5a}" => Key deleted successfully.
HKCR\CLSID\{6e060d74-4423-11e1-9a26-3859f9a3fb5a} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3498601666-3105869778-635197538-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3498601666-3105869778-635197538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2440bcbf-9c91-4498-8f73-8f0c3670ce4d}" => Key deleted successfully.
HKCR\CLSID\{2440bcbf-9c91-4498-8f73-8f0c3670ce4d} => Key not found.
"HKU\S-1-5-21-3498601666-3105869778-635197538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9478214f-b58f-420c-ad87-239923bf3c27}" => Key deleted successfully.
HKCR\CLSID\{9478214f-b58f-420c-ad87-239923bf3c27} => Key not found.
"HKU\S-1-5-21-3498601666-3105869778-635197538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{f3c71182-38f2-49dc-8244-7b07c078ccf9}" => Key deleted successfully.
HKCR\CLSID\{f3c71182-38f2-49dc-8244-7b07c078ccf9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found.
Firefox newtab deleted successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml => Moved successfully.
C:\Users\Miroslav Maričić\AppData\Roaming\Mozilla\Firefox\Profiles\rlwtyu0w.default\Extensions\e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.com => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => Value was restored successfully.
mailUpdate => Service not found.
pccsmcfd => Service deleted successfully.
SPDRIVER_1489.0.0.0 => Service deleted successfully.
C:\Program Files\1acf32df-b1fe-4175-996d-52aaa728b99a => Moved successfully.
C:\Users\Public\Documents\ShopperPro => Moved successfully.
C:\Users\Miroslav Maričić\pkcs11wrapper_32.dll => Moved successfully.
C:\Windows\Tasks\CIIAYI.job => Moved successfully.
C:\Windows\Tasks\UERRV.job => Moved successfully.
"C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\CIIAYI.exe" => File/Directory not found.
"C:\Users\Miroslav Mariý˙iý˙\AppData\Roaming\UERRV.exe" => File/Directory not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":3B71D0B4" ADS removed successfully.
C:\Users\Miroslav Maričić\Documents\Re_ Računarski sistemi.eml => ":OECustomProperty" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 23:38:30 ====

Позз

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno. Ima li poboljsanja?

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Сад је све у реду, колико видим. Мозила више не избацује рекламе, изгледа да си ми решио проблем.
Хвала! Ziveli

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Урадићу то. Хвала још једном!

Ko je trenutno na forumu
 

Ukupno su 1143 korisnika na forumu :: 35 registrovanih, 7 sakrivenih i 1101 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, Atomski čoban, bobomicek, bojankrstc, bufanje, Dimitrise93, DonRumataEstorski, Dorcolac, DPera, draganca, Duh sa sekirom, Dvojac005, FileFinder, FOX, goxin, HrcAk47, Karla, Kibice, kjkszpj, Kubovac, ladro, laurusri, LUDI, mercedesamg, MikeHammer, Misirac, nemkea71, pein, Pikac-47, Romibrat, Sirius, Srle993, Sumadija34, vathra, VJ