IBuddy ne mogu ukloniti

2

IBuddy ne mogu ukloniti

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 199

Evo Izvolte

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Marko (12-03-2021 00:04:35) Run:1
Running from C:\Users\Marko\Downloads
Loaded Profiles: Marko
Boot Mode: Normal
==============================================

fixlist content:
*****************
reateRestorePoint:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0F41C723-7A99-4383-810A-7728FDD62172} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {136C51BC-E9A9-4D0F-AD9E-51CABD802063} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {156250F9-698A-419A-B4D0-5379EDE1E004} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {2682CA35-D176-47D5-95C1-C74D6872EE76} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {27B77C04-2350-4CAE-8D0E-332821872F25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2FB0BC02-BBC5-47B0-A1C8-90AFCEF8052C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4685259F-0229-423E-A773-14343630E144} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4BDB5680-26F3-4DB3-A9F2-225EBF6287AD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6405AF98-4DBA-47D7-A96B-53E3195ED857} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9AEDF1F6-5849-49C0-A11C-401F9C28B94D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B6F34B4B-4BEF-4803-8897-D972260C6F2C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {B92EE4C4-46CD-483F-872D-0C58D88340A0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BAC4D830-6697-4A7F-9C8C-895D89CEDB0A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C4B7C702-7887-40FD-B116-CE42ED368238} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CFB3AD50-D08A-4296-B58A-13FDB46262FC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-03-07] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-03-07] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
C:\ProgramData\SAntivirus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
C:\Program Files (x86)\Digital Communications
C:\Users\Marko\AppData\Local\TaskbarSystem
C:\Program Files (x86)\IBuddy
C:\ProgramData\IdleBuddy
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
EmptyTemp:
*****************

reateRestorePoint: => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F41C723-7A99-4383-810A-7728FDD62172}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F41C723-7A99-4383-810A-7728FDD62172}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{136C51BC-E9A9-4D0F-AD9E-51CABD802063}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{136C51BC-E9A9-4D0F-AD9E-51CABD802063}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{156250F9-698A-419A-B4D0-5379EDE1E004}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{156250F9-698A-419A-B4D0-5379EDE1E004}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2682CA35-D176-47D5-95C1-C74D6872EE76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2682CA35-D176-47D5-95C1-C74D6872EE76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27B77C04-2350-4CAE-8D0E-332821872F25}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27B77C04-2350-4CAE-8D0E-332821872F25}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FB0BC02-BBC5-47B0-A1C8-90AFCEF8052C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FB0BC02-BBC5-47B0-A1C8-90AFCEF8052C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4685259F-0229-423E-A773-14343630E144}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4685259F-0229-423E-A773-14343630E144}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BDB5680-26F3-4DB3-A9F2-225EBF6287AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BDB5680-26F3-4DB3-A9F2-225EBF6287AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6405AF98-4DBA-47D7-A96B-53E3195ED857}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6405AF98-4DBA-47D7-A96B-53E3195ED857}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AEDF1F6-5849-49C0-A11C-401F9C28B94D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AEDF1F6-5849-49C0-A11C-401F9C28B94D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6F34B4B-4BEF-4803-8897-D972260C6F2C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6F34B4B-4BEF-4803-8897-D972260C6F2C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B92EE4C4-46CD-483F-872D-0C58D88340A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B92EE4C4-46CD-483F-872D-0C58D88340A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAC4D830-6697-4A7F-9C8C-895D89CEDB0A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAC4D830-6697-4A7F-9C8C-895D89CEDB0A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4B7C702-7887-40FD-B116-CE42ED368238}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4B7C702-7887-40FD-B116-CE42ED368238}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFB3AD50-D08A-4296-B58A-13FDB46262FC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFB3AD50-D08A-4296-B58A-13FDB46262FC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
SAntivirusSvc => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SAntivirusSvc => could not remove, key could be protected
TASANTIVIRUSKD => Unable to stop service.
HKLM\System\CurrentControlSet\Services\TASANTIVIRUSKD => could not remove, key could be protected

"C:\ProgramData\SAntivirus" folder move:

Could not move "C:\ProgramData\SAntivirus" => Scheduled to move on reboot.


"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus" folder move:

Could not move "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus" => Scheduled to move on reboot.


"C:\Program Files (x86)\Digital Communications" folder move:

Could not move "C:\Program Files (x86)\Digital Communications" => Scheduled to move on reboot.

C:\Users\Marko\AppData\Local\TaskbarSystem => moved successfully
C:\Program Files (x86)\IBuddy => moved successfully
C:\ProgramData\IdleBuddy => moved successfully
C:\ProgramData\TEMP => "AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE" ADS could not remove.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82718984 B
Java, Flash, Steam htmlcache => 1142 B
Windows/system/drivers => 90736921 B
Edge => 50688 B
Chrome => 578977087 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 44022 B
NetworkService => 44022 B
Marko => 20972443 B
DefaultAppPool => 20972443 B

RecycleBin => 26955797 B
EmptyTemp: => 793.2 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2021 00:11:23)

C:\ProgramData\SAntivirus => Could not move
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus => Could not move
C:\Program Files (x86)\Digital Communications => Is moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\SAntivirusSvc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\TASANTIVIRUSKD => could not remove, key could be protected

==== End of Fixlog 00:11:25 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8444
  • Gde živiš: Novi Beograd

Da li je iBaddy prisutan jos?

Ovaj SAntivirus je tvrdokoran. Mr. Green

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
CloseProcesses:
Unlock: C:\ProgramData\SAntivirus
Unlock: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
U3 idsvc; no ImagePath
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-03-07] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-03-07] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
C:\ProgramData\SAntivirus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 199

IBaddy trenutno ne iskace, ne znam dal ga ima negde u sistemu.
Evo ga log

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Marko (12-03-2021 12:05:50) Run:2
Running from C:\Users\Marko\Downloads
Loaded Profiles: Marko
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Unlock: C:\ProgramData\SAntivirus
Unlock: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
U3 idsvc; no ImagePath
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-03-07] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-03-07] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
C:\ProgramData\SAntivirus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\ProgramData\SAntivirus" => was unlocked
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus" => was unlocked
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\SAntivirusSvc => could not remove, key could be protected
TASANTIVIRUSKD => Unable to stop service.
HKLM\System\CurrentControlSet\Services\TASANTIVIRUSKD => could not remove, key could be protected

"C:\ProgramData\SAntivirus" folder move:

Could not move "C:\ProgramData\SAntivirus" => Scheduled to move on reboot.


"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus" folder move:

Could not move "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2021 12:09:37)

C:\ProgramData\SAntivirus => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus => moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\SAntivirusSvc => removed successfully
HKLM\System\CurrentControlSet\Services\TASANTIVIRUSKD => removed successfully

==== End of Fixlog 12:09:45 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8444
  • Gde živiš: Novi Beograd

Sad bi trebalo da je uklonen i SAntivirus.

Kakvo je stanje?

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 199

helen1 ::Sad bi trebalo da je uklonen i SAntivirus.

Kakvo je stanje?


Cini se da je OK. Testiracu neko vreme.
Hvala ti najlepse.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8444
  • Gde živiš: Novi Beograd

Preimenuj FRST.exe u uninstall.exe i pokreni ga. To ce obrisati FRST i sve dodatne fajlove koje su mu bili potrebni za rad.

To bi trebalo da je to.

Ko je trenutno na forumu
 

Ukupno su 548 korisnika na forumu :: 10 registrovanih, 1 sakriven i 537 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Boris90, ivan979, Konda, laze2, Marko Marković, MB120mm, MiG-29M2, VJ, yrraf, 223223