Provjera

1

Provjera

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Pozdrav forumasi,
Htio bih da provjerim moj laptop da slucajno nema koji virus

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Banjo (administrator) on BANJO-PC on 23-02-2015 18:19:52
Running from C:\Users\Banjo\Desktop
Loaded Profiles: Banjo (Available profiles: Banjo)
Platform: Microsoft Windows 7 Professional (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
() C:\Program Files\HSDPA USB MODEM\USB Modem.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6310984 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-02-23] (AVAST Software)
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff275d-384c-11e4-a39a-78acc05c1280} - F:\AutoRun.exe
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff276c-384c-11e4-a39a-78acc05c1280} - H:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\..\Interfaces\{CE86A9F7-2FB6-41A6-B373-BF24DE2811E1}: [NameServer] 213.133.3.5 213.133.3.10
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1417.....8FYF074EJX

FireFox:
========
FF ProfilePath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
FF Homepage: www.google.co.uk
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\8gubbzjz.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-23]

Chrome:
=======
CHR HomePage: Default -> https://www.google.co.uk/
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR Profile: C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]
CHR Extension: (YouTube) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google Search) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Sheets) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Avast Online Security) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Gmail) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-02-23] (Avast Software)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [203848 2013-02-19] (Realtek Semiconductor)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [484352 2014-12-07] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-02-23] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2015-02-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-02-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-02-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-02-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-02-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2015-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-02-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-02-23] ()
R3 qcusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [97408 2007-10-16] (Mobile Connector)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-02-23] (Avast Software)
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 BTMUSB; System32\Drivers\btmusb.sys [X]
S3 cpuz136; \??\C:\Users\Banjo\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 gHidPnp; System32\Drivers\gHidPnp.Sys [X]
S3 gMouUsb; system32\DRIVERS\gMouUsb.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 18:19 - 2015-02-23 18:20 - 00013811 _____ () C:\Users\Banjo\Desktop\FRST.txt
2015-02-23 18:19 - 2015-02-23 18:19 - 00000000 ____D () C:\FRST
2015-02-23 18:17 - 2015-02-23 18:19 - 01126912 _____ (Farbar) C:\Users\Banjo\Desktop\FRST.exe
2015-02-23 18:11 - 2015-02-23 18:11 - 00000000 ____D () C:\Windows\ERUNT
2015-02-23 18:08 - 2015-02-23 18:08 - 00000197 _____ () C:\Windows\system32\2015-02-23-17-08-32.046-AvastVBoxSVC.exe-2928.log
2015-02-23 18:04 - 2015-02-23 18:04 - 00001233 _____ () C:\Windows\unins000.dat
2015-02-23 18:04 - 2015-02-23 18:03 - 01180529 _____ () C:\Windows\unins000.exe
2015-02-23 17:49 - 2015-02-23 17:49 - 00000247 _____ () C:\Windows\system32\2015-02-23-16-49-45.035-aswFe.exe-3136.log
2015-02-23 17:40 - 2015-02-23 17:49 - 00000247 _____ () C:\Windows\system32\2015-02-23-16-40-41.079-aswFe.exe-1144.log
2015-02-23 17:40 - 2015-02-23 17:40 - 00000197 _____ () C:\Windows\system32\2015-02-23-16-40-38.028-AvastVBoxSVC.exe-1344.log
2015-02-23 17:35 - 2015-02-23 17:35 - 00002075 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk
2015-02-23 17:35 - 2015-02-23 17:35 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\AVAST Software
2015-02-23 17:35 - 2015-02-23 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-23 17:34 - 2015-02-23 17:33 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-23 17:34 - 2015-02-23 17:33 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-23 17:33 - 2015-02-23 17:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-23 17:32 - 2015-02-23 17:32 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-23 17:31 - 2015-02-23 17:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-23 17:01 - 2015-02-23 17:07 - 05040384 _____ (AVAST Software) C:\Users\Banjo\Downloads\avastclear.exe
2015-02-23 14:36 - 2015-02-23 14:36 - 00000197 _____ () C:\Windows\system32\2015-02-23-13-36-33.013-AvastVBoxSVC.exe-2488.log
2015-02-22 01:13 - 2015-02-22 01:13 - 00000197 _____ () C:\Windows\system32\2015-02-22-00-13-26.011-AvastVBoxSVC.exe-2384.log
2015-02-21 00:27 - 2015-02-21 00:37 - 09052192 _____ (Cheat Engine ) C:\Users\Banjo\Downloads\CheatEngine64.exe
2015-02-19 21:52 - 2015-02-19 21:59 - 05325208 _____ (Piriform Ltd) C:\Users\Banjo\Downloads\ccsetup502.exe
2015-02-19 16:16 - 2015-02-19 16:16 - 00000197 _____ () C:\Windows\system32\2015-02-19-15-16-41.091-AvastVBoxSVC.exe-2352.log
2015-02-18 21:44 - 2015-02-18 21:44 - 00000197 _____ () C:\Windows\system32\2015-02-18-20-44-09.046-AvastVBoxSVC.exe-2312.log
2015-02-17 15:09 - 2015-02-17 15:09 - 00000197 _____ () C:\Windows\system32\2015-02-17-14-09-16.041-AvastVBoxSVC.exe-2252.log
2015-02-16 22:22 - 2015-02-16 22:22 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-02-12 16:15 - 2015-02-12 16:15 - 00000197 _____ () C:\Windows\system32\2015-02-12-15-15-03.082-AvastVBoxSVC.exe-2368.log
2015-02-11 11:27 - 2015-02-11 11:27 - 00000197 _____ () C:\Windows\system32\2015-02-11-10-27-25.057-AvastVBoxSVC.exe-2328.log
2015-02-11 11:03 - 2015-02-11 11:03 - 00000197 _____ () C:\Windows\system32\2015-02-11-10-03-20.043-AvastVBoxSVC.exe-3036.log
2015-02-10 12:52 - 2015-02-10 12:52 - 00000197 _____ () C:\Windows\system32\2015-02-10-11-52-13.096-AvastVBoxSVC.exe-2392.log
2015-02-09 10:18 - 2015-02-09 10:18 - 00000197 _____ () C:\Windows\system32\2015-02-09-09-18-46.033-AvastVBoxSVC.exe-3312.log
2015-02-08 20:44 - 2015-02-08 20:44 - 00000000 ____D () C:\Users\Banjo\Desktop\New folder
2015-02-08 20:35 - 2015-02-08 20:36 - 00000197 _____ () C:\Windows\system32\2015-02-08-19-35-55.078-AvastVBoxSVC.exe-2604.log
2015-02-08 19:11 - 2015-02-08 20:14 - 00000000 ____D () C:\Users\Banjo\Desktop\Kaca
2015-02-08 18:07 - 2015-02-08 18:07 - 00000197 _____ () C:\Windows\system32\2015-02-08-17-07-33.089-AvastVBoxSVC.exe-2668.log
2015-02-06 17:26 - 2015-02-06 17:26 - 00000197 _____ () C:\Windows\system32\2015-02-06-16-26-46.039-AvastVBoxSVC.exe-2628.log
2015-02-06 11:59 - 2015-02-06 11:59 - 00000197 _____ () C:\Windows\system32\2015-02-06-10-59-17.048-AvastVBoxSVC.exe-2604.log
2015-02-05 11:15 - 2015-02-05 11:15 - 00000197 _____ () C:\Windows\system32\2015-02-05-10-15-07.024-AvastVBoxSVC.exe-3604.log
2015-02-03 10:33 - 2015-02-03 10:33 - 00000197 _____ () C:\Windows\system32\2015-02-03-09-33-18.079-AvastVBoxSVC.exe-2216.log
2015-02-02 20:31 - 2015-02-02 20:31 - 00000197 _____ () C:\Windows\system32\2015-02-02-19-31-44.099-AvastVBoxSVC.exe-2212.log
2015-02-02 20:24 - 2015-02-02 20:24 - 00000197 _____ () C:\Windows\system32\2015-02-02-19-24-51.013-AvastVBoxSVC.exe-2752.log
2015-02-02 20:06 - 2015-02-02 20:07 - 00000000 ____D () C:\Users\Banjo\AppData\Local\Ahead
2015-02-02 20:04 - 2015-02-02 20:07 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\Ahead
2015-02-02 20:04 - 2015-02-02 20:04 - 00000000 ____D () C:\ProgramData\Ahead
2015-02-02 19:48 - 2015-02-02 19:48 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-02-02 19:48 - 2015-02-02 19:48 - 00000000 ____D () C:\ProgramData\Baidu
2015-02-02 19:47 - 2015-02-08 20:07 - 00000000 ____D () C:\Program Files\FreeTime
2015-02-02 19:47 - 2015-02-02 19:47 - 00000197 _____ () C:\Windows\system32\2015-02-02-18-47-44.032-AvastVBoxSVC.exe-2424.log
2015-02-01 20:52 - 2015-02-01 20:52 - 00000197 _____ () C:\Windows\system32\2015-02-01-19-52-37.007-AvastVBoxSVC.exe-3384.log
2015-02-01 18:49 - 2015-02-01 18:49 - 00000979 _____ () C:\Users\Banjo\Desktop\HSDPA USB MODEM.lnk
2015-02-01 18:49 - 2015-02-01 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HSDPA USB MODEM
2015-02-01 18:49 - 2015-02-01 18:49 - 00000000 ____D () C:\Program Files\HSDPA USB MODEM
2015-02-01 18:24 - 2015-02-01 18:24 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-02-01 18:24 - 2015-02-01 18:24 - 00001908 _____ () C:\Windows\diagerr.xml
2015-02-01 15:18 - 2015-02-01 15:18 - 00000197 _____ () C:\Windows\system32\2015-02-01-14-18-08.012-AvastVBoxSVC.exe-2688.log
2015-02-01 13:59 - 2015-02-01 13:59 - 00000197 _____ () C:\Windows\system32\2015-02-01-12-59-17.043-AvastVBoxSVC.exe-3668.log
2015-02-01 12:32 - 2015-02-01 12:32 - 00000247 _____ () C:\Windows\system32\2015-02-01-11-32-05.017-aswFe.exe-4368.log
2015-02-01 12:20 - 2015-02-01 12:20 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-27 15:25 - 2015-01-27 15:26 - 00000000 ____D () C:\Users\Banjo\Documents\GTA Vice City User Files
2015-01-27 14:43 - 2015-01-27 15:18 - 00000000 ____D () C:\Users\Banjo\Desktop\TESTOVI ZA POLAGANJE VOZACKOG
2015-01-27 14:43 - 2015-01-27 14:43 - 00000990 _____ () C:\Users\Banjo\Desktop\Counter-Strike 1.6.lnk
2015-01-27 14:43 - 2015-01-27 14:43 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2015-01-27 14:43 - 2015-01-27 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2015-01-27 14:41 - 2015-01-27 14:43 - 00000000 ____D () C:\Program Files\Counter-Strike 1.6
2015-01-26 23:54 - 2015-01-27 01:31 - 00000000 ____D () C:\Users\Banjo\Downloads\Counter Strike 1.6
2015-01-26 22:41 - 2015-01-26 22:41 - 00000923 _____ () C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2015-01-26 22:22 - 2015-01-26 22:22 - 00000000 ____D () C:\ProgramData\APN
2015-01-25 21:04 - 2015-01-25 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 21:01 - 2015-02-23 18:06 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 21:01 - 2015-02-23 17:06 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 19:40 - 2015-02-13 21:14 - 00000000 ____D () C:\Users\Banjo\Desktop\Ouija (2014)
2015-01-25 19:30 - 2015-02-04 16:14 - 00000000 ____D () C:\Users\Banjo\Desktop\Bogo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 18:13 - 2009-07-14 05:34 - 00012656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 18:13 - 2009-07-14 05:34 - 00012656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 18:12 - 2015-01-14 16:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 18:09 - 2014-01-25 14:37 - 02010290 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 18:06 - 2014-12-07 01:32 - 00002434 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user.job
2015-02-23 18:06 - 2014-12-07 01:32 - 00002434 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00005172 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00004482 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00004146 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00002098 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00000982 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00000636 _____ () C:\Windows\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b.job
2015-02-23 18:06 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 18:05 - 2015-01-14 17:21 - 00004076 _____ () C:\Windows\setupact.log
2015-02-23 18:05 - 2015-01-14 17:20 - 00864894 _____ () C:\Windows\PFRO.log
2015-02-23 17:02 - 2014-01-25 14:41 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 16:02 - 2014-11-18 19:07 - 00000000 ____D () C:\Users\Banjo\Desktop\Igrice & Programi
2015-02-23 01:36 - 2014-12-07 01:31 - 00000986 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-22 10:54 - 2009-07-14 05:53 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-19 22:00 - 2015-01-14 16:47 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 22:22 - 2015-01-14 16:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-16 22:22 - 2015-01-14 16:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-13 21:10 - 2014-01-25 16:07 - 00000000 ____D () C:\Users\Banjo\Desktop\FILMOVI
2015-02-08 18:13 - 2014-09-12 23:05 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\uTorrent
2015-02-01 19:35 - 2014-01-25 15:15 - 00000000 ____D () C:\Windows\system32\SupportAppCB
2015-02-01 19:35 - 2014-01-25 14:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-01 18:24 - 2015-01-14 17:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 15:25 - 2014-01-31 08:18 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 15:18 - 2014-10-21 19:10 - 00000000 ____D () C:\Users\Banjo\Desktop\MUZIKA
2015-01-25 21:04 - 2014-07-13 22:49 - 00000000 ____D () C:\Program Files\Google
2015-01-25 21:04 - 2014-07-13 20:52 - 00000000 ____D () C:\Users\Banjo\AppData\Local\Google
2015-01-25 20:57 - 2014-01-25 14:36 - 00001373 _____ () C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

==================== Files in the root of some directories =======

2014-11-01 11:19 - 2014-11-01 11:26 - 0000411 _____ () C:\Users\Banjo\AppData\Roaming\LiveSupport.exe_log.txt
2014-12-07 01:31 - 2014-12-07 01:31 - 1520608 _____ (HDPlus-3.1TotalV05.12) C:\Users\Banjo\AppData\Roaming\OGAM.exe
2014-01-25 20:37 - 2014-01-25 20:37 - 0138056 _____ () C:\Users\Banjo\AppData\Roaming\PnkBstrK.sys
2014-11-01 11:19 - 2014-11-01 11:48 - 0000086 _____ () C:\Users\Banjo\AppData\Roaming\regsvr32.exe_log.txt
2015-01-15 00:53 - 2015-01-15 00:53 - 0024701 _____ () C:\Users\Banjo\AppData\Roaming\UserTile.png
2014-12-07 01:31 - 2014-12-07 01:31 - 2004448 _____ (HDPlus-3.1TotalV05.12) C:\Users\Banjo\AppData\Roaming\ZOPTBW.exe
2014-03-02 17:10 - 2014-06-09 12:30 - 0004608 _____ () C:\Users\Banjo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Banjo\AppData\Local\Temp\mgwz.dll
C:\Users\Banjo\AppData\Local\Temp\ochelper.exe
C:\Users\Banjo\AppData\Local\Temp\utt3F08.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 17:35

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

Unaprijed Hvala Ziveli Ziveli

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

WindowsMangerProtect20.0.0.1277




Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff275d-384c-11e4-a39a-78acc05c1280} - F:\AutoRun.exe
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff276c-384c-11e4-a39a-78acc05c1280} - H:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1417.....8FYF074EJX
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\8gubbzjz.default\extensions\faststartff@gmail.com
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [484352 2014-12-07] (Fuyu LIMITED) [File not signed]
Task: {12AF6B7A-1D2E-4353-BEDF-E30CEA0F03A6} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-2.exe <==== ATTENTION
Task: {2E69C7BE-04A0-4069-8846-6DB0FC9DF3BB} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-11.exe <==== ATTENTION
Task: {32A4134A-779F-4F06-9FC2-12908611A793} - System32\Tasks\{9238B136-BB21-40F1-A869-25817DB1FB5A} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {3E8343BE-9E7A-4ED1-B57A-CA187B46E261} - System32\Tasks\{4226B387-8A0F-49A0-9F56-754B95A04A21} => pcalua.exe -a C:\SWSetdsafsdfdsup\SP49542\Setup.exe -d C:\SWSetdsafsdfdsup\SP49542
Task: {B1219653-2846-4D06-92FB-00C16CC07DF3} - System32\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b => C:\Program Files\TotalPlusHD-3.1V05.12\4b668761-96e2-450d-8bc3-266a3f247e4b.exe <==== ATTENTION
Task: {C142C021-930B-474A-848E-26F581FD4B4A} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-4.exe <==== ATTENTION
Task: {CE2B6206-B2D6-4843-A042-9B78300C5BC4} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D0364C91-7AF2-4D23-AAA8-65D3450A2303} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D5616850-1599-4C40-A51E-A9E8B397080E} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E39AB245-4C69-4236-A382-AD9521E89A1C} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: {E897229E-2652-4711-85E9-865D467B1BFA} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: {EB79A4CE-7038-439E-A4A4-B2E26FDC26DE} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-1.job => C:\Program Files\TotalPlusHD-3.1V05.12\TotalPlusHD-3.1V05.12-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-7.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b.job => C:\Program Files\TotalPlusHD-3.1V05.12\4b668761-96e2-450d-8bc3-266a3f247e4b.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Users\Banjo\AppData\Roaming\ZOPTBW.exe
C:\ProgramData\WindowsMangerProtect
C:\Program Files\globalUpdate
C:\Users\Banjo\AppData\Roaming\OGAM.exe
C:\Program Files\TotalPlusHD-3.1V05.12
C:\Program Files\MyPC Backup
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2015 01
Ran by Banjo at 2015-02-24 17:56:19 Run:1
Running from C:\Users\Banjo\Desktop
Loaded Profiles: Banjo (Available profiles: Banjo)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff275d-384c-11e4-a39a-78acc05c1280} - F:\AutoRun.exe
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff276c-384c-11e4-a39a-78acc05c1280} - H:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1417.....8FYF074EJX
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\8gubbzjz.default\extensions\faststartff@gmail.com
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [484352 2014-12-07] (Fuyu LIMITED) [File not signed]
Task: {12AF6B7A-1D2E-4353-BEDF-E30CEA0F03A6} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-2.exe <==== ATTENTION
Task: {2E69C7BE-04A0-4069-8846-6DB0FC9DF3BB} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-11.exe <==== ATTENTION
Task: {32A4134A-779F-4F06-9FC2-12908611A793} - System32\Tasks\{9238B136-BB21-40F1-A869-25817DB1FB5A} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {3E8343BE-9E7A-4ED1-B57A-CA187B46E261} - System32\Tasks\{4226B387-8A0F-49A0-9F56-754B95A04A21} => pcalua.exe -a C:\SWSetdsafsdfdsup\SP49542\Setup.exe -d C:\SWSetdsafsdfdsup\SP49542
Task: {B1219653-2846-4D06-92FB-00C16CC07DF3} - System32\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b => C:\Program Files\TotalPlusHD-3.1V05.12\4b668761-96e2-450d-8bc3-266a3f247e4b.exe <==== ATTENTION
Task: {C142C021-930B-474A-848E-26F581FD4B4A} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-4.exe <==== ATTENTION
Task: {CE2B6206-B2D6-4843-A042-9B78300C5BC4} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D0364C91-7AF2-4D23-AAA8-65D3450A2303} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D5616850-1599-4C40-A51E-A9E8B397080E} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E39AB245-4C69-4236-A382-AD9521E89A1C} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: {E897229E-2652-4711-85E9-865D467B1BFA} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: {EB79A4CE-7038-439E-A4A4-B2E26FDC26DE} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-1.job => C:\Program Files\TotalPlusHD-3.1V05.12\TotalPlusHD-3.1V05.12-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-7.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b.job => C:\Program Files\TotalPlusHD-3.1V05.12\4b668761-96e2-450d-8bc3-266a3f247e4b.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Users\Banjo\AppData\Roaming\ZOPTBW.exe
C:\ProgramData\WindowsMangerProtect
C:\Program Files\globalUpdate
C:\Users\Banjo\AppData\Roaming\OGAM.exe
C:\Program Files\TotalPlusHD-3.1V05.12
C:\Program Files\MyPC Backup
EmptyTemp:
*****************

"HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ff275d-384c-11e4-a39a-78acc05c1280}" => Key deleted successfully.
HKCR\CLSID\{e2ff275d-384c-11e4-a39a-78acc05c1280} => Key not found.
"HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ff276c-384c-11e4-a39a-78acc05c1280}" => Key deleted successfully.
HKCR\CLSID\{e2ff276c-384c-11e4-a39a-78acc05c1280} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully.
WindowsMangerProtect => Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12AF6B7A-1D2E-4353-BEDF-E30CEA0F03A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12AF6B7A-1D2E-4353-BEDF-E30CEA0F03A6}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E69C7BE-04A0-4069-8846-6DB0FC9DF3BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E69C7BE-04A0-4069-8846-6DB0FC9DF3BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32A4134A-779F-4F06-9FC2-12908611A793}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A4134A-779F-4F06-9FC2-12908611A793}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9238B136-BB21-40F1-A869-25817DB1FB5A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9238B136-BB21-40F1-A869-25817DB1FB5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E8343BE-9E7A-4ED1-B57A-CA187B46E261}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E8343BE-9E7A-4ED1-B57A-CA187B46E261}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4226B387-8A0F-49A0-9F56-754B95A04A21} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4226B387-8A0F-49A0-9F56-754B95A04A21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1219653-2846-4D06-92FB-00C16CC07DF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1219653-2846-4D06-92FB-00C16CC07DF3}" => Key deleted successfully.
C:\Windows\System32\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4b668761-96e2-450d-8bc3-266a3f247e4b" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C142C021-930B-474A-848E-26F581FD4B4A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C142C021-930B-474A-848E-26F581FD4B4A}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2B6206-B2D6-4843-A042-9B78300C5BC4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2B6206-B2D6-4843-A042-9B78300C5BC4}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0364C91-7AF2-4D23-AAA8-65D3450A2303}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0364C91-7AF2-4D23-AAA8-65D3450A2303}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5616850-1599-4C40-A51E-A9E8B397080E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5616850-1599-4C40-A51E-A9E8B397080E}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E39AB245-4C69-4236-A382-AD9521E89A1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E39AB245-4C69-4236-A382-AD9521E89A1C}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E897229E-2652-4711-85E9-865D467B1BFA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E897229E-2652-4711-85E9-865D467B1BFA}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB79A4CE-7038-439E-A4A4-B2E26FDC26DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB79A4CE-7038-439E-A4A4-B2E26FDC26DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-3" => Key deleted successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-1.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-7.job => Moved successfully.
C:\Windows\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\Users\Banjo\AppData\Roaming\ZOPTBW.exe => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
"C:\Program Files\globalUpdate" => File/Directory not found.
C:\Users\Banjo\AppData\Roaming\OGAM.exe => Moved successfully.
"C:\Program Files\TotalPlusHD-3.1V05.12" => File/Directory not found.
"C:\Program Files\MyPC Backup" => File/Directory not found.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:56:38 ====


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Banjo on Tue 02/24/2015 at 23:28:56.33.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Banjo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2/24/2015 23:29:40 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\UnsignedThemesSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\HSDPA USB MODEM\USB Modem.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\vssvc.exe
C:\Users\Banjo\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k SDRSVC

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsrv.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice.exe
R2 - [RtVOsdService] - RtVOsdService Installer - c:\program files\realtek\rtvosd\rtvosdservice.exe
R2 - [UnsignedThemes] - Unsigned Themes - c:\windows\unsignedthemessvc.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amd_sata] - amd_sata - C:\Windows\system32\Drivers\amd_sata.sys
R0 - [amd_xata] - amd_xata - C:\Windows\system32\Drivers\amd_xata.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [AtiPcie] - AMD PCI Express (3GIO) Filter - C:\Windows\system32\Drivers\AtiPcie.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-02-23 17:43:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ativpsrm.bin
2015-02-23 17:04:53 5E89CCEFA790A4318966F49C038EA586 1180529 ----a-w- C:\Windows\unins000.exe
2015-02-23 17:04:53 0D43C5304BED9C84A9F6D1C453654A20 1233 ----a-w- C:\Windows\unins000.dat
2015-02-23 16:33:56 CB00A6ADEBF09A782BF0159A594EB8BF 43152 ----a-w- C:\Windows\avastSS.scr
2015-02-01 17:24:34 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagwrn.xml
2015-02-01 17:24:34 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagerr.xml
====== C:\Users\Banjo\AppData\Local\Temp ====
2015-02-24 17:03:15 C184C29CA97F5307056A32A03C46D0F0 6245888 ----a-w- C:\Users\Banjo\AppData\Local\Temp\AutoDetectUtilApp.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2015-02-23 16:34:08 8E1565ECF357447BC04737619CF010C4 291352 ----a-w- C:\Windows\System32\aswBoot.exe
2015-02-16 21:22:25 252536AC43206F69B785CD0FDE96D813 5070512 ----a-w- C:\Windows\System32\FlashPlayerInstaller.exe
====== C:\Windows\system32\drivers =====
2015-02-23 16:34:50 EE89A22FB9FEC2CCC8A58C3C5D3AAA73 91496 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-02-23 16:34:49 1624D5AD126B8AFE2B2E85E5B8364EB6 423784 ----a-w- C:\Windows\System32\drivers\aswsp.sys
2015-02-23 16:34:49 0E9DC85996E79F3E4F3AEEA44B65468A 206248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-02-23 16:34:48 E452BCDA6AB8EB5A1F7DF7CF06BA92E9 70384 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-02-23 16:34:48 C0E092CBE5644AE4B3C6CD7C5396DF86 24184 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-02-23 16:34:48 BCD184FF4CE25F1006A213C029671FEF 81768 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-02-23 16:34:48 8474B5D0A5AC05AF046DC4EA69FA44DE 49944 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-02-23 16:34:45 E73CBE3420ECFA8FF7D0467E170E335D 787800 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-02-23 16:34:41 32B1B4D92ED72EC649A1CEB47F97F898 26136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
====== C:\Windows\Tasks ======
2015-02-23 16:34:58 E64040270B85912A5E530EFF99DC3D94 4182 ----a-w- C:\Windows\system32\Tasks\avast! Emergency Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-02-23 17:42:46 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-02-23 17:41:14 -------- d-----w- C:\Program Files\ATI
2015-02-02 18:47:46 -------- d-----w- C:\Program Files\FreeTime
2015-02-01 17:49:05 -------- d-----w- C:\Program Files\HSDPA USB MODEM
2015-01-27 13:41:16 -------- d-----w- C:\Program Files\Counter-Strike 1.6
======= C: =====
====== C:\Users\Banjo\AppData\Roaming ======
2015-02-23 17:44:05 -------- d-----w- C:\Users\Banjo\AppData\Roaming\ATI
2015-02-23 17:44:05 -------- d-----w- C:\Users\Banjo\AppData\Local\ATI
2015-02-23 17:37:54 -------- d-----w- C:\Users\Banjo\AppData\Local\WindowsApplication1
2015-02-02 19:06:45 -------- d-----w- C:\Users\Banjo\AppData\Local\Ahead
2015-02-02 19:04:58 -------- d-----w- C:\Users\Banjo\AppData\Roaming\Ahead
2015-01-27 13:43:06 -------- d-----w- C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
====== C:\Users\Banjo ======
2015-02-24 17:02:00 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Banjo\Desktop\AdwCleaner.exe
2015-02-23 17:44:05 -------- d-----w- C:\ProgramData\ATI
2015-02-23 17:42:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-02-23 17:17:55 B87E1E2B84C4EEE3656A0DED4C0B1C43 1127424 ----a-w- C:\Users\Banjo\Desktop\FRST.exe
2015-02-02 19:04:45 -------- d-----w- C:\ProgramData\Ahead
2015-02-02 18:48:34 -------- d-----w- C:\Users\Public\Documents\Baidu
2015-02-02 18:48:34 -------- d-----w- C:\ProgramData\Baidu
2015-02-01 17:49:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HSDPA USB MODEM
2015-01-27 13:43:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

====== C: exe-files ==
2015-02-24 18:25:49 C5FD49B0561203A17BBF947738CB124A 41186896 ----a-w- C:\Program Files\Google\Update\Install\{59DD5687-BFB5-4E29-8A23-D487A9BD4514}\40.0.2214.115_chrome_installer.exe
2015-02-24 18:25:48 C5FD49B0561203A17BBF947738CB124A 41186896 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_chrome_installer.exe
2015-02-24 17:05:01 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-02-24 17:05:01 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-02-24 17:05:01 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-02-24 17:05:01 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-02-24 17:04:57 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-02-24 17:04:56 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-02-24 17:04:56 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-02-24 17:04:56 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-02-24 17:04:52 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\Install\{34F3F759-148C-4A21-B238-19DED3A51762}\GoogleUpdateSetup.exe
2015-02-24 17:04:52 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
2015-02-24 17:03:15 C184C29CA97F5307056A32A03C46D0F0 6245888 ----a-w- C:\Users\Banjo\AppData\Local\Temp\AutoDetectUtilApp.exe
2015-02-24 17:02:00 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Banjo\Desktop\AdwCleaner.exe
2015-02-23 17:33:49 C686023C6B6F9E607C8BFC97E2D5D965 1545207 ----a-w- C:\Users\Banjo\Desktop\Igrice & Programi\Programi\DDUv120-Guru3D.com].exe
2015-02-23 17:17:55 BAD89F8B52E701DD223684F5B63C06BB 1126912 ----a-w- C:\Users\Banjo\Desktop\FRST-OlderVersion\FRST.exe
2015-02-23 17:17:55 B87E1E2B84C4EEE3656A0DED4C0B1C43 1127424 ----a-w- C:\Users\Banjo\Desktop\FRST.exe
2015-02-23 17:04:53 5E89CCEFA790A4318966F49C038EA586 1180529 ----a-w- C:\Windows\unins000.exe
2015-02-23 16:34:08 8E1565ECF357447BC04737619CF010C4 291352 ----a-w- C:\Windows\System32\aswBoot.exe
2015-02-23 16:01:57 D24A2D2FB7D67DEF4DBE06C3304A2BE2 5040384 ----a-w- C:\Users\Banjo\Desktop\Igrice & Programi\Programi\avastclear.exe
2015-02-20 23:27:37 58E286356ED95579127915341D05544A 9052192 ----a-w- C:\Users\Banjo\Desktop\Igrice & Programi\Programi\CheatEngine64.exe
2015-02-19 20:52:26 45D44A7710432FB898BED8EE8CBA10B8 5325208 ----a-w- C:\Users\Banjo\Desktop\Igrice & Programi\Programi\ccsetup502.exe
=== C: other files ==
2015-02-24 17:54:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Banjo\AppData\Local\Temp\gmp-gmpopenh264.zip
2015-02-23 16:34:50 EE89A22FB9FEC2CCC8A58C3C5D3AAA73 91496 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-02-23 16:34:49 1624D5AD126B8AFE2B2E85E5B8364EB6 423784 ----a-w- C:\Windows\System32\drivers\aswsp.sys
2015-02-23 16:34:49 0E9DC85996E79F3E4F3AEEA44B65468A 206248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-02-23 16:34:48 E452BCDA6AB8EB5A1F7DF7CF06BA92E9 70384 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-02-23 16:34:48 C0E092CBE5644AE4B3C6CD7C5396DF86 24184 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-02-23 16:34:48 BCD184FF4CE25F1006A213C029671FEF 81768 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-02-23 16:34:48 8474B5D0A5AC05AF046DC4EA69FA44DE 49944 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-02-23 16:34:45 E73CBE3420ECFA8FF7D0467E170E335D 787800 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-02-23 16:34:41 32B1B4D92ED72EC649A1CEB47F97F898 26136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s"
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"AMD AVT"="Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AMD AVT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AMD AVT"
"hkey"="HKLM"
"command"="Cmd.exe /c start \"AMD Accelerated Video Transcoding device initialization\" /min \"C:\\Program Files\\AMD AVT\\bin\\kdbsync.exe\" aml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BTMTrayAgent"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\Program Files\\Motorola\\Bluetooth\\btmshell.dll\",TrayApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TornTv Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TornTv Downloader"
"hkey"="HKCU"
"command"="C:\\Users\\Banjo\\AppData\\Roaming\\TornTV.com\\Torntv Downloader.exe /c=startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UIExec]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UIExec"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Join Air\\UIExec.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Banjo\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Banjo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TornTvDownloader.lnk]
"path"="C:\\Users\\Banjo\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TornTvDownloader.lnk"
"backup"="C:\\Windows\\pss\\TornTvDownloader.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Banjo\\AppData\\Roaming\\TornTV.com\\TornTV Downloader.exe /c=startup"
"item"="TornTvDownloader"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/16/2015 22:22]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [01/25/2015 21:01]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
user_pref("browser.startup.homepage", "www.google.co.uk");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/23/2015 17:34]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/23/2015 17:33]

ClipMonkey - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Banjo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
Google Slides - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
ClipMonkey - Banjo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 02/24/2015 at 23:32:19.00 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

jhodopgnkbcmfgggehanaepcofglnboh;chr
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Banjo on Wed 02/25/2015 at 16:17:30.33.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Banjo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-02-24-223219.log 27106 bytes

==== Empty Folders Check ======================

C:\Program Files\FreeTime deleted successfully
C:\Users\Banjo\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{107845E0-155A-495C-87BB-2E95B8F8722} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1435992F-89C3-4523-8ED6-D5BF4860723A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{157878C7-3AE1-472D-B14E-D4F3A3FF68B4} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{165CA213-FADB-498F-AD89-5270DD35AB62} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{175BAD96-A1E9-4096-A69A-1514773C3642} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1807477C-1799-4393-8B55-90B33BBD72B8} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{198034BB-ED8D-4F40-BAFD-CB2F4B39A2D7} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B6BD287-F453-4459-B65E-9E17F6220FC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B6F7B64-F652-4D77-9EFC-A5BD4BC3377B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B727E09-8049-4A34-9263-C92BA891782E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B7611C9-2108-4F74-BE85-E5B047EBF1D4} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BEF3453-542F-40ED-A33D-4D987523E66F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C9F556C-F592-40DF-BBDD-A37455AB298} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EA7496F-70D5-4308-A72E-F07BC7C14FD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{217CA805-29AC-436F-8C13-41106D836599} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22BE891D-2802-414E-9ED3-7FC020EB3D59} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{245804C-6412-49BE-B452-943FE687E95C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2862014E-FFC2-4F2C-A7F0-337891295031} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29ADC78F-2CBA-4E1D-BEF8-753B9D746F10} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B300741-2B23-4974-9DEE-4BB9EDA9BD36} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BB700F5-6E87-4973-A925-D9DB27A4FD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E1012F1-38BD-4DEE-B944-AD3F4EB6B1B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EA69DFF-3FD6-443D-9289-3A99975D1F99} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F65E5E7-141E-4F89-AB89-2B889AF092B0} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D925D2-83AD-438F-AC6E-E8C14F4DE4} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{347829ED-53B1-46E8-B579-AF40B9FA2129} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3506610F-4AD5-4EE3-BE2A-B868A146A06A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35B7BC81-7CE7-4833-9539-2878A7D778D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{366539EA-8C51-4CF9-B5DE-98EFDA8467F5} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38AA3EA6-80E7-4C2F-8927-67E5B0D9F64C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{393A9985-2AFA-4320-8043-4918A6F6A78C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39F0CE36-7132-4FAB-8C72-9DCE37A86FEE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A05107E-8E32-404C-813A-4937A5B8C6A6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B161FAE-F780-43FE-9052-33B352443AD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C851BE5-2A4B-4793-B234-89D26F3AB03D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d5c7f15-9a5a-4a41-b7bd-95070c658e32} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D8740B8-BE71-44D4-8AA-3B753CDD5736} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43BDEDC-69E7-46B0-9065-61EB639870E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{442326D0-7E08-4B84-B84C-DCF2777B10F0} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45476650-CEB3-4254-B3B5-3B24BB1361D7} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46412E59-3BE-46FB-A8ED-DEC169218C89} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46A3A4AF-670D-4E38-B6A8-1226E58B84F9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4713ED45-18-4BC4-B41E-14D540C96D19} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4866589B-5BD1-4D64-A8EC-FA385D98F0AF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48F08F93-89BB-4BAC-B691-51B27E9A4AF3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B33D551-C20C-475D-90EE-ABAB6437CE5E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B66468D-B8C2-4A95-86F0-1BA064521871} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B91B03D-702E-473E-A99D-E63513F8559} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BB59E6B-B7B9-4872-A7D1-22C33F1D87} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C064326-F29C-4FD0-96A-48C6C0D93945} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F0BC21B-C24B-49B7-9336-ACFE5FD5F4EF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{505791C4-98FF-4BA5-85AD-3B6E40D03C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5079DF7C-F55A-4278-9AA6-5DE47011F12D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{512E176B-2A31-484D-AF1A-A4E796F2567} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5141CB79-D848-4E9E-98CB-E36D2E54DAA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5180BDBD-5ACC-47F9-B219-74A3DCA9966D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52947AD8-5D9A-4EB4-9DF3-7EEAF639BEE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53105E5D-6847-4380-88BB-D343CD6E7C23} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5460CE6E-A263-41D9-A160-D49CB31C181E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54C156F1-12B5-4501-906A-7F76149A4F6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{585DED9C-53B9-434D-879A-C965D1491FD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5960BF73-7A65-4A89-B513-F37BE946FC1D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A070FD9-A691-4BB7-B639-9623CDA73C20} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B76A36C-3E0D-490F-8D94-398DD18B1865} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C27DAD0-19A3-46FA-8B74-181E3693C41D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C361818-6C75-4FF0-B2D2-A4DB92DCCA93} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E2C7A61-D7E9-4C1A-97F5-A42F2EE8AF69} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F230E08-1BF8-41C0-ABD-347C9C3A8060} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FA4FC9F-C450-4B20-B9CB-10102B6F95BB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{606C816-1D5B-462A-81E0-C6DF98349CD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60922C5F-41F-4637-BBB9-DBB9E2ED85C3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{609EE5EA-DA3F-441D-BA66-B0D864C6F9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6138A18C-D613-48DB-81E4-A9A98677DF2} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6261116E-869F-4FAA-82E0-9AC88D91727} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626F8BBE-122A-4852-A4F0-D214717A6DD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67CEFFB1-27F9-4010-9C9D-B62ABA1835B5} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68CEE57C-2EB0-4A30-A831-98353C2C5079} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69031538-DA88-4A6B-9ED4-B8F241C4662} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69CD53E3-8BFE-4372-BB12-ED82ADB47C8} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69EB3DB8-3456-4613-8B14-E814329DBBE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A239820-C4E5-4AF4-944F-DDD77CD32ECF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B8129A0-7583-4565-BC38-5E29964D463C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CB08CFA-7A26-4BCE-9B9F-FB7A8D7B3DD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D2F59F3-B24D-44DE-8ADF-15EBB5E3C6ED} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E6FC783-39AA-4E7D-BCAF-19AA8AE51B79} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ED7E0E9-EA76-4E9E-8EBE-CC14A329B72} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EF80E9B-A99C-45FB-888C-2DE4959396} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F6007FD-7067-47E7-9367-5BF5B55559} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71804B1-B295-4A64-9486-EEA53CC2FF3E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{719C7483-2012-4FDE-9157-4B9951DFDC3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71EA7D7C-C76-4A4C-9560-C8A6F1E6F9E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7331EEDB-E0CD-410C-951E-7A55B7C4997B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73EABB10-E789-4BE4-81E1-E534036CE92} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75D6349-BB6A-4886-804A-EAA3B567F8B8} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76D7B345-71A9-422B-AA20-CA7CE9345D7C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7714E1E3-101C-44E6-B782-E81CE3A7BDE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A1EEDB-4606-48D4-A998-97ABC4B911AB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78B55-2AA2-4C64-985B-DF7DB233704F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78C35A69-3FE5-4AF1-993-B79FEF5B418D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A55A01F-3DDF-47E9-BA74-E04F45B27B69} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A816C87-F9E0-41D9-9974-9A664A7479D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ABE2E20-1142-403B-8712-497F76E3D644} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7BD255D-3BB6-471A-B416-8CBBB6E748B1} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EC0AE0C-C195-464A-B5B7-F011568CE923} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F13EB90-D34D-42CE-B7AC-DDB1B18A4DF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805662FB-84EC-4E5A-9C3F-7CB36F901D56} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{830CB759-FF57-4686-B3F-364192C75497} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83108BD0-4078-4409-AD40-FB24905FBC2} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{840ACE31-DCAA-4398-82D5-699154118245} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85995557-EF25-4591-BD87-764152B436F1} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86F9F147-E02E-4EBA-911D-EE5C3172E2DC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A2090FA-6FD9-455A-A05F-4F63F2AB2CA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B6865D1-3C6D-4A5C-8D2-364E5E792B3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D353889-1A3D-46AB-A535-A723C9358656} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D60AD03-96FA-4225-8341-C5D43F9682AA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9001E095-F366-4F29-AE19-4D79755FFDF6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{907F4DE9-74CA-4293-AA3D-80117E65503E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{913E5FE8-2BE2-4712-8313-F252CE2D7DB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{920FEDE7-1E5B-41BD-AF8D-6B81A065F1D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9276EDFD-1E3D-47C7-A69F-2572F437E1D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92FB397D-1036-4D2C-9A7E-C075A92AECF3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F38EEF-7D80-4432-B77C-8E9225E6E6CA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9760A63C-9A1A-4481-A427-DEFCE3568CC1} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97AB7A4-DE84-4802-9AD9-F093CE5B0F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FE20CF-FE1A-439E-93B8-F34036996A10} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{990677AE-1F77-4469-9F31-11395D4231BA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C01945A-7858-4E7F-A8A5-C94DE76236DC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F32F03F-8C6F-435B-B12F-1F9491465897} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FBC021C-A73F-401A-9346-8654ABA6EE3B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A064247B-F749-43AD-8B7F-F9DA48F2D3C3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0A33547-1CFE-4DC0-946E-3AC75C65B7C0} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0C8F031-917-4DCD-8598-593D2AC4477A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2587ADC-9E0B-44E1-8467-948B676957B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A272A081-69FD-42E4-985B-E85F4597BA7B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A49F12ED-FB69-461C-B564-B46065B6D1F9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6AB35AC-D95F-41DB-A4E5-87AD8384B56} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7b1bb2a-db73-4c48-8c46-995b50f10d6c} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A875CB82-6A78-4A49-A53B-FD9A1945593C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9B5A297-E3B0-4A3B-8971-4D70335B49F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA5CF03C-4ED0-41AE-8762-199560FFEEEF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AACBB0E6-5058-4746-82F3-8A51D52795DA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACD91799-6643-4264-B4A1-48C0E1FD5D9B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02943F5-52D8-4E21-B193-36C3D98D64A6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02E9E11-B05A-4B1B-A23E-51AFE7CF87ED} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1D09D45-868A-479A-9D20-4AE622E94AD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B22907A8-C122-496E-BBFF-A0F13235599} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2730BAA-8D79-41D2-B8E2-B0DFED65CA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B28663F0-A197-461E-951C-12D877371B33} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2F3DCF5-E930-4B55-8C57-51565276EBA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B434C886-D4B9-4771-B011-79656418242F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B449890E-1A19-4A3C-9996-E2C0C74AFF39} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B887580A-909-4731-84EF-9CD3D9241E2C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9880CDC-5CFD-455D-9BF0-675ADA97E18} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9B438F3-D67D-4F07-8FD1-815DC7D83077} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9DC88C0-DB2B-49F7-A648-6961383C04F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB1E95B4-B785-4CBE-9A69-D7F92FDD5552} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB201C46-8CEE-4220-BBF2-B2A182EBFB58} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC27B48F-623D-419C-ABAF-C1DBD9FFB379} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCB8C481-5CFD-4591-AE76-931CE371288F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD306B3E-65C1-4B00-B1D0-B8E5E882BFD8} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFFF44E2-92B5-46B9-A613-A18A9518201A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0C1F841-1147-4332-A99-14B1AFD87568} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C12E9D04-FDFC-456F-95BC-902FE73B5} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1723E5E-FA34-433B-AFBB-DFDD9F89CAC9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3578358-1854-49B0-8E55-B1283E658A23} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C36A92BF-D847-4043-B0CF-D3C83B1E49AE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4EAF962-DE3B-4CE5-B1F3-A558DEE1B2CE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB19E5DF-86B-48E7-89FB-24747B21EEC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBC7B977-2018-4BF1-A38E-A380C674E97} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC779274-B197-4D7F-AE88-A97CC9BE973} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEAD9198-400-4755-B21-16848C935B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF766E29-AB14-4FA7-AC3B-28A1813F1D76} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFF295FF-4CCF-4C73-AF5E-BEF0ED165AC9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4777811-7CD6-4217-AAA4-9E6911CCAA5} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5171819-C1EE-4BF8-83B5-E64292792B45} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9420441-E1CB-4014-A896-C7F74E542DB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAE0AFDB-AE9C-4665-AD57-941EDC40D711} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC4E336-5E8F-4E3A-A283-CF2941427E65} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E11C9D27-39EA-4E3B-A39-A445FB6B92FD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1EDE0B-3A85-48E5-A925-79862412FCA7} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2739DA-62EE-4395-9919-D0922B06ABE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2B24533-DD33-4C89-B28D-E984695D15BB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E36DDC5D-CB8E-4838-9D80-59C24FE5A49} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3A9FD26-C87F-4ACD-8AAB-265597D14F3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4106406-784D-4E51-9CFF-E828EDA1A57A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E53B8F8D-C853-44B6-A4D8-B44A6E1A7711} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7314DA4-4CAD-4271-B922-5999CD80682B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E76F06D9-58F8-47AA-A3AF-7A835A1D9EA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E84E3A48-42C9-48F0-8FA5-0729646E6CB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9EA7296-CEA4-4087-997A-58283ABD3255} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB2FF11-FA99-457A-B7A-542B4D2E327} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED52844A-67F1-43CF-B17E-89D33D9E8EAD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE11E5E-BFE3-4A8A-A9D0-C61656D8456} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEAAAF15-CFFF-4095-A5AE-90E46D46594} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEFEA177-D181-4DC9-9425-B4C6E433C14F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF582BB6-8CEA-4733-AF89-F0B04CCAD9EF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0160BD8-44B9-450F-B3F9-D064BBFD445A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0770D8F-F47E-4674-AE59-D062A386D510} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0929248-61D1-48AB-91D-DBC36B965D8B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F215AE71-CC95-4944-A6F4-3321C0E2BBD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3BB785E-C93B-4997-A0A3-C427D446A9A6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3C5942B-9715-4F67-AAAB-5BE0FF82C4F2} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3D6AD25-974E-4E27-B011-78E05AC7F8BC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4B29207-E2C4-4AF0-9E52-DE8F97A6E26} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F55397D8-7D91-40D0-AB63-C1D762775256} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6E281FE-AFE-4596-AC61-62253B464BC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F772F1F4-39BD-4693-B2DB-DCE962E8196} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7E3EEF6-F5D-4907-9BBA-AAADD9292935} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9DB01C-24BA-4028-969-706B5611F72} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9E127FD-A99F-4EB6-8B52-13ED3A335BF6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBB956A5-A08E-47B3-88F0-1373B6597D81} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBE99A40-2B70-4474-8E3B-293E452655} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBEC842C-8719-4C54-B954-3F8F99F8AEB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC34B56D-B34A-43F4-ABC9-CFE9F8E3D9D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCE665CC-C1E9-433F-B264-6D69B6A12FB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD89665B-75EC-4216-BDB-90C5465C5F4} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE353B07-C9F-4A64-8534-5A21F5DA76D0} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE53E862-B20A-45DC-A550-6331E391853E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d5c7f15-9a5a-4a41-b7bd-95070c658e32} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7b1bb2a-db73-4c48-8c46-995b50f10d6c} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\FreeTime not found
C:\Program Files\Temp deleted
C:\PROGRA~2\BSD deleted
C:\PROGRA~2\Baidu deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\User deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
user_pref("browser.startup.homepage", "www.google.co.uk");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/23/2015 17:34]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Banjo\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Banjo\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Banjo\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/23/2015 17:33]

Google Slides - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TornTv Downloader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Banjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=8 81701 bytes)

==== Empty Temp Folders ======================

C:\Users\Banjo\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Banjo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Banjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Wed 02/25/2015 at 16:36:21.64 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje sistema?



Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Stanje sistema je odlicno
Laptop koristim samo za gledanje filmova,slusanje muzike,za rad i internet

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.02.25.06
rootkit: v2015.02.25.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Banjo :: BANJO-PC [administrator]

2/25/2015 20:24:20
mbar-log-2015-02-25 (20-24-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 328082
Time elapsed: 17 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Banjo\Desktop\Igrice & Programi\Programi\Nero 7.10.1.0 By M3ZKAL\Nero 7.10.1.0 Keygen.exe (RiskWare.Tool.CK) -> Delete on reboot. [941624fe593116200dd96f0831d19a66]

Physical Sectors Detected: 0
(No malicious items detected)

(end)


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi onda bilo to.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 636 korisnika na forumu :: 9 registrovanih, 1 sakriven i 626 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Dorcolac, esx66, havoc995, milenko crazy north, minmatar34957, pacika, uruk, voja64, zziko