MyCity » Ambulanta -> Arhiva Ambulante » Reklame i sporiji rad racunara

Reklame i sporiji rad racunara

Napisano na dan: 24.2.2015
1

Reklame i sporiji rad racunara
Sledeća strana Pagination

Idi na vrh

Poslao: 24 Feb 2015 14:59
Idi na vrh
offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Ovako u poslednje vreme kad idem na neki sajt ili neku temu na mycity prebaci me na drugi sajt pa sam koristio program adwcleaner i nije resio problem ovako racunar radi solidno al ponekad koci pa hocu da sve proverim.Evo izvestaja

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by KRCO (administrator) on KRCO-PC on 24-02-2015 14:56:06
Running from C:\Users\KRCO\Desktop
Loaded Profiles: KRCO (Available profiles: KRCO)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3989576198-1594049347-3657210406-1001\...\MountPoints2: E - E:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-25]
CHR Extension: (YouTube) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Google Search) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (CS:GO Lounge Bump Bot) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk [2015-01-17]
CHR Extension: (Refresh Monkey) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (ohlencieiipommannpdfcmfdpjjmeolj) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-02-24]
CHR Extension: (Gmail) - C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-25] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [26528 2014-12-24] (REALiX(tm))
S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdm64.sys [543744 2009-06-10] (Agere Systems)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S2 SPDRIVER_1507.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1507.0.0.0\jsdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:56 - 2015-02-24 14:56 - 00011325 _____ () C:\Users\KRCO\Desktop\FRST.txt
2015-02-24 14:55 - 2015-02-24 14:56 - 00000000 ____D () C:\FRST
2015-02-24 14:54 - 2015-02-24 14:54 - 02087424 _____ (Farbar) C:\Users\KRCO\Desktop\FRST64.exe
2015-02-21 18:41 - 2015-02-21 18:42 - 05135288 _____ (Piriform Ltd) C:\Users\KRCO\Desktop\spsetup128.exe
2015-02-21 18:34 - 2015-02-21 18:40 - 00000000 ____D () C:\Program Files (x86)\Winamp
2015-02-21 18:33 - 2015-02-21 18:34 - 17163336 _____ (Nullsoft, Inc.) C:\Users\KRCO\Desktop\winamp5666_full_all.exe
2015-02-21 18:24 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-21 18:24 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-21 18:24 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-21 18:24 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-21 18:15 - 2015-02-21 18:15 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\qualys
2015-02-20 17:48 - 2015-02-20 17:48 - 00455136 ____T () C:\Users\KRCO\AppData\Roaming\CrashRpt1402.dll
2015-02-20 17:48 - 2015-02-20 17:48 - 00000877 _____ () C:\Users\KRCO\Desktop\SIW x64 Home Edition.lnk
2015-02-20 17:48 - 2015-02-20 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2015-02-20 17:48 - 2015-02-20 17:48 - 00000000 ____D () C:\Program Files\SIW Home Edition
2015-02-20 17:46 - 2015-02-20 17:47 - 06324280 _____ (Topala Software Solutions ) C:\Users\KRCO\Desktop\siw-home-x64-setup.exe
2015-02-20 16:14 - 2015-02-20 16:14 - 00000622 _____ () C:\Users\KRCO\Desktop\KMPlayer.lnk
2015-02-20 16:14 - 2015-02-20 16:14 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2015-02-20 16:10 - 2015-02-20 16:11 - 35907256 _____ (PandoraTV) C:\Users\KRCO\Desktop\KMPlayer_3.9.1.133.exe
2015-02-20 16:07 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-20 16:05 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-20 16:05 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-20 16:05 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-20 16:04 - 2015-02-20 16:04 - 00000000 ____D () C:\NVIDIA
2015-02-20 15:46 - 2015-02-20 15:47 - 00000000 ____D () C:\Program Files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8
2015-02-20 15:46 - 2015-02-20 15:46 - 00205264 _____ () C:\Windows\SysWOW64\d.exe
2015-02-20 15:41 - 2015-02-22 13:51 - 00006470 _____ () C:\Windows\PFRO.log
2015-02-20 15:34 - 2015-02-20 15:35 - 00000000 ____D () C:\Program Files (x86)\cc22058d-71cf-44a6-bd72-d603db4b0d70
2015-02-20 15:34 - 2015-02-20 15:34 - 00205776 _____ () C:\Windows\SysWOW64\c.exe
2015-02-20 15:24 - 2015-02-20 15:31 - 00000000 ____D () C:\Users\KRCO\Desktop\Adil - MIX Uzivo
2015-02-20 15:24 - 2015-02-20 15:24 - 00004228 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_323035383335333531332d3437415a556c2a3223346c41
2015-02-20 15:24 - 2015-02-20 15:24 - 00001156 _____ () C:\Users\KRCO\Desktop\MP4 to MP3.lnk
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best MP4 to MP3 Converter
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-02-20 15:24 - 2015-02-20 15:24 - 00000000 ____D () C:\Program Files (x86)\Best MP4 To MP3 Converter
2015-02-20 15:22 - 2015-02-20 15:23 - 12277300 _____ () C:\Users\KRCO\Desktop\bestmp4tomp3convertersetup.exe
2015-02-20 15:20 - 2015-02-20 15:20 - 110452328 _____ () C:\Users\KRCO\Desktop\proba.mp4
2015-02-20 15:09 - 2015-02-20 15:10 - 00103896 _____ (GreenTree Applications SRL) C:\Users\KRCO\Desktop\YTDSetup.exe
2015-02-19 18:49 - 2015-02-19 18:49 - 00000050 _____ () C:\Users\KRCO\Desktop\Offerbot.txt
2015-02-19 16:37 - 2015-02-19 16:37 - 00000000 ____D () C:\Users\KRCO\AppData\Local\Steam
2015-02-17 18:44 - 2015-02-17 18:44 - 23821006 _____ () C:\Users\KRCO\Desktop\Zvijezda Mozes Biti Ti [ZMBT] Baba Hana, Moj dilbere [Smijesno] [muzicki talent][1].mp4
2015-02-17 18:42 - 2015-02-17 18:42 - 00001309 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-02-17 18:03 - 2015-02-17 18:03 - 17612422 _____ () C:\Users\KRCO\Desktop\Zvijezda Mozes Biti Ti [ZMBT] Baba Hana, Moj dilbere [Smijesno] [muzicki talent].mp4
2015-02-17 17:40 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-17 17:40 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-17 17:40 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-17 17:40 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 13:53 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-15 13:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-15 13:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 13:53 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 13:53 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-15 13:53 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-15 13:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 13:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 13:53 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-15 13:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-15 13:53 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-15 13:53 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-15 13:53 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-15 13:53 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-15 13:53 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-15 13:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 13:53 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-15 13:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-15 13:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 13:53 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-15 13:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 13:53 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-15 13:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 13:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-15 13:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-15 13:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-15 13:53 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-15 13:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 13:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-15 13:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-15 13:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-15 13:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-15 13:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 13:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-15 13:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 13:53 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-15 13:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 13:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 13:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-15 13:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-15 13:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-15 13:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-15 13:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 13:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 13:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 13:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-15 13:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 13:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 13:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-15 13:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 13:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 13:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-15 13:52 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-15 13:52 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-15 13:52 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-15 13:52 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-15 13:52 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-15 13:52 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-15 13:52 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-15 13:52 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-15 13:52 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-15 13:52 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-15 13:52 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-15 13:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-15 13:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-15 13:52 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-15 13:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-15 13:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-15 13:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-15 13:52 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-15 13:52 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-15 13:52 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-15 13:52 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-15 13:52 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-15 13:52 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-15 13:52 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-15 13:52 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-15 13:52 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-15 13:52 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-15 13:52 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-15 13:52 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-15 13:52 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-15 13:52 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-15 13:52 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-15 13:52 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-15 13:52 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-15 13:52 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-15 13:52 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-15 13:52 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-15 13:52 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-15 13:51 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-15 13:51 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-15 13:51 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-15 13:51 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-15 13:51 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-15 13:05 - 2015-02-15 13:07 - 00000000 ____D () C:\Users\KRCO\Desktop\Nove Slike
2015-02-15 12:29 - 2015-02-15 12:29 - 00000000 ____D () C:\Users\KRCO\Documents\BioWare
2015-02-15 12:27 - 2015-02-15 12:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-15 12:27 - 2015-02-15 12:27 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-02-14 18:56 - 2015-02-14 18:57 - 00000000 ____D () C:\Users\KRCO\Desktop\cccccccccccccccccc
2015-02-14 18:33 - 2015-02-14 18:56 - 00000000 ____D () C:\Users\KRCO\Desktop\Dying.Light.Update.v1.4.0-RELOADED
2015-02-10 21:17 - 2015-02-10 21:20 - 00000000 ____D () C:\Program Files (x86)\Free YouTube Downloader
2015-02-10 13:50 - 2015-02-10 13:50 - 00001193 _____ () C:\Users\KRCO\Desktop\Evolve.lnk
2015-02-10 13:50 - 2015-02-10 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve
2015-02-10 13:31 - 2015-02-10 13:50 - 00000000 ____D () C:\Program Files (x86)\Evolve
2015-02-09 22:27 - 2015-02-10 13:11 - 00000000 ____D () C:\Users\KRCO\Desktop\Evolve
2015-02-09 20:21 - 2015-02-09 20:21 - 00000000 ____D () C:\Users\KRCO\Documents\WB Games
2015-02-09 20:16 - 2015-02-09 20:16 - 00001294 _____ () C:\Users\KRCO\Desktop\Middle Earth Shadow of Mordor.lnk
2015-02-09 20:16 - 2015-02-09 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor
2015-02-09 19:53 - 2015-02-09 20:21 - 00000000 ____D () C:\Program Files (x86)\Middle Earth Shadow of Mordor
2015-02-09 18:22 - 2015-02-09 18:22 - 00007606 _____ () C:\Users\KRCO\AppData\Local\Resmon.ResmonCfg
2015-02-09 02:18 - 2015-02-09 22:20 - 00000000 ____D () C:\Users\KRCO\Desktop\Middle Earth Shadow of Mordor
2015-02-08 16:34 - 2015-02-08 17:45 - 00000048 _____ () C:\Users\KRCO\Desktop\Hltv new pass.txt
2015-02-06 10:30 - 2015-02-06 10:30 - 00000031 _____ () C:\Users\KRCO\Desktop\wd.txt
2015-02-04 20:49 - 2015-02-04 20:49 - 00000000 ____D () C:\Users\KRCO\Documents\CPY_SAVES
2015-02-04 20:47 - 2015-02-04 13:54 - 00000000 ____D () C:\Users\KRCO\Desktop\(zabranjeno)
2015-02-04 20:46 - 2015-02-09 20:20 - 00000000 ____D () C:\Users\KRCO\Desktop\Update
2015-02-04 19:38 - 2015-02-04 20:45 - 00000000 ____D () C:\Users\KRCO\Desktop\Metal.Gear.Solid.V.Ground.Zeroes.UPDATE.1.0.0.3-CPY
2015-02-03 22:51 - 2015-02-03 22:52 - 00000000 ____D () C:\Users\KRCO\Desktop\BrownBunnies - Tori Taylor
2015-02-01 20:42 - 2015-02-01 20:50 - 00001861 _____ () C:\Users\KRCO\Desktop\CrystalDiskMark.lnk
2015-02-01 20:42 - 2015-02-01 20:42 - 00000000 ____D () C:\Users\KRCO\AppData\Local\CrystalDiskMark
2015-02-01 20:42 - 2015-02-01 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark
2015-02-01 20:42 - 2015-02-01 20:42 - 00000000 ____D () C:\Program Files\CrystalDiskMark
2015-02-01 20:41 - 2015-02-01 20:41 - 03958888 _____ (Crystal Dew World ) C:\Users\KRCO\Desktop\CrystalDiskMark3_0_3bShizuku-en.exe
2015-02-01 20:38 - 2015-02-01 20:38 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\HD Tune Pro
2015-02-01 20:32 - 2015-02-01 20:32 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Hard Disk Sentinel
2015-02-01 20:31 - 2015-02-01 20:33 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-02-01 01:00 - 2015-02-24 14:47 - 00006339 _____ () C:\Windows\setupact.log
2015-02-01 01:00 - 2015-02-01 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-30 14:30 - 2015-01-30 14:30 - 00000000 ____D () C:\Users\KRCO\Documents\Rockstar Games
2015-01-30 14:29 - 2015-01-30 14:29 - 00000041 _____ () C:\Users\KRCO\Desktop\Rockstar social club.txt
2015-01-30 14:23 - 2015-02-14 22:23 - 00000052 _____ () C:\Users\KRCO\Desktop\REP.txt
2015-01-30 14:21 - 2015-01-30 14:21 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-01-30 14:17 - 2015-01-30 14:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2015-01-30 14:17 - 2015-01-30 14:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-30 14:01 - 2015-01-31 00:31 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-01-30 12:45 - 2015-01-30 12:45 - 00000000 ____D () C:\Users\KRCO\Documents\DyingLight
2015-01-30 12:35 - 2015-02-14 18:57 - 00000000 ____D () C:\Program Files (x86)\Dying Light
2015-01-30 12:35 - 2015-01-30 12:35 - 00000844 _____ () C:\Users\Public\Desktop\Dying Light.lnk
2015-01-28 16:33 - 2015-01-28 16:33 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-27 21:12 - 2015-02-01 17:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-27 19:16 - 2015-01-27 21:17 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 19:15 - 2015-02-01 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty
2015-01-27 18:23 - 2015-01-27 18:25 - 00000000 ____D () C:\Users\KRCO\AppData\Local\Ahead
2015-01-27 18:23 - 2015-01-27 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
2015-01-27 18:22 - 2015-01-27 19:55 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Ahead
2015-01-27 18:22 - 2015-01-27 18:22 - 00000000 ____D () C:\ProgramData\Ahead
2015-01-27 18:21 - 2015-01-27 18:21 - 00000000 ____D () C:\ProgramData\Nero
2015-01-27 18:21 - 2015-01-27 18:21 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-01-27 17:35 - 2015-01-27 17:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-27 17:35 - 2015-01-27 17:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-27 17:35 - 2015-01-27 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-27 17:26 - 2015-01-13 05:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-27 17:26 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-27 17:26 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-27 13:53 - 2009-10-11 21:58 - 01177600 _____ (AD) C:\Windows\SysWOW64\SYNSOEMU.DLL
2015-01-27 13:45 - 2015-01-27 13:45 - 00000000 ____D () C:\ProgramData\Steinberg
2015-01-27 13:44 - 2015-01-27 17:34 - 00000000 ____D () C:\Program Files (x86)\Steinberg
2015-01-27 13:44 - 2015-01-27 13:55 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Steinberg
2015-01-25 12:55 - 2015-01-25 12:57 - 00000000 ____D () C:\Users\KRCO\Desktop\Tonce nove slike

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:54 - 2014-11-25 02:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-24 14:54 - 2009-07-14 05:45 - 00028976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:54 - 2009-07-14 05:45 - 00028976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:53 - 2014-11-25 01:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 14:50 - 2014-12-24 15:40 - 01115378 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 14:47 - 2014-11-27 07:00 - 00000000 ____D () C:\ProgramData\MCShield
2015-02-24 14:47 - 2014-11-25 01:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 14:47 - 2014-11-24 22:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 14:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 14:07 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 18:39 - 2014-11-25 02:53 - 00000000 ____D () C:\KMPlayer
2015-02-21 18:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-20 16:19 - 2014-11-25 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-20 16:19 - 2014-11-24 22:13 - 00001003 _____ () C:\Users\KRCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-20 16:08 - 2014-11-25 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-20 15:35 - 2014-12-11 21:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-20 15:27 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-20 15:26 - 2014-11-26 08:37 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-20 12:51 - 2009-07-14 06:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-17 19:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 14:21 - 2009-07-14 05:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 14:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-15 13:59 - 2014-11-24 22:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 13:55 - 2014-11-24 22:58 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-15 12:02 - 2014-11-25 01:52 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\uTorrent
2015-02-11 00:16 - 2014-11-25 01:35 - 00000000 ____D () C:\Users\KRCO\AppData\Local\NVIDIA
2015-02-11 00:15 - 2014-11-26 01:37 - 00000000 ____D () C:\Users\KRCO\AppData\Local\NVIDIA Corporation
2015-02-09 19:52 - 2014-11-25 01:54 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\DAEMON Tools Lite
2015-02-07 18:24 - 2014-12-17 17:55 - 00000000 ____D () C:\Users\KRCO\AppData\Roaming\Skype
2015-02-05 22:01 - 2014-11-25 02:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-05 22:01 - 2014-11-25 02:41 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-05 22:01 - 2014-11-25 02:41 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-05 22:01 - 2014-11-25 02:41 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-05 22:01 - 2014-11-24 22:51 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 22:01 - 2014-11-24 22:51 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 22:01 - 2014-08-20 07:14 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-08-20 07:14 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-11-24 22:52 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-11-24 22:52 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-11-24 22:52 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-11-24 22:52 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-11-24 22:52 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-11-24 22:52 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 17:10 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-05 13:50 - 2014-11-24 22:52 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-05 13:48 - 2014-11-25 01:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 13:48 - 2014-11-25 01:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 20:48 - 2014-12-19 12:09 - 00000000 ____D () C:\Program Files (x86)\Metal Gear Solid V Ground Zeroes
2015-02-02 23:08 - 2014-11-25 06:13 - 00000115 _____ () C:\Users\KRCO\Desktop\bitsoup.org.txt
2015-01-30 14:34 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-28 16:38 - 2014-11-25 00:31 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-27 18:25 - 2014-11-25 01:46 - 00000000 ___RD () C:\Users\KRCO\Desktop\Programi
2015-01-27 17:24 - 2014-12-25 00:18 - 00000000 ___RD () C:\Users\KRCO\Desktop\Muzika
2015-01-27 17:24 - 2014-11-25 01:46 - 00000000 ____D () C:\Users\KRCO\Desktop\Igre

==================== Files in the root of some directories =======

2015-02-20 17:48 - 2015-02-20 17:48 - 0455136 ____T () C:\Users\KRCO\AppData\Roaming\CrashRpt1402.dll
2014-11-26 08:50 - 2014-11-26 08:50 - 1396136 _____ (Object Browser) C:\Users\KRCO\AppData\Roaming\CTWFEI.exe
2014-11-26 08:49 - 2014-11-26 08:49 - 1884072 _____ (Object Browser) C:\Users\KRCO\AppData\Roaming\JZHPXIW.exe
2015-02-09 18:22 - 2015-02-09 18:22 - 0007606 _____ () C:\Users\KRCO\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\KRCO\AppData\Local\Temp\bitool.dll
C:\Users\KRCO\AppData\Local\Temp\cabex.dll
C:\Users\KRCO\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\KRCO\AppData\Local\Temp\nvStInst.exe
C:\Users\KRCO\AppData\Local\Temp\setup.exe
C:\Users\KRCO\AppData\Local\Temp\tu17p84.exe
C:\Users\KRCO\AppData\Local\Temp\unelevate.exe
C:\Users\KRCO\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed


C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 13:57

==================== End Of Log ============================



[Link mogu videti samo ulogovani korisnici]



Poslao: 24 Feb 2015 15:12
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav KRCO95,

Pokretanje AdwCleaner na slepo bez nekih preliminarnih koraka je velika greska. Cak neki iskusniji experti prvo puste adwcleaner a zatim ciste ostatke sto je greska.
AdwareCleaner je alat koji ce ciljati samo njemu poznate unose a autori adware programa stalno menjanu default unose da bi izbegli ukalanjanje. Rezultati su zaostale vrednosti i ostecen (citaj: ne uklonjen pravilno) program ...


Bilo ako bilo, zeleo bih da pocnem sa velikim momkom ...




1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.

------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);
Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.

------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl



Poslao: 24 Feb 2015 15:52
Idi na vrh
offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

ComboFix 15-02-16.01 - KRCO 02/24/2015 15:25:40.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1862 [GMT 1:00]
Running from: c:\users\KRCO\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8\27ac1880-c6fc-47ac-9549-8461991ea982.dll
c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8\6e8db635-70f1-4f97-8829-e98bb98abecb.dll
c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8\987f8399-ab08-44c2-918e-5f79b577abd8.dll
c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8\c73e66a7-f4a1-4246-a57a-fa8665a5c27c.dll
c:\program files (x86)\Adobe\3ef0d304-9548-46ab-b454-1ba05c30be0d.dll
c:\program files (x86)\Adobe\cc22058d-71cf-44a6-bd72-d603db4b0d70.dll
c:\program files (x86)\cc22058d-71cf-44a6-bd72-d603db4b0d70\50927ef2-b71c-4f1f-b09f-70cb492b7a14.dll
c:\program files (x86)\cc22058d-71cf-44a6-bd72-d603db4b0d70\7a4199a4-4669-4f86-babd-ed32f9db0486.dll
c:\windows\msdownld.tmp
c:\windows\SysWow64\c.exe
c:\windows\SysWow64\d.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPDRIVER_1507.0.0.0
-------\Service_SPDRIVER_1507.0.0.0
.
.
((((((((((((((((((((((((( Files Created from 2015-01-24 to 2015-02-24 )))))))))))))))))))))))))))))))
.
.
2015-02-24 14:35 . 2015-02-24 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-24 13:55 . 2015-02-24 13:57 -------- d-----w- C:\FRST
2015-02-21 17:35 . 2015-02-21 17:40 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2015-02-21 17:34 . 2015-02-21 17:40 -------- d-----w- c:\program files (x86)\Winamp
2015-02-21 17:24 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-21 17:24 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-21 17:24 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-21 17:24 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-21 17:15 . 2015-02-21 17:15 -------- d-----w- c:\users\KRCO\AppData\Roaming\qualys
2015-02-21 12:22 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{466329FA-CE1B-4E4F-B15E-E4994EE2AFA2}\mpengine.dll
2015-02-20 16:48 . 2015-02-20 16:48 455136 ----atw- c:\users\KRCO\AppData\Roaming\CrashRpt1402.dll
2015-02-20 16:48 . 2015-02-24 14:08 -------- d-----w- c:\program files\SIW Home Edition
2015-02-20 15:07 . 2015-02-05 17:57 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-20 15:04 . 2015-02-20 15:04 -------- d-----w- C:\NVIDIA
2015-02-20 14:46 . 2015-02-24 14:31 -------- d-----w- c:\program files (x86)\987f8399-ab08-44c2-918e-5f79b577abd8
2015-02-20 14:34 . 2015-02-24 14:32 -------- d-----w- c:\program files (x86)\cc22058d-71cf-44a6-bd72-d603db4b0d70
2015-02-20 14:24 . 2015-02-20 14:24 -------- d-----w- c:\program files\Common Files\ShopperPro
2015-02-20 14:24 . 2015-02-20 14:24 -------- d-----w- c:\program files (x86)\Best MP4 To MP3 Converter
2015-02-19 15:37 . 2015-02-19 15:37 -------- d-----w- c:\users\KRCO\AppData\Local\Steam
2015-02-17 16:40 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-17 16:40 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-17 16:40 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-17 16:40 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-15 12:52 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-15 12:51 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-15 12:51 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-15 12:51 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-15 12:51 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-15 12:51 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-15 11:27 . 2015-02-15 11:27 -------- d-----w- c:\programdata\Origin
2015-02-15 11:27 . 2015-02-15 11:27 -------- d-----w- c:\programdata\Electronic Arts
2015-02-10 20:17 . 2015-02-10 20:20 -------- d-----w- c:\program files (x86)\Free YouTube Downloader
2015-02-10 12:31 . 2015-02-10 12:50 -------- d-----w- c:\program files (x86)\Evolve
2015-02-09 18:53 . 2015-02-09 19:21 -------- d-----w- c:\program files (x86)\Middle Earth Shadow of Mordor
2015-02-01 19:42 . 2015-02-01 19:42 -------- d-----w- c:\users\KRCO\AppData\Local\CrystalDiskMark
2015-02-01 19:42 . 2015-02-01 19:42 -------- d-----w- c:\program files\CrystalDiskMark
2015-02-01 19:38 . 2015-02-01 19:38 -------- d-----w- c:\users\KRCO\AppData\Roaming\HD Tune Pro
2015-02-01 19:32 . 2015-02-01 19:32 -------- d-----w- c:\users\KRCO\AppData\Roaming\Hard Disk Sentinel
2015-02-01 19:31 . 2015-02-01 19:33 -------- d-----w- c:\program files (x86)\Hard Disk Sentinel
2015-01-30 13:21 . 2015-01-30 13:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2015-01-30 13:17 . 2015-01-30 13:17 -------- d-----w- c:\windows\SysWow64\xlive
2015-01-30 13:17 . 2015-01-30 13:17 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2015-01-30 13:01 . 2015-01-30 23:31 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-01-30 11:35 . 2015-02-14 17:57 -------- d-----w- c:\program files (x86)\Dying Light
2015-01-28 15:33 . 2015-01-28 15:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2015-01-27 20:12 . 2015-02-01 16:33 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-01-27 20:03 . 2015-01-27 20:03 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2015-01-27 17:23 . 2015-01-27 17:25 -------- d-----w- c:\users\KRCO\AppData\Local\Ahead
2015-01-27 17:22 . 2015-01-27 18:55 -------- d-----w- c:\users\KRCO\AppData\Roaming\Ahead
2015-01-27 17:22 . 2015-01-27 17:22 -------- d-----w- c:\programdata\Ahead
2015-01-27 17:21 . 2015-01-27 17:22 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2015-01-27 17:21 . 2015-01-27 17:21 -------- d-----w- c:\programdata\Nero
2015-01-27 17:21 . 2015-01-27 17:21 -------- d-----w- c:\program files (x86)\Nero
2015-01-27 16:35 . 2015-01-27 16:36 -------- d-----w- c:\program files\CCleaner
2015-01-27 16:26 . 2015-01-13 04:15 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-01-27 16:26 . 2015-01-10 08:07 1895240 ----a-w- c:\windows\system32\nvdispco6434725.dll
2015-01-27 16:26 . 2015-01-10 08:07 1556808 ----a-w- c:\windows\system32\nvdispgenco6434725.dll
2015-01-27 12:53 . 2009-10-11 20:58 1177600 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2015-01-27 12:53 . 2015-01-27 12:53 -------- d-----w- c:\program files (x86)\Common Files\VST3
2015-01-27 12:45 . 2015-01-27 12:45 -------- d-----w- c:\programdata\Steinberg
2015-01-27 12:44 . 2015-01-27 16:34 -------- d-----w- c:\program files (x86)\Steinberg
2015-01-27 12:44 . 2015-01-27 12:55 -------- d-----w- c:\users\KRCO\AppData\Roaming\Steinberg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-15 12:55 . 2014-11-24 21:58 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 21:01 . 2014-11-25 01:41 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-02-05 21:01 . 2014-11-25 01:41 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2015-02-05 21:01 . 2014-11-25 01:41 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-02-05 21:01 . 2014-11-25 01:41 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-02-05 21:01 . 2014-11-24 21:51 74056 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2014-11-24 21:51 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-05 21:01 . 2014-08-20 06:14 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-05 19:07 . 2014-11-24 21:52 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2014-11-24 21:52 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2014-11-24 21:52 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2014-11-24 21:52 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2014-11-24 21:52 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2014-11-24 21:52 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 12:50 . 2014-11-24 21:52 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2014-12-24 14:33 . 2014-12-24 14:33 26528 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-19 12:21 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-19 12:21 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-13 10:08 . 2014-12-24 10:54 1895056 ----a-w- c:\windows\system32\nvdispco6434709.dll
2014-12-13 10:08 . 2014-12-24 10:54 1556624 ----a-w- c:\windows\system32\nvdispgenco6434709.dll
2014-12-11 17:47 . 2015-01-19 12:21 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-19 12:21 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-19 12:21 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-19 12:21 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"MCShield Monitor"="c:\program files (x86)\MCShield\MCShieldRTM.exe" [2014-04-11 650816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 17:54 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 00:43]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 00:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-05 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-02-05 1514528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [Link mogu videti samo ulogovani korisnici]
mDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
mDefault_Page_URL = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\IoctlSvc.exe
.
**************************************************************************

.
Completion time: 2015-02-24 15:49:01 - machine was rebooted
ComboFix-quarantined-files.txt 2015-02-24 14:48
.
Pre-Run: 113,969,229,824 bytes free
Post-Run: 113,344,217,088 bytes free
.
- - End Of File - - 09C359391BD34FBA10806E4E89F95146
A36C5E4F47E84449FF07ED3517B43A31



[Link mogu videti samo ulogovani korisnici]

Poslao: 24 Feb 2015 16:13
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

U redu, nacinili smo fin napredak. Idemo dalje ...




Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

c:\program files\Common Files\ShopperPro;fs
FFDefaults;
ohlencieiipommannpdfcmfdpjjmeolj;chr
CHRDefaults;
AutoClean;

Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.




Arrow Resetuj oba browsera, Firefox i Chrome na njihova default (podrazumevana) podesavanja. Evo kako to da uradis;

[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]


Arrow Reci mi kakvo je sada stanje?

Poslao: 24 Feb 2015 16:45
Idi na vrh
offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Evo rezultata sad je bolje i za sad mi ne izbacuje vise nista a i cini mi se da radi za nijansu brze racunar i chrome ne mogu da verujem hvala ti puno car si ! Reci mi sta je bio kvar i sta sad ja ustvari sad radio sve ? Ziveli

Zoek.exe v5.0.0.0 Updated 23-February-2015
Tool run by KRCO on Tue 02/24/2015 at 16:24:29.34.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KRCO\Desktop\fff\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

2/24/2015 4:25:11 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\987f8399-ab08-44c2-918e-5f79b577abd8 deleted successfully
C:\PROGRA~2\cc22058d-71cf-44a6-bd72-d603db4b0d70 deleted successfully
C:\PROGRA~2\InstallShield Installation Information deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Winamp deleted successfully
C:\PROGRA~2\COMMON~1\VST3 deleted successfully
C:\Program Files\SIW Home Edition deleted successfully
C:\Users\KRCO\AppData\Roaming\Opera Software deleted successfully
C:\Users\KRCO\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c29e510-d865-4c4d-a13b-aed14025dee2} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16C5220-8F8C-4CA9-B144-25FC5DB3FBE6} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F15A936-D2D1-4276-AC79-DEE916151B88} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{534B5F68-1F8B-4DF0-A6C4-ABEFAFF41BCA} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57ACE3BE-C177-4236-94E5-B52F9F11EA9} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57F55A5-9343-467E-A1A1-3CDDE7C6EA12} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A79974C-12A5-4265-B44D-AD1CCA396E8D} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B06320A-B335-47FC-8CCE-DEEB8471EEBF} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86B9DE04-5ED5-4B75-87DF-E68A89C5AC79} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86EDCC21-6EF4-4BB4-A1BD-97F26935DE51} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B969E9-F601-4C27-A39D-7A9E1ED91348} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CEA5515-7707-4F91-B163-C69CFCB663ED} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900bd2ee-db2a-4820-b63a-d01a00b10b6b} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96750C57-8BBB-4BAB-889F-74E869828227} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97F40F35-8E9B-4817-9C3F-B6D57C27657B} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A60E581-8239-4DE2-A4E0-E2BBDADAC89B} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FAB90BC-8F62-4A71-988A-572EEA2F3477} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1567AC6-AF39-4C72-8C7C-CCA229991224} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A61CF2B0-8FB8-4B69-B89D-A2F3CBBD35DD} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9AC24A9-8DA9-4B2C-B9BF-EE335EA4C292} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9DCC085-C301-4827-8F9-153F4F7675} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9753C6-9776-472B-8AD9-73121A125854} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0AAA9F3-289-4834-BC5-18402EFFEC95} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2179D29-65D9-4A02-95C6-DA23358A7985} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B322D185-793-49FF-8890-64CA62C2C5D2} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B859B726-5E6C-4E5C-BDD4-AE19A30CA56} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C120FBEC-DC36-4C5E-A6EB-6E46A21AC875} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7B653CB-2CF9-4C34-BAA7-195E2F48B40} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4F6FE02-6F22-471A-933A-A6FDADAE2DCE} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7304F81-2C44-4F67-90CA-162C7E99646} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8B8AE41-A46E-41AA-8657-EEBED52D7FE4} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da373667-534d-4b05-a854-8a0e636e3abd} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD72B49C-43B2-4379-A551-D937569E3F3E} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E026F5CE-6EB6-45D5-B324-6F24CDF13BFB} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4C0A0CA-C7C4-459A-BD11-3143ABA27963} deleted successfully
HKEY_USERS\S-1-5-21-3989576198-1594049347-3657210406-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea94b084-4ea0-472b-99bb-a478e8ef8acb} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c29e510-d865-4c4d-a13b-aed14025dee2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900bd2ee-db2a-4820-b63a-d01a00b10b6b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da373667-534d-4b05-a854-8a0e636e3abd} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea94b084-4ea0-472b-99bb-a478e8ef8acb} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\987f8399-ab08-44c2-918e-5f79b577abd8 not found
C:\PROGRA~2\cc22058d-71cf-44a6-bd72-d603db4b0d70 not found
C:\PROGRA~2\InstallShield Installation Information not found
C:\PROGRA~2\MSXML 4.0 not found
C:\PROGRA~2\Winamp not found
C:\PROGRA~2\Uninstall Information deleted
c:\program files\Common Files\ShopperPro deleted
C:\PROGRA~2\1a4c4052-fbfc-4489-a8b8-7ce7471487e4 deleted
C:\Users\KRCO\AppData\Roaming\CrashRpt1402.dll deleted
C:\PROGRA~3\ReviverSoft\PC Reviver deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\KRCO\AppData\Local\Installer deleted
C:\Users\Public\Documents\GOOBZO deleted
C:\Users\Public\Documents\ShopperPro deleted
C:\Users\Public\Documents\YTAHelper deleted
C:\windows\SysNative\Tasks\SPBIW_UpdateTask_Time_323035383335333531332d3437415a556c2a3223346c41 deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted
C:\Users\KRCO\AppData\Roaming\CTWFEI.exe deleted
C:\Users\KRCO\AppData\Roaming\JZHPXIW.exe deleted

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

Google Drive - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
CS GO Lounge Bump Bot - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk
Refresh Monkey - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd
Google Wallet - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
ohlencieiipommannpdfcmfdpjjmeolj - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj
Gmail - KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.savegames.us_0.localstorage deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.savegames.us_0.localstorage-journal deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage-journal deleted successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KRCO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KRCO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\KRCO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=46 folders=38 30048919 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\KRCO\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KRCO\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Tue 02/24/2015 at 16:40:51.24 ======================

Poslao: 24 Feb 2015 17:01
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Naravno da radi brze, s'a si mislio.


Instalirao si legitimni Best MP4 To MP3 Converter program pre 4 dana i uz njega doveo raznoraznog adware usled nepravilne instalacije, nisi citao sta instaliras, samo si kliktao 'next > next'.

Bilo je tu i ostalog raznog smeca ... sve smo to ocistili, citaj to kao da smo okupali Windows. Sada je cist i mirise. Very Happy






Odradimo jos ARK proveru, znaj da je ovo cista formalnost, ne ocekujem da cemo naci neki ozbiljan RootKit.





Preuzmi program GMER, RootKit Detektor i sačuvati ga na Desktop:
Napomena: alat nosi nasumice generisan naziv. Na samoj ikonici će jasno pisati GMER.


Dvoklikom pokreni GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;
klikni dugme [Scan] i sačekaj da skeniranje bude završeno;
klikni dugme [Save ...] - izveštaj sačuvaj na Desktop pod nazivom ARK;

kliknite taster >>> i odaberite Autostart karticu;
klikni dugme [Scan];
po završetku kratkotrajnog skeniranja, klikni [Copy];
otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop pod nazivom autostart;


Priloži oba GMER izveštaja uz poruku korišćenjem opcije Prikači fajl.

Poslao: 24 Feb 2015 18:59
Idi na vrh
offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Hmm jeste secam se to sam neki mix sa youtube prvo dw a on bio drugi format pa posto hocu u kolimada slusam skinuo sam taj program i konvertovao u mp3 dobro sto si mi rekao...evo ova dva fajla pa "baci" pogled valjda nema nista Very Happy

[Link mogu videti samo ulogovani korisnici]


[Link mogu videti samo ulogovani korisnici]

Poslao: 25 Feb 2015 13:10
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Na zalost, ne mogu te proglasiti cistim na osnovu GMER logova. Moramo jos jednu proveru da uradimo...







Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Poslao: 25 Feb 2015 14:00
Idi na vrh
offline
  • Milan
  • Pridružio: 11 Apr 2012
  • Poruke: 465

Evo na kraju je pisalo da nije detektovan virus...evo izvestaja

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
[Link mogu videti samo ulogovani korisnici]

Database version:
main: v2015.02.25.04
rootkit: v2015.02.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
KRCO :: KRCO-PC [administrator]

2/25/2015 1:46:29 PM
mbar-log-2015-02-25 (13-46-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 343502
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[Link mogu videti samo ulogovani korisnici]

Poslao: 25 Feb 2015 14:19
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

E sada mogu da te oslobodim. Razz





Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

MyCity » Ambulanta -> Arhiva Ambulante » Reklame i sporiji rad racunara

Ko je trenutno na forumu
 

Ukupno su 9738 korisnika na forumu :: 120 registrovanih, 11 sakrivenih i 9607 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 19602 - dana 30 Mar 2026 00:11

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100jan, 1MAP, 9191vs, Air_Force_82, Aleksandar Šljivar, AleksSE, Apok, aramis s, arsa, Aska, Asparagus, Asteker, baltazar01, Bane san, bb929, blankspace, bojan_t, bojanstros9, BtR-45, C-Gun, cakija, celt, Cicumile, Cirkon, coaaco, Comyymoc, cyprus, Darth Malak, dd201176, dejan.7951, dejan1972, Dioniss, djboj, doloress, DragoslavS, Duh16, dule10savic, dusan.l, Fliper, Gheljda, goran.vvv, Grochow, GT, Igritelj, Insan, janbo, jarovitt, Jaz, Jeremiah, jodzula, JOntra, K-1A, Kajzer Soze, kibihrchak, lacko, laki_bb, Lieutenant, marre, matrix_1, mercedesamg, MIKI63, mikrimaus, mile.ilic75, Mili026, milivoje_vatrogasac, Mis uz pusku, mnn2, MountAndBlade, Mzee, N.e.m.a.nj.a., Ne doznajem se u oružje, nebidrag, nelezele, Nikola Radojicic, nuke92, orah, Pale2025, Parker, Paško, pceklic, Permaldar, Pero Petković, pisac12, Povratak1912, procesor, proka1ng, proljece, Radoslava, RD84, Rebel Frank, Romibrat, samocitam, saputnik plavetnila, Schmidt, singa, SKYLINE, Smiljke, snikolic, Srle993, stegonosa, Stevan Visoki, Stoilkovic, Str2022, SympathyForTheDevil, Taras, troki1971, Tumansky, uruk, Vanderx, vathra, VBoss, vidra boy, vidra1, vladaa012, vladao75, Yekaterinburg, YugoSlav, zaoka, zixo, Zmajac