Provera Racunara

1

Provera Racunara

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Napisano: 15 Mar 2014 16:50

1) detaljan opis problema: Provera racunara
2) postavljanje dijagnostičkog izveštaja (log-a, logfile-a);

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Zorica at 16:46:05 on 2014-03-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3562.1122 [GMT 1:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
C:\Windows\system32\WinFLService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\SerialTrunc\bin\utilSerialTrunc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\System32\WinFLTray.exe
C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\SerialTrunc\updateSerialTrunc.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\17.0.1241.53\opera.exe
C:\Program Files\Opera\17.0.1241.53\opera_crashreporter.exe
C:\Program Files\Opera\17.0.1241.53\opera.exe
C:\Program Files\Opera\17.0.1241.53\opera.exe
C:\Program Files\Opera\17.0.1241.53\opera.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Zorica\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - <orphaned>
mWinlogon: Userinit = Userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\zorica\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SerialTrunc: {e76b4f24-4a2f-4e65-ad36-e2aa934e547c} - c:\program files\serialtrunc\SerialTruncbho.dll
uRun: [WinFLTray] c:\windows\system32\WinFLTray.exe
uRun: [FLBackup] c:\program files\newsoftware's\folder lock\FLComServCtrl.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [WinThemePack Logon] "c:\program files\winthemepack\magic the gathering logon screen\tweak.exe" /sequential
uRun: [svchost] regsvr32 /s "C:\Temp:0031ED2C.dat"
mRun: [Fences] "c:\program files\stardock\fences\Fences.exe" /startup
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\zorica\appdata\roaming\micros~1\windows\startm~1\programs\startup\fences.lnk - c:\program files\stardock\fences\Fences.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: LogonType = dword:0
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{13978892-A382-43E0-80F1-D29699EEF638} : DHCPNameServer = 89.216.1.40 89.216.1.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\zorica\appdata\roaming\mozilla\firefox\profiles\pq6l3t1i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\zorica\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\zorica\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-1-31 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-1-12 249112]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-2-6 106264]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-12-15 27416]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2013-9-14 41912]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-5-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-5-18 55160]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-1-19 122136]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2013-9-26 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-2-6 196376]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-12-15 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-12-15 181016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-1-19 194328]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-8-19 242240]
R1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2013-8-24 29184]
R2 avgfws;AVG zaštitni zid;c:\program files\avg\avg2014\avgfws.exe [2014-2-6 1510896]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-2-17 3746112]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-2-6 314048]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\zorica\appdata\roaming\defaulttab\defaulttab\dtupdate.exe [2013-12-10 107520]
R2 FLService;FLService;c:\windows\system32\WinFLService.exe [2013-8-24 92360]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-12-10 583680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\intel\intel(r) management engine components\dal\Jhi_service.exe [2013-8-20 165336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-26 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-26 701512]
R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [2013-8-24 188176]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2013-12-18 1741624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2013-8-20 366040]
R2 Update SerialTrunc;Update SerialTrunc;c:\program files\serialtrunc\updateSerialTrunc.exe [2014-2-26 348960]
R2 Util SerialTrunc;Util SerialTrunc;c:\program files\serialtrunc\bin\utilSerialTrunc.exe [2014-2-27 348960]
R2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2013-8-24 228112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-26 22856]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-8-20 55104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-8-19 514152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2013-12-16 12320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2014-1-10 25728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 hw_usbdev;HUAWEISERSP;c:\windows\system32\drivers\hw_usbdev.sys [2014-1-10 102272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-12 108032]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\intel\icls client\SocketHeciServer.exe [2012-12-10 627744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-2-3 14848]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2013-10-9 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2013-10-9 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2013-10-9 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2013-10-9 114216]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2013-10-9 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2013-10-9 115752]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2014-1-10 108032]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-2-3 49664]
S3 USBET;USB 2.0 WebCAM;c:\windows\system32\drivers\ETdrv.sys [2013-10-5 5116544]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-13 21:11:54 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-03-13 21:11:53 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-03-13 21:10:46 -------- d-----w- c:\users\zorica\appdata\roaming\AVG
2014-03-13 21:02:28 -------- d-----w- c:\programdata\AVG
2014-03-13 21:02:13 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-13 20:41:43 -------- d-----w- c:\users\zorica\appdata\roaming\AVG2014
2014-03-13 20:36:31 -------- d-----w- c:\users\zorica\appdata\roaming\TuneUp Software
2014-03-13 20:26:17 -------- d--h--w- C:\$AVG
2014-03-13 20:26:12 -------- d-----w- c:\programdata\AVG2014
2014-03-13 20:24:08 -------- d-----w- c:\program files\AVG
2014-03-13 20:15:37 -------- d-----w- c:\users\zorica\appdata\local\MFAData
2014-03-13 20:15:37 -------- d-----w- c:\users\zorica\appdata\local\Avg2014
2014-03-13 20:15:37 -------- d-----w- c:\programdata\MFAData
2014-03-12 17:31:32 -------- d---a-w- C:\Temp
2014-03-12 11:43:21 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 11:43:19 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 11:43:14 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 11:43:13 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-11 07:47:49 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5d9f9d3d-adaa-4393-b825-1091607d8afb}\mpengine.dll
2014-03-04 13:08:34 -------- d-----r- c:\program files\Skype
2014-02-27 20:47:50 -------- d-----w- c:\program files\SerialTrunc
2014-02-27 20:47:13 -------- d-----w- c:\users\zorica\appdata\roaming\YourFileDownloader
2014-02-16 18:03:31 -------- d-----w- c:\program files\Plus-HD-8.1
2014-02-16 18:02:49 -------- d-----w- c:\programdata\DAEMON Tools Lite
.
==================== Find3M ====================
.
2014-03-12 17:38:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 17:38:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-06 15:33:54 196376 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-31 10:41:48 149272 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-01-28 16:15:09 24 ----a-w- c:\windows\clofghls.dll
2014-01-19 22:32:40 194328 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-01-19 22:20:32 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-01-12 22:27:24 249112 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-01-10 21:18:33 25728 ----a-w- c:\windows\system32\drivers\smhwadb.sys
2014-01-10 21:18:33 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2014-01-10 21:18:33 108032 ----a-w- c:\windows\system32\drivers\smhwser.sys
2014-01-10 21:18:33 100864 ----a-w- c:\windows\system32\drivers\smhwdev.sys
2014-01-10 21:16:43 102272 ----a-w- c:\windows\system32\drivers\hw_usbdev.sys
2013-12-24 23:09:41 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 08:56:47 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 20:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 05:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-15 22:20:00 181016 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-12-15 22:09:44 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-12-15 22:09:42 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
============= FINISH: 16:47:23,53 ===============
https://www.mycity.rs/must-login.png

Dopuna: 15 Mar 2014 17:03

EDIT: Postoje 2. problema takodje koja me muce, pa zato je otvorena tema.
Prvi problem je da, kada mi je ukljucen Facebook na jednom tabu, a na drugom Youtube, dolazi do seckanja na youtube, naravno uradio sam sa CCleaner-om ciscenje, ali isti problem je u pitanju, a trebalo bi fino da radi youtube jer za ovu konfiguraciju, mora da radi ! Smile
-Drugi problem je dugo ukljucivanje iako su u MSCONFIG iskljucio sve nepotrebne pograme.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.


Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.


dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Zorica (administrator) on ZORICA-PC on 15-03-2014 17:36:53
Running from C:\Users\Zorica\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-

recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-

recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-

use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
(New Softwares.net) C:\Windows\system32\WinFLService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL

\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware

\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
() C:\Program Files\SerialTrunc\bin\utilSerialTrunc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
( New Softwares.net) C:\Windows\System32\WinFLTray.exe
(New Softwares.net) C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
( New Softwares.net) C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS

\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS

\UNS.exe
() C:\Program Files\SerialTrunc\updateSerialTrunc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Users\Zorica\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Fences] - C:\Program Files\Stardock\Fences\Fences.exe [4017368 2012-10-29]

(Stardock Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [5317136 2014-02-11]

(AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe

[280576 2013-08-31] (Microsoft Corporation)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [WinFLTray] - C:\Windows

\system32\WinFLTray.exe [321736 2013-08-24] ( New Softwares.net)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [FLBackup] - C:\Program

Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2013-08-24] (New

Softwares.net)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [MCShield Monitor] - C:

\Program Files\MCShield\mcshieldrtm.exe [650816 2014-02-02] (MyCity)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [WinThemePack Logon] - C:

\Program Files\WinThemePack\Magic The Gathering Logon Screen\tweak.exe [10429625

2013-03-31] (WinThemePack.com)
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [svchost] - regsvr32 /s "C:

\Temp:0031ED2C.dat"
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: H - H:

\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {008568f6-5dac-

11e3-99a8-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {0d3daa76-7b61-

11e3-8c12-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {42bad087-0900-

11e3-a3a0-d43d7e4ab2df} - F:\autorun.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {65d7dc21-79ce-

11e3-a804-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {76ce668e-7631-

11e3-93b3-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {a28f77e1-8c37-

11e3-9b57-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {b8028c90-7a4d-

11e3-9928-d43d7e4ab2df} - E:\PcOptions.exe
Startup: C:\Users\Zorica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files\Stardock\Fences\Fences.exe (Stardock

Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =

0xADC2A13B0D9DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =

sr-rs
URLSearchHook: HKCU - (No Name) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =

http://www.buenosearch.com/?q={searchTerms}

&babsrc=SP_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
SearchScopes: HKCU - {1361FF91-724F-4925-863D-55DE8F15A8D9} URL =

http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program

Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:

\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users

\Zorica\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft

Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SerialTrunc - {e76b4f24-4a2f-4e65-ad36-e2aa934e547c} - C:\Program Files\SerialTrunc

\SerialTruncbho.dll (SerialTrunc)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files

\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default
FF user.js: detected! => C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles

\pq6l3t1i.default\user.js
FF NewTab: hxxp://www.buenosearch.com/?

babsrc=NT_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
FF Homepage: hxxp://www.buenosearch.com/?

babsrc=HP_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash

\NPSWF32_12_0_0_77.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files\Intel

\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R)

Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin

\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin

\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight

\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:

\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:

\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

(NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision

\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update

\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update

\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe

Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Zorica

\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: Plus-HD-8.1 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles

\pq6l3t1i.default\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-

9e3f-77394107f67c.com [2014-03-13]
FF Extension: Torntv V6.0 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles

\pq6l3t1i.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-

9d98-ae5838c5b707.com [2014-01-28]
FF Extension: uTControlTEST5 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles

\pq6l3t1i.default\Extensions\{56ecbd8d-d7f7-4e92-8bf1-77cdfb71c50a} [2013-12-27]
FF Extension: Default Tab - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles

\pq6l3t1i.default\Extensions\addon@defaulttab.com.xpi [2013-12-10]
FF Extension: GoPhotoIt - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles

\pq6l3t1i.default\Extensions\gophoto@gophoto.it.xpi [2013-08-08]
FF Extension: SerialTrunc - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles

\pq6l3t1i.default\Extensions\{47351c22-0d6c-4658-a617-795d251145e2}.xpi [2014-02-26]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-

6DE9-405D-BD5E-43525BDAD38A} [2014-02-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions

\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-24]

Chrome:
=======
CHR Extension: (Mario Forever DM) - C:\Users\Zorica\AppData\Local\Google\Chrome\User

Data\Default\Extensions\ikgjcmfodgjkcgimppbdnkmdhmepjckc [2014-03-13]
CHR Extension: (DefaultTab) - C:\Users\Zorica\AppData\Local\Google\Chrome\User Data

\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2014-03-13]
CHR Extension: (Google новчаник) - C:\Users\Zorica\AppData\Local\Google\Chrome\User

Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (GoPhoto.it) - C:\Users\Zorica\AppData\Local\Google\Chrome\User Data

\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2014-03-13]
CHR HKLM\...\Chrome\Extension: [ikgjcmfodgjkcgimppbdnkmdhmepjckc] - C:\Users\Zorica

\AppData\Local\CRE\ikgjcmfodgjkcgimppbdnkmdhmepjckc.crx [2013-11-03]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files

\DefaultTab\DefaultTab.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Zorica

\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files

\Gophoto.it\gophotoit16.crx [2013-08-08]
CHR HKCU\...\Chrome\Extension: [ikgjcmfodgjkcgimppbdnkmdhmepjckc] - C:\Users\Zorica

\AppData\Local\CRE\ikgjcmfodgjkcgimppbdnkmdhmepjckc.crx [2013-11-03]

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1510896 2014-02-06] (AVG

Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3746112 2014-02-17]

(AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [314048 2014-02-06] (AVG

Technologies CZ, s.r.o.)
R2 DefaultTabUpdate; C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe

[107520 2013-12-10] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client

\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client

\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL

\jhi_service.exe [165336 2013-01-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

[418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512

2013-04-04] (Malwarebytes Corporation)
S2 pr2ah4nc; C:\Windows\system32\pr2ah4nc.exe [407152 2007-05-18] (CODEMASTERS)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

[1741624 2013-12-18] (AVG)
R2 Update SerialTrunc; C:\Program Files\SerialTrunc\updateSerialTrunc.exe [348960 2014-03

-15] ()
R2 Util SerialTrunc; C:\Program Files\SerialTrunc\bin\utilSerialTrunc.exe [348960 2014-03-15]

()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [25728 2014-01-10] (Google Inc)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-01-19] (AVG

Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG

Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [196376 2014-02-06]

(AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2014-01-31] (AVG

Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2013-12-15] (AVG

Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [181016 2013-12-15] (AVG

Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [249112 2014-01-12] (AVG

Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [106264 2014-02-06] (AVG

Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2013-12-15] (AVG

Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [194328 2014-01-19] (AVG

Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-08-19] (DT

Soft Ltd)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [41912 2010-07-22] (FSPro Labs)
S3 hw_usbdev; C:\Windows\System32\DRIVERS\hw_usbdev.sys [102272 2014-01-10] (Huawei

Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04]

(Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-13] (Intel Corporation)
R2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2013-08-24] ()
R0 pe3ah4nc; C:\Windows\System32\drivers\pe3ah4nc.sys [64880 2007-05-18]

(CODEMASTERS)
R0 ps6ah4nc; C:\Windows\System32\drivers\ps6ah4nc.sys [55160 2007-05-18]

(CODEMASTERS)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI

Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI

Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI

Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI

Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI

Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI

Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI

Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI

Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI

Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI

Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI

Corporation)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [108032 2014-01-10] (QUALCOMM

Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys

[12320 2013-12-16] (TuneUp Software)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-29] (Etron)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-08-24] ()
S3 MSICDSetup; \??\G:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X]
S3 PBDOWNFORCE_SERVICE; \??\C:\Users\Zorica\AppData\Local\Temp\PHQF97F.tmp [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\Zorica\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 17:36 - 2014-03-15 17:37 - 00019049 _____ () C:\Users\Zorica\Downloads\FRST.txt
2014-03-15 17:36 - 2014-03-15 17:36 - 01145856 _____ (Farbar) C:\Users\Zorica\Downloads

\FRST.exe
2014-03-15 17:36 - 2014-03-15 17:36 - 00000000 ____D () C:\FRST
2014-03-15 17:34 - 2014-03-15 17:34 - 00013980 _____ () C:\Users\Zorica\Downloads

\289830_1724353748_attach.txt
2014-03-15 16:47 - 2014-03-15 16:47 - 00020124 _____ () C:\Users\Zorica\Desktop\dds.txt
2014-03-15 16:45 - 2014-03-15 16:45 - 00688992 ____R (Swearware) C:\Users\Zorica

\Downloads\dds (1).scr
2014-03-15 16:35 - 2006-03-02 15:33 - 00000000 ____D () C:\Users\Zorica\Downloads\Pinout
2014-03-15 16:34 - 2014-03-15 16:34 - 03100868 _____ () C:\Users\Zorica\Downloads

\14015_1017673869_Pinout_3_0_1_51.exe
2014-03-14 14:52 - 2014-03-14 14:52 - 00073420 _____ () C:\Windows\PFRO.log
2014-03-14 07:31 - 2014-03-15 17:33 - 00001391 _____ () C:\Windows\setupact.log
2014-03-14 07:31 - 2014-03-14 07:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 22:11 - 2014-03-13 22:11 - 00002171 _____ () C:\Users\Public\Desktop\AVG 1-Click

Maintenance.lnk
2014-03-13 22:11 - 2014-03-13 22:11 - 00002145 _____ () C:\Users\Public\Desktop\AVG PC

TuneUp 2014.lnk
2014-03-13 22:11 - 2013-12-18 09:38 - 00036152 _____ (AVG) C:\Windows

\system32\TURegOpt.exe
2014-03-13 22:11 - 2013-12-18 09:38 - 00025400 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-03-13 22:10 - 2014-03-13 22:10 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\AVG
2014-03-13 22:02 - 2014-03-13 22:34 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-

4706-A62E-774BB7E9D308}
2014-03-13 22:02 - 2014-03-13 22:28 - 00000000 ____D () C:\ProgramData\AVG
2014-03-13 22:00 - 2014-03-13 22:02 - 78353832 _____ (AVG) C:\Users\Zorica\Downloads

\avg_tuh_stf_all_2014_295_24c34.exe
2014-03-13 21:41 - 2014-03-13 21:41 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\AVG2014
2014-03-13 21:36 - 2014-03-13 21:36 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-13 21:36 - 2014-03-13 21:36 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\TuneUp Software
2014-03-13 21:26 - 2014-03-13 21:54 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-13 21:26 - 2014-03-13 21:26 - 00000000 ___HD () C:\$AVG
2014-03-13 21:24 - 2014-03-13 22:07 - 00000000 ____D () C:\Program Files\AVG
2014-03-13 21:15 - 2014-03-15 16:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-13 21:15 - 2014-03-14 09:31 - 00000000 ____D () C:\Users\Zorica\AppData\Local

\Avg2014
2014-03-13 21:15 - 2014-03-13 21:15 - 00000000 ____D () C:\Users\Zorica\AppData\Local

\MFAData
2014-03-12 12:44 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows

\system32\mshtml.dll
2014-03-12 12:44 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows

\system32\mshtml.tlb
2014-03-12 12:44 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollectorres.dll
2014-03-12 12:44 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows

\system32\iesetup.dll
2014-03-12 12:44 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwproxystub.dll
2014-03-12 12:44 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows

\system32\iertutil.dll
2014-03-12 12:44 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows

\system32\jsproxy.dll
2014-03-12 12:44 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows

\system32\iernonce.dll
2014-03-12 12:44 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows

\system32\ieui.dll
2014-03-12 12:44 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows

\system32\ieUnatt.exe
2014-03-12 12:44 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollector.exe
2014-03-12 12:44 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows

\system32\jscript9diag.dll
2014-03-12 12:44 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows

\system32\MsSpellCheckingFacility.exe
2014-03-12 12:44 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows

\system32\ie4uinit.exe
2014-03-12 12:44 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows

\system32\msrating.dll
2014-03-12 12:44 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows

\system32\jscript9.dll
2014-03-12 12:44 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows

\system32\msfeeds.dll
2014-03-12 12:44 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows

\system32\inetcpl.cpl
2014-03-12 12:44 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows

\system32\ieframe.dll
2014-03-12 12:44 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows

\system32\wininet.dll
2014-03-12 12:44 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows

\system32\urlmon.dll
2014-03-12 12:44 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows

\system32\ieapfltr.dll
2014-03-12 12:44 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows

\system32\qedit.dll
2014-03-12 12:43 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows

\system32\win32k.sys
2014-03-12 12:43 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows

\system32\WindowsCodecs.dll
2014-03-12 12:43 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows

\system32\wer.dll
2014-03-12 12:43 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows

\system32\wwansvc.dll
2014-03-10 14:14 - 2014-03-10 14:16 - 00000000 ____D () C:\Users\Zorica\Desktop\ogi slike
2014-03-10 14:07 - 2014-03-10 14:07 - 00000000 ____D () C:\Users\Zorica\Desktop\slike
2014-03-05 14:44 - 2014-03-15 14:49 - 00000932 _____ () C:\Windows\Tasks

\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000UA.job
2014-03-05 14:44 - 2014-03-15 14:49 - 00000910 _____ () C:\Windows\Tasks

\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000Core.job
2014-03-04 14:08 - 2014-03-04 14:08 - 00000000 ___RD () C:\Program Files\Skype
2014-03-04 14:08 - 2014-03-04 14:08 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-28 12:26 - 2014-02-28 12:26 - 00001034 _____ () C:\Users\Public\Desktop\MCShield

Real-Time Monitor.lnk
2014-02-27 21:47 - 2014-02-28 12:24 - 00000000 ____D () C:\Program Files\SerialTrunc
2014-02-27 21:47 - 2014-02-27 21:47 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\YourFileDownloader
2014-02-24 14:18 - 2014-02-24 14:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-20 16:35 - 2014-02-28 21:05 - 00000000 ____D () C:\Users\Zorica\Desktop\sklike
2014-02-17 19:00 - 2014-02-20 16:35 - 00000000 ___RD () C:\Users\Zorica\Desktop\ogi
2014-02-16 19:03 - 2014-03-14 09:50 - 00000000 ____D () C:\Program Files\Plus-HD-8.1
2014-02-16 19:02 - 2014-02-16 19:02 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-02-13 13:13 - 2014-02-13 13:13 - 00000000 ____D () C:\Users\Zorica\AppData\Local

\Codemasters
2014-02-13 01:38 - 2014-02-13 01:38 - 00000000 ____D () C:\Users\Public\Documents

\Codemasters

==================== One Month Modified Files and Folders =======

2014-03-15 17:37 - 2014-03-15 17:36 - 00019049 _____ () C:\Users\Zorica\Downloads\FRST.txt
2014-03-15 17:36 - 2014-03-15 17:36 - 01145856 _____ (Farbar) C:\Users\Zorica\Downloads

\FRST.exe
2014-03-15 17:36 - 2014-03-15 17:36 - 00000000 ____D () C:\FRST
2014-03-15 17:34 - 2014-03-15 17:34 - 00013980 _____ () C:\Users\Zorica\Downloads

\289830_1724353748_attach.txt
2014-03-15 17:34 - 2013-10-21 11:30 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\Skype
2014-03-15 17:33 - 2014-03-14 07:31 - 00001391 _____ () C:\Windows\setupact.log
2014-03-15 17:17 - 2013-08-19 19:53 - 00000886 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineUA.job
2014-03-15 17:10 - 2013-09-26 22:13 - 01711473 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 16:47 - 2014-03-15 16:47 - 00020124 _____ () C:\Users\Zorica\Desktop\dds.txt
2014-03-15 16:45 - 2014-03-15 16:45 - 00688992 ____R (Swearware) C:\Users\Zorica

\Downloads\dds (1).scr
2014-03-15 16:38 - 2013-08-19 19:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player

Updater.job
2014-03-15 16:34 - 2014-03-15 16:34 - 03100868 _____ () C:\Users\Zorica\Downloads

\14015_1017673869_Pinout_3_0_1_51.exe
2014-03-15 16:20 - 2014-03-13 21:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-15 16:19 - 2013-09-08 21:14 - 00000378 _____ () C:\Windows\Tasks\update-sys.job
2014-03-15 14:49 - 2014-03-05 14:44 - 00000932 _____ () C:\Windows\Tasks

\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000UA.job
2014-03-15 14:49 - 2014-03-05 14:44 - 00000910 _____ () C:\Windows\Tasks

\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000Core.job
2014-03-15 14:30 - 2013-09-08 21:14 - 00000378 _____ () C:\Windows\Tasks\update-S-1-5-21-

2861581720-2204672646-155532148-1000.job
2014-03-15 13:25 - 2013-12-10 17:24 - 00001108 __RSH () C:\Users\Zorica\ntuser.pol
2014-03-15 13:25 - 2013-08-19 19:38 - 00000000 ____D () C:\Users\Zorica
2014-03-15 09:50 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 09:50 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 09:47 - 2013-09-30 10:00 - 00000000 ____D () C:\ProgramData\MCShield
2014-03-15 09:47 - 2013-08-19 19:53 - 00000882 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineCore.job
2014-03-15 09:45 - 2013-08-19 19:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-15 09:45 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 14:52 - 2014-03-14 14:52 - 00073420 _____ () C:\Windows\PFRO.log
2014-03-14 10:02 - 2014-01-28 10:35 - 00000000 ____D () C:\Program Files\Torntv V6.0
2014-03-14 09:50 - 2014-02-16 19:03 - 00000000 ____D () C:\Program Files\Plus-HD-8.1
2014-03-14 09:31 - 2014-03-13 21:15 - 00000000 ____D () C:\Users\Zorica\AppData\Local

\Avg2014
2014-03-14 09:30 - 2013-10-26 06:11 - 00000000 ____D () C:\Users\Zorica\Desktop\Games
2014-03-14 07:31 - 2014-03-14 07:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-14 03:47 - 2013-08-19 19:41 - 00000000 ___HD () C:\Program Files\InstallShield

Installation Information
2014-03-14 03:41 - 2013-08-29 17:08 - 00000000 ____D () C:\Users\Zorica\AppData\Local\Unity
2014-03-13 22:34 - 2014-03-13 22:02 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-

4706-A62E-774BB7E9D308}
2014-03-13 22:30 - 2013-11-26 19:41 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\Winamp
2014-03-13 22:30 - 2013-08-19 20:04 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\DAEMON Tools Pro
2014-03-13 22:29 - 2013-08-19 19:56 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\uTorrent
2014-03-13 22:28 - 2014-03-13 22:02 - 00000000 ____D () C:\ProgramData\AVG
2014-03-13 22:18 - 2013-08-20 05:10 - 00000000 ____D () C:\Windows\Panther
2014-03-13 22:11 - 2014-03-13 22:11 - 00002171 _____ () C:\Users\Public\Desktop\AVG 1-Click

Maintenance.lnk
2014-03-13 22:11 - 2014-03-13 22:11 - 00002145 _____ () C:\Users\Public\Desktop\AVG PC

TuneUp 2014.lnk
2014-03-13 22:10 - 2014-03-13 22:10 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\AVG
2014-03-13 22:07 - 2014-03-13 21:24 - 00000000 ____D () C:\Program Files\AVG
2014-03-13 22:02 - 2014-03-13 22:00 - 78353832 _____ (AVG) C:\Users\Zorica\Downloads

\avg_tuh_stf_all_2014_295_24c34.exe
2014-03-13 21:54 - 2014-03-13 21:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-13 21:41 - 2014-03-13 21:41 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\AVG2014
2014-03-13 21:36 - 2014-03-13 21:36 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-13 21:36 - 2014-03-13 21:36 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\TuneUp Software
2014-03-13 21:26 - 2014-03-13 21:26 - 00000000 ___HD () C:\$AVG
2014-03-13 21:15 - 2014-03-13 21:15 - 00000000 ____D () C:\Users\Zorica\AppData\Local

\MFAData
2014-03-13 21:14 - 2014-01-13 12:17 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\AVAST Software
2014-03-13 21:14 - 2013-08-19 20:10 - 00000000 ____D () C:\ProgramData\Alwil Software
2014-03-13 21:14 - 2013-08-19 20:10 - 00000000 ____D () C:\Program Files\Alwil Software
2014-03-13 21:14 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2014-03-12 18:38 - 2013-08-19 19:59 - 00692616 _____ (Adobe Systems Incorporated) C:

\Windows\system32\FlashPlayerApp.exe
2014-03-12 18:38 - 2013-08-19 19:59 - 00071048 _____ (Adobe Systems Incorporated) C:

\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 17:38 - 2009-07-14 05:33 - 00409784 _____ () C:\Windows

\system32\FNTCACHE.DAT
2014-03-12 17:37 - 2014-02-03 14:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 14:16 - 2013-09-24 14:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 13:46 - 2013-09-04 13:30 - 00000000 ____D () C:\Users\Zorica\Documents\Images
2014-03-10 14:16 - 2014-03-10 14:14 - 00000000 ____D () C:\Users\Zorica\Desktop\ogi slike
2014-03-10 14:07 - 2014-03-10 14:07 - 00000000 ____D () C:\Users\Zorica\Desktop\slike
2014-03-09 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-06 22:44 - 2013-09-08 21:14 - 00000443 _____ () C:\Users\Zorica\AppData\Local

\UserProducts.xml
2014-03-06 22:44 - 2013-09-08 21:14 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\LightShot
2014-03-05 14:44 - 2013-08-24 19:29 - 00000000 ____D () C:\Users\Zorica\AppData\Local

\Facebook
2014-03-04 20:19 - 2013-08-19 19:54 - 00002131 _____ () C:\Users\Public\Desktop\Google

Chrome.lnk
2014-03-04 14:08 - 2014-03-04 14:08 - 00000000 ___RD () C:\Program Files\Skype
2014-03-04 14:08 - 2014-03-04 14:08 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-04 14:08 - 2013-08-19 23:14 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-04 14:08 - 2013-08-19 23:14 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 23:49 - 2013-08-19 19:55 - 00000000 ____D () C:\Program Files\Opera
2014-03-01 05:30 - 2014-03-12 12:44 - 17074688 _____ (Microsoft Corporation) C:\Windows

\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-12 12:44 - 02724864 _____ (Microsoft Corporation) C:\Windows

\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-12 12:44 - 00004096 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-12 12:44 - 00061952 _____ (Microsoft Corporation) C:\Windows

\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-12 12:44 - 00051200 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 12:44 - 02168320 _____ (Microsoft Corporation) C:\Windows

\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-12 12:44 - 00043008 _____ (Microsoft Corporation) C:\Windows

\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 12:44 - 00032768 _____ (Microsoft Corporation) C:\Windows

\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-12 12:44 - 00440832 _____ (Microsoft Corporation) C:\Windows

\system32\ieui.dll
2014-03-01 04:38 - 2014-03-12 12:44 - 00112128 _____ (Microsoft Corporation) C:\Windows

\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-12 12:44 - 00108032 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-12 12:44 - 00553472 _____ (Microsoft Corporation) C:\Windows

\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-12 12:44 - 00646144 _____ (Microsoft Corporation) C:\Windows

\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-12 12:44 - 00208896 _____ (Microsoft Corporation) C:\Windows

\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-12 12:44 - 00164864 _____ (Microsoft Corporation) C:\Windows

\system32\msrating.dll
2014-03-01 04:14 - 2014-03-12 12:44 - 04244480 _____ (Microsoft Corporation) C:\Windows

\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-12 12:44 - 00524288 _____ (Microsoft Corporation) C:\Windows

\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 12:44 - 01964032 _____ (Microsoft Corporation) C:\Windows

\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 12:44 - 11266048 _____ (Microsoft Corporation) C:\Windows

\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-12 12:44 - 01820160 _____ (Microsoft Corporation) C:\Windows

\system32\wininet.dll
2014-03-01 03:27 - 2014-03-12 12:44 - 01156096 _____ (Microsoft Corporation) C:\Windows

\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-12 12:44 - 00703488 _____ (Microsoft Corporation) C:\Windows

\system32\ieapfltr.dll
2014-02-28 21:05 - 2014-02-20 16:35 - 00000000 ____D () C:\Users\Zorica\Desktop\sklike
2014-02-28 12:26 - 2014-02-28 12:26 - 00001034 _____ () C:\Users\Public\Desktop\MCShield

Real-Time Monitor.lnk
2014-02-28 12:26 - 2013-09-30 10:00 - 00000000 ____D () C:\Program Files\MCShield
2014-02-28 12:24 - 2014-02-27 21:47 - 00000000 ____D () C:\Program Files\SerialTrunc
2014-02-28 12:24 - 2013-09-07 10:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance

Service
2014-02-28 12:23 - 2013-08-19 20:01 - 00000000 ____D () C:\Program Files\Winrar
2014-02-27 21:47 - 2014-02-27 21:47 - 00000000 ____D () C:\Users\Zorica\AppData\Roaming

\YourFileDownloader
2014-02-24 14:18 - 2014-02-24 14:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-20 20:00 - 2013-08-19 19:42 - 00782470 _____ () C:\Windows

\system32\PerfStringBackup.INI
2014-02-20 16:35 - 2014-02-17 19:00 - 00000000 ___RD () C:\Users\Zorica\Desktop\ogi
2014-02-17 17:23 - 2014-01-24 18:51 - 00000000 ____D () C:\Users\Zorica\Desktop\sam u kuci

2,3 - Copy
2014-02-16 19:02 - 2014-02-16 19:02 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-02-16 19:01 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-02-13 13:13 - 2014-02-13 13:13 - 00000000 ____D () C:\Users\Zorica\AppData\Local

\Codemasters
2014-02-13 08:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-13 07:22 - 2013-08-19 19:52 - 00109672 _____ () C:\Users\Zorica\AppData\Local

\GDIPFONTCACHEV1.DAT
2014-02-13 01:38 - 2014-02-13 01:38 - 00000000 ____D () C:\Users\Public\Documents

\Codemasters
2014-02-13 01:13 - 2014-02-12 20:04 - 00000000 ____D () C:\Program Files\Codemasters

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat


Some content of TEMP:
====================
C:\Users\Zorica\AppData\Local\Temp\htmlayout.dll
C:\Users\Zorica\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Zorica\AppData\Local\Temp\uninstall21131489.exe
C:\Users\Zorica\AppData\Local\Temp\uninstall21131505.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 09:05

==================== End Of Log ============================
https://www.mycity.rs/must-login.png
Izvoli. Smile

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Okaci mi prvi log uz poruku, iz nekog razloga je lose kopirano. Znaci FRST.txt.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

https://www.mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Deinstaliraj sledece:

Ask Toolbar Updater
DefaultTab
Torntv V6.0
TuneUp




Arrow

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Start
Play Now Radio (HKCU\...\playnowradio) (Version:  - playnowradio) <==== ATTENTION
Plus-HD-8.1 (HKLM\...\Plus-HD-8.1) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION
Torntv V6.0 (HKLM\...\Torntv V6.0) (Version: 1.34.1.21 - installdaddy) <==== ATTENTION
Task: {A5D739A0-2CA6-429D-87AD-A93CD60196E9} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {ED45E413-192B-45B4-BC71-EEA134EB5906} - System32\Tasks\DTReg => C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\DTReg.exe [2014-02-06] (Search Results, LLC) <==== ATTENTION
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:srv
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Tiny download manager => "C:\Users\Zorica\AppData\Local\DM\TinyDM.exe" /M
2013-03-31] (WinThemePack.com)HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [svchost] - regsvr32 /s "C:\Temp:0031ED2C.dat"
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: H - H:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {008568f6-5dac-11e3-99a8-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {0d3daa76-7b61-11e3-8c12-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {42bad087-0900-11e3-a3a0-d43d7e4ab2df} - F:\autorun.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {65d7dc21-79ce-11e3-a804-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {76ce668e-7631-11e3-93b3-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {a28f77e1-8c37-11e3-9b57-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {b8028c90-7a4d-11e3-9928-d43d7e4ab2df} - E:\PcOptions.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
SearchScopes: HKCU - {1361FF91-724F-4925-863D-55DE8F15A8D9} URL = http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
FF Homepage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: Plus-HD-8.1 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com [2014-03-13]
FF Extension: Torntv V6.0 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com [2014-01-28]
FF Extension: uTControlTEST5  - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{56ecbd8d-d7f7-4e92-8bf1-77cdfb71c50a} [2013-12-27]
FF Extension: Default Tab - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\addon@defaulttab.com.xpi [2013-12-10]
FF Extension: SerialTrunc - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{47351c22-0d6c-4658-a617-795d251145e2}.xpi [2014-02-26]
CHR Extension: (DefaultTab) - C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2014-03-13]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2013-10-07]
R2 Update SerialTrunc; C:\Program Files\SerialTrunc\updateSerialTrunc.exe [348960 2014-03-15] ()
R2 Util SerialTrunc; C:\Program Files\SerialTrunc\bin\utilSerialTrunc.exe [348960 2014-03-15] ()
R2 DefaultTabUpdate; C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe [107520 2013-12-10] ()
End

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Sitem restortovan, evo izvestaja.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Zorica at 2014-03-15 18:45:17 Run:1
Running from D:\FRSTI
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Play Now Radio (HKCU\...\playnowradio) (Version: - playnowradio) <==== ATTENTION
Plus-HD-8.1 (HKLM\...\Plus-HD-8.1) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION
Torntv V6.0 (HKLM\...\Torntv V6.0) (Version: 1.34.1.21 - installdaddy) <==== ATTENTION
Task: {A5D739A0-2CA6-429D-87AD-A93CD60196E9} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {ED45E413-192B-45B4-BC71-EEA134EB5906} - System32\Tasks\DTReg => C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\DTReg.exe [2014-02-06] (Search Results, LLC) <==== ATTENTION
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:srv
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Tiny download manager => "C:\Users\Zorica\AppData\Local\DM\TinyDM.exe" /M
2013-03-31] (WinThemePack.com)HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\Run: [svchost] - regsvr32 /s "C:\Temp:0031ED2C.dat"
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: H - H:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {008568f6-5dac-11e3-99a8-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {0d3daa76-7b61-11e3-8c12-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {42bad087-0900-11e3-a3a0-d43d7e4ab2df} - F:\autorun.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {65d7dc21-79ce-11e3-a804-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {76ce668e-7631-11e3-93b3-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {a28f77e1-8c37-11e3-9b57-d43d7e4ab2df} - E:\PcOptions.exe
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\...\MountPoints2: {b8028c90-7a4d-11e3-9928-d43d7e4ab2df} - E:\PcOptions.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
SearchScopes: HKCU - {1361FF91-724F-4925-863D-55DE8F15A8D9} URL = http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
FF Homepage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=CCBED43D7E4AB2DF&affID=128235&tsp=5171
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: Plus-HD-8.1 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com [2014-03-13]
FF Extension: Torntv V6.0 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com [2014-01-28]
FF Extension: uTControlTEST5 - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{56ecbd8d-d7f7-4e92-8bf1-77cdfb71c50a} [2013-12-27]
FF Extension: Default Tab - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\addon@defaulttab.com.xpi [2013-12-10]
FF Extension: SerialTrunc - C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{47351c22-0d6c-4658-a617-795d251145e2}.xpi [2014-02-26]
CHR Extension: (DefaultTab) - C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2014-03-13]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2013-10-07]
R2 Update SerialTrunc; C:\Program Files\SerialTrunc\updateSerialTrunc.exe [348960 2014-03-15] ()
R2 Util SerialTrunc; C:\Program Files\SerialTrunc\bin\utilSerialTrunc.exe [348960 2014-03-15] ()
R2 DefaultTabUpdate; C:\Users\Zorica\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe [107520 2013-12-10] ()
End
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5D739A0-2CA6-429D-87AD-A93CD60196E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5D739A0-2CA6-429D-87AD-A93CD60196E9} => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile DownloaderUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED45E413-192B-45B4-BC71-EEA134EB5906} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED45E413-192B-45B4-BC71-EEA134EB5906} => Key deleted successfully.
C:\Windows\System32\Tasks\DTReg => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => Key deleted successfully.
C:\Temp => ":pid1" ADS removed successfully.
C:\Temp => ":pid2" ADS removed successfully.
C:\Temp => ":srv" ADS removed successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.

========= MSCONFIG\startupApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe" =========

The system cannot find the path specified.


========= End of Reg: =========


========= MSCONFIG\startupTiny download manager => "C:\Users\Zorica\AppData\Local\DM\TinyDM.exe" /M =========

The system cannot find the path specified.


========= End of Reg: =========

"C:\Temp:0031ED2C.dat"" => File/Directory not found.
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2861581720-2204672646-155532148-1000 => Key not found.
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008568f6-5dac-11e3-99a8-d43d7e4ab2df} => Key deleted successfully.
HKCR\CLSID\{008568f6-5dac-11e3-99a8-d43d7e4ab2df} => Key not found.
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d3daa76-7b61-11e3-8c12-d43d7e4ab2df} => Key deleted successfully.
HKCR\CLSID\{0d3daa76-7b61-11e3-8c12-d43d7e4ab2df} => Key not found.
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42bad087-0900-11e3-a3a0-d43d7e4ab2df} => Key deleted successfully.
HKCR\CLSID\{42bad087-0900-11e3-a3a0-d43d7e4ab2df} => Key not found.
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65d7dc21-79ce-11e3-a804-d43d7e4ab2df} => Key deleted successfully.
HKCR\CLSID\{65d7dc21-79ce-11e3-a804-d43d7e4ab2df} => Key not found.
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ce668e-7631-11e3-93b3-d43d7e4ab2df} => Key deleted successfully.
HKCR\CLSID\{76ce668e-7631-11e3-93b3-d43d7e4ab2df} => Key not found.
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a28f77e1-8c37-11e3-9b57-d43d7e4ab2df} => Key deleted successfully.
HKCR\CLSID\{a28f77e1-8c37-11e3-9b57-d43d7e4ab2df} => Key not found.
HKU\S-1-5-21-2861581720-2204672646-155532148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8028c90-7a4d-11e3-9928-d43d7e4ab2df} => Key deleted successfully.
HKCR\CLSID\{b8028c90-7a4d-11e3-9928-d43d7e4ab2df} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1361FF91-724F-4925-863D-55DE8F15A8D9} => Key not found.
HKCR\Wow6432Node\CLSID\{1361FF91-724F-4925-863D-55DE8F15A8D9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key not found.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com => Moved successfully.
C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com => Moved successfully.
C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{56ecbd8d-d7f7-4e92-8bf1-77cdfb71c50a} => Moved successfully.
C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\addon@defaulttab.com.xpi => not found.
C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default\Extensions\{47351c22-0d6c-4658-a617-795d251145e2}.xpi => Moved successfully.
C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc => Key not found.
"C:\Program Files\DefaultTab\DefaultTab.crx" => File/Directory not found.
Update SerialTrunc => Unable to stop service
Update SerialTrunc => Service deleted successfully.
Util SerialTrunc => Unable to stop service
Util SerialTrunc => Service deleted successfully.
DefaultTabUpdate => Service not found.


The system needed a reboot.

==== End of Fixlog ====

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Zorica on sub 15.03.2014 at 19:09:19,04.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\yoek\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

15.3.2014 19:10:25 Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Zorica\AppData\Local\Temp ====
2014-03-15 17:25:11 FF36DB9B1D2C31B69A2FF9F3302AD9C1 123744 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\npTestNetscapePlugIn.dll
2014-03-15 17:25:11 FE663EB781427A74B7BA0580B5291C01 2197856 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\launcher_lib.dll
2014-03-15 17:25:11 93E39287EA6223F80419CED7509A1C81 774496 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\msvcr100.dll
2014-03-15 17:25:11 7BADAAA902C197CEFAC5D4290D596739 421728 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\msvcp100.dll
2014-03-15 17:25:11 55EF42F2C0C48E932FEC3497254887C1 908640 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\libGLESv2.dll
2014-03-15 17:25:11 460E2177CF4DFF259591B0208304B4C6 108896 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\libEGL.dll
2014-03-15 17:25:11 29557D9E90D5D82F204CCB3EDDAEB588 109408 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\opera.dll
2014-03-15 17:25:11 1D5BF3935BD0726B8ECE8CE90D1C8520 2959712 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\osmesa.dll
2014-03-15 17:25:10 F0D5ECEC8CEB98E6ED5DFFFAF888F4B1 895328 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\ffmpegsumo.dll
2014-03-15 17:25:10 DFCC2AB70366974030BA252A2736B3D6 73568 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\wow_helper.exe
2014-03-15 17:25:10 CC259EAC3815F599F16D6FB564EF519B 3222880 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\d3dcompiler_46.dll
2014-03-15 17:25:10 A732F6C2F0CF19E6824831F541E0A83E 2244448 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\opera_autoupdate.exe
2014-03-15 17:25:10 9A2EE74633C4C43FFF22409AFCDB85C7 10093408 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\icudt.dll
2014-03-15 17:25:10 3FD13BCA61C39F699C5A42ACEF1C603A 1380192 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\opera_crashreporter.exe
2014-03-15 17:25:09 D5206DAB58A8743519D366BE1A353C23 1598304 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\launcher.exe
2014-03-15 17:25:09 3A7AA5C007EE6DB6AE0C1E24C947A6F7 46141792 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\opera.exe
2014-03-15 17:24:11 46FBFD914BF3F2F088207D42C62396D1 34727504 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\Opera_20.0.1387.77_Autoupdate.exe
2014-03-14 06:29:39 0D0AE1B62B9A50C65A3934E5A6CF5CE5 34827424 ----a-w- C:\Users\Zorica\AppData\Local\Temp\SkypeSetup.exe
2014-03-14 02:43:21 F6278B5A16F830885B184D5F72E1B935 947200 ----a-w- C:\Users\Zorica\AppData\Local\Temp\htmlayout.dll
====== Java Cache =====
====== C:\Windows\system32 =====
2014-03-12 11:44:47 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 11:44:45 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\System32\iernonce.dll
2014-03-12 11:44:45 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-12 11:44:45 3B3EBF6E3C12DFDC6B29CBAC2F5519CC 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-12 11:44:45 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\System32\jsproxy.dll
2014-03-12 11:44:44 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\System32\wininet.dll
2014-03-12 11:44:44 69C9F0607AF94C7162BBD25E222D4E0E 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-12 11:44:44 6744457C09B9B8176CC3ECC2D0EE6580 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 11:44:44 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-03-12 11:44:44 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-12 11:44:43 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\System32\ieui.dll
2014-03-12 11:44:43 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-12 11:44:43 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\System32\iertutil.dll
2014-03-12 11:44:42 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-12 11:44:42 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\System32\mshtml.dll
2014-03-12 11:44:41 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\System32\msfeeds.dll
2014-03-12 11:44:41 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-12 11:44:41 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\System32\urlmon.dll
2014-03-12 11:44:40 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-12 11:44:40 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\System32\msrating.dll
2014-03-12 11:44:40 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-12 11:44:40 35523AF349702302EBC08D0D83661A78 208896 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-03-12 11:44:39 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\System32\ieframe.dll
2014-03-12 11:43:21 7CC38741B8F68F1E0D5D79DA6123666A 185344 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 11:43:19 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 11:43:14 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 11:43:13 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\System32\wer.dll
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
2014-03-05 13:44:35 76630901D31484EEC2FB282B818D2731 3910 ----a-w- C:\Windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000UA
2014-03-05 13:44:35 64429EA520808F52C4A4F2B5E4A48BF5 932 ----a-w- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000UA.job
2014-03-05 13:44:34 ADAEADDA48A3DC4A19869740EB407B2F 3542 ----a-w- C:\Windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000Core
2014-03-05 13:44:34 27CFC8BF9FA47D3CB40D6C39736C6306 910 ----a-w- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000Core.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-15 17:31:55 -------- d-----w- C:\Program Files\VS Revo Group
2014-03-13 20:24:08 -------- d-----w- C:\Program Files\AVG
2014-03-04 13:08:34 -------- d-----w- C:\Program Files\Common Files\Skype
2014-03-04 13:08:34 -------- d-----r- C:\Program Files\Skype
2014-02-27 20:47:50 -------- d-----w- C:\Program Files\SerialTrunc
2014-02-16 18:03:31 -------- d-----w- C:\Program Files\Plus-HD-8.1
======= C: =====
====== C:\Users\Zorica\AppData\Roaming ======
2014-03-15 17:31:55 -------- d-----w- C:\Users\Zorica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2014-03-14 23:03:54 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG
2014-03-13 21:10:46 -------- d-----w- C:\Users\Zorica\AppData\Roaming\AVG
2014-03-13 20:41:43 -------- d-----w- C:\Users\Zorica\AppData\Roaming\AVG2014
2014-03-13 20:39:46 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2014
2014-03-13 20:36:31 -------- d-----w- C:\Users\Zorica\AppData\Roaming\TuneUp Software
2014-03-13 20:24:11 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014
2014-03-13 20:15:37 -------- d-----w- C:\Users\Zorica\AppData\Local\Avg2014
2014-02-27 20:47:13 -------- d-----w- C:\Users\Zorica\AppData\Roaming\YourFileDownloader
====== C:\Users\Zorica ======
2014-03-15 17:31:27 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Zorica\Downloads\revosetup.exe
2014-03-15 15:34:54 21276A10865DDDD55994DCBFEA93C9A7 3100868 ----a-w- C:\Users\Zorica\Downloads\14015_1017673869_Pinout_3_0_1_51.exe
2014-03-13 21:02:28 -------- d-----w- C:\ProgramData\AVG
2014-03-13 21:02:13 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-13 20:36:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-03-13 20:26:12 -------- d-----w- C:\ProgramData\AVG2014
2014-03-04 13:08:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-02-16 18:02:49 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

====== C: exe-files ==
2014-03-15 17:45:09 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Zorica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0NYURK1\FRST[1].exe
2014-03-15 17:31:56 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
2014-03-15 17:31:27 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Zorica\Downloads\revosetup.exe
2014-03-15 17:25:10 DFCC2AB70366974030BA252A2736B3D6 73568 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\wow_helper.exe
2014-03-15 17:25:10 A732F6C2F0CF19E6824831F541E0A83E 2244448 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\opera_autoupdate.exe
2014-03-15 17:25:10 3FD13BCA61C39F699C5A42ACEF1C603A 1380192 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\opera_crashreporter.exe
2014-03-15 17:25:09 D5206DAB58A8743519D366BE1A353C23 1598304 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\launcher.exe
2014-03-15 17:25:09 3A7AA5C007EE6DB6AE0C1E24C947A6F7 46141792 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\opera.exe
2014-03-15 17:24:11 46FBFD914BF3F2F088207D42C62396D1 34727504 ----a-w- C:\Users\Zorica\AppData\Local\Temp\CProgram FilesOpera\installing\Opera_20.0.1387.77_Autoupdate.exe
2014-03-15 15:35:07 BF7CA59B44E4668EA3E5D07C963175D2 1374720 ----a-w- C:\Users\Zorica\Downloads\Pinout\PinoutMaster.exe
2014-03-15 15:35:07 B608FCEE1917E83BF4B83FF5CAA38E13 307200 ----a-w- C:\Users\Zorica\Downloads\Pinout\helpers\PAEXT.EXE
2014-03-15 15:35:07 5582BE19B7E2BACA02DC3B3C639D3985 656896 ----a-w- C:\Users\Zorica\Downloads\Pinout\PinoutUpdater.exe
2014-03-15 15:34:54 21276A10865DDDD55994DCBFEA93C9A7 3100868 ----a-w- C:\Users\Zorica\Downloads\14015_1017673869_Pinout_3_0_1_51.exe
2014-03-15 12:28:11 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Zorica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TH91RUBI\SkypeSetupFull[1].exe
2014-03-14 06:29:39 0D0AE1B62B9A50C65A3934E5A6CF5CE5 34827424 ----a-w- C:\Users\Zorica\AppData\Local\Temp\SkypeSetup.exe
2014-03-14 03:20:40 6B2DC0ED17771CF937B83D40C542EA5D 1043744 ----a-w- C:\Users\Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjcmfodgjkcgimppbdnkmdhmepjckc\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe
2014-03-13 20:25:30 6DEFFDDFC20ED1DCB86480240FC76D76 266768 ----a-w- C:\Program Files\AVG\AVG2014\avgndisx.exe
2014-03-12 11:44:45 3B3EBF6E3C12DFDC6B29CBAC2F5519CC 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-12 11:44:44 6744457C09B9B8176CC3ECC2D0EE6580 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 11:44:43 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-12 11:44:40 3A3BEA53F039CE2E997A918E26E30B1D 808152 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-12 11:44:40 35523AF349702302EBC08D0D83661A78 208896 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-03-12 11:44:39 2A0FAE869BC99A460FEFD832F261DCC9 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
=== C: other files ==
2014-03-12 11:43:19 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2861581720-2204672646-155532148-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"="C:\Windows\system32\WinFLTray.exe"
"FLBackup"="C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe"
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"WinThemePack Logon"="C:\Program Files\WinThemePack\Magic The Gathering Logon Screen\tweak.exe /sequential"
"svchost"="regsvr32 /s C:\Temp:0031ED2C.dat"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fences"="C:\Program Files\Stardock\Fences\Fences.exe /startup"
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"="C:\Windows\system32\WinFLTray.exe"
"FLBackup"="C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe"
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"WinThemePack Logon"="C:\Program Files\WinThemePack\Magic The Gathering Logon Screen\tweak.exe /sequential"
"svchost"="regsvr32 /s C:\Temp:0031ED2C.dat"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ApnUpdater"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Ask.com\\Updater\\Updater.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Badoo Desktop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Badoo Desktop"
"hkey"="HKCU"
"command"="C:\\ProgramData\\Badoo\\Badoo Desktop\\1.6.58.1220\\Badoo.Desktop.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Pro Agent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Pro\\DTAgent.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Zorica\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightShot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightShot"
"hkey"="HKCU"
"command"="C:\\Users\\Zorica\\AppData\\Local\\Skillbrains\\lightshot\\Lightshot.exe Flags: uninsdeletevalue"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mobilegeni daemon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Mobogenie\\DaemonProcess.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mylbx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mylbx"
"hkey"="HKLM"
"command"="C:\\Program Files\\My Lockbox\\mylbx.exe /a"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroFilterCheck"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Overwolf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Overwolf"
"hkey"="HKCU"
"command"="C:\\Program Files\\Overwolf\\Overwolf.exe -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\playnowradio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="playnowradio"
"hkey"="HKCU"
"command"="C:\\Users\\Zorica\\AppData\\Local\\playnowradio\\playnowradio\\1.3.3.19\\playnowradio.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI.exe\" -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tiny download manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tiny download manager"
"hkey"="HKCU"
"command"="\"C:\\Users\\Zorica\\AppData\\Local\\DM\\TinyDM.exe\" /M"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateMyDrivers]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateMyDrivers"
"hkey"="HKCU"
"command"="C:\\Program Files\\SmartTweak\\UpdateMyDrivers\\UpdateMyDrivers.exe /ot /as /ss"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateMyDrivers.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateMyDrivers.exe"
"hkey"="HKCU"
"command"="C:\\Program Files\\SmartTweak\\UpdateMyDrivers\\UpdateMyDrivers.exe /ot /as /ss"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Zorica\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"DAEMON Tools Pro Agent"="\"C:\\Program Files\\DAEMON Tools Pro\\DTAgent.exe\" -autorun"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
"WinFLTray"="C:\\Windows\\system32\\WinFLTray.exe"
"Facebook Update"="\"C:\\Users\\Zorica\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"
"Pokki"="C:\\Windows\\system32\\rundll32.exe \"C:\\Users\\Zorica\\AppData\\Local\\Pokki\\Engine\\LaunchDeskband.dll\",RunLaunchDeskband"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"RTHDVCPL"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI.exe -s"
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""


==== Startup Folders ======================

2014-02-03 18:21:35 1998 ----a-w- C:\Users\Zorica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12.03.2014 18:38]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000Core.job --a------ C:\Users\Zorica\AppData\Local\Facebook\Update\FacebookUpdate.exe [05.03.2014 14:44]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000UA.job --a------ C:\Users\Zorica\AppData\Local\Facebook\Update\FacebookUpdate.exe [05.03.2014 14:44]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19.08.2013 19:53]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19.08.2013 19:53]
C:\Windows\tasks\update-S-1-5-21-2861581720-2204672646-155532148-1000.job --a------ C:\Program Files\Skillbrains\Updater\Updater.exe [27.09.2013 12:37]
C:\Windows\tasks\update-sys.job --a------ C:\Program Files\Skillbrains\Updater\Updater.exe [27.09.2013 12:37]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000Core" [C:\Users\Zorica\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2861581720-2204672646-155532148-1000UA" [C:\Users\Zorica\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\RunAsStdUser Task" [C:\Program Files\Pogo Games\PogoDGC.exe]
"C:\Windows\system32\tasks\update-S-1-5-21-2861581720-2204672646-155532148-1000" [C:\Program Files\Skillbrains\Updater\Updater.exe]
"C:\Windows\system32\tasks\update-sys" [C:\Program Files\Skillbrains\Updater\Updater.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default
- GoPhotoIt - %ProfilePath%\extensions\gophoto@gophoto.it.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Zorica\AppData\Roaming\Mozilla\Firefox\Profiles\pq6l3t1i.default
95812430959AE88CDD0301AB3A71913B - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Zorica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ikgjcmfodgjkcgimppbdnkmdhmepjckc - C:\Users\Zorica\AppData\Local\CRE\ikgjcmfodgjkcgimppbdnkmdhmepjckc.crx[03.11.2013 17:57]
kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\Zorica\AppData\Local\Torch\Plugins\TorchPlugin.crx[]
pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files\Gophoto.it\gophotoit16.crx[08.08.2013 13:07]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ikgjcmfodgjkcgimppbdnkmdhmepjckc - C:\Users\Zorica\AppData\Local\CRE\ikgjcmfodgjkcgimppbdnkmdhmepjckc.crx[03.11.2013 17:57]

Mario Forever DM - Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjcmfodgjkcgimppbdnkmdhmepjckc
Google Wallet - Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GoPhoto.it - Zorica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
DefaultTab - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on sub 15.03.2014 at 19:15:46,10 ======================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:


autoclean;
C:\Users\Zorica\AppData\Roaming\YourFileDownloader;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater];r
"command"=-;r
C:\\Program Files\\Ask.com;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Badoo Desktop];r
"command"=-r
C:\\ProgramData\\Badoo\\Badoo Desktop;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon];r
"item"=-;r
"command"=-;r
C:\\Program Files\\Mobogenie;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\playnowradio];r
"item"=-;r
"command"=-;r
C:\\Users\\Zorica\\AppData\\Local\\playnowradio;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tiny download manager];r
"command"=-;r
"item"=;r
C:\\Users\\Zorica\\AppData\\Local\\DM;fs
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc;chr
C:\Users\Zorica\AppData\Local\CRE\ikgjcmfodgjkcgimppbdnkmdhmepjckc.crx;chr
emptyalltemp;
emptyclsid;




Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

Ko je trenutno na forumu
 

Ukupno su 1330 korisnika na forumu :: 32 registrovanih, 10 sakrivenih i 1288 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, amaterSRB, Andrija357, Batinas, bladesu, Boris90, cenejac111, debeli, Dimitrije Paunovic, Dimitrise93, Dorcolac, Georgius, hyla, Karla, kihot, kybonacci, Leonov, Lieutenant, MikeHammer, milenko crazy north, milos.cbr, mrvica78, nemkea71, procesor, Regrut Boskica, royst33, srbijaiznadsvega, Stanlio, stegonosa, Trpe Grozni, vathra, W123