MyCity » Ambulanta -> Arhiva Ambulante » Ciscenje

Ciscenje

Napisano na dan: 6.3.2015

Ciscenje

Sledeća strana

Pagination

Odgovori

stanoye Poslao: 06 Mar 2015 23:12 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	1Ovo se svidja korisniku: Eyes Wide Shut Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav, skoro mi se desilo da mi je burazer slučajno instalirao neke adware programe. Ja sam ocistio kompjuter od njih ali se desava kada otvorim Google Chrome, on u više tabova pootvara neke reklame i gluposti iako je podešeno da otvara samo jednu stranicu(google.rs), čak ni deinstalacija nije pomogla. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01 Ran by Ivan (administrator) on IVAN-PC on 06-03-2015 23:09:49 Running from C:\Users\Ivan\Desktop Loaded Profiles: Ivan (Available profiles: Ivan) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Dassault Systemes) C:\Program Files\Dassault Systemes\B205\win_b64\code\bin\CATSysDemon.exe () C:\Program Files (x86)\GiliSoft\File Lock Pro\FLService.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe () C:\Program Files (x86)\GiliSoft\File Lock Pro\FLClient.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (xwidget.com) C:\Program Files (x86)\XWidget\xwidget.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (BitTorrent Inc.) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe (Flux Software LLC) C:\Users\Ivan\AppData\Local\FluxSoftware\Flux\flux.exe (Mixesoft Project) C:\Users\Ivan\AppData\Local\Mixesoft\AppNHost\appnhost.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13764312 2014-10-23] (Realtek Semiconductor) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Winlogon: [Shell] explorer.exe,WinUpdateCfg.exe [ ] () <=== ATTENTION HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\...\Run: [xwidget] => C:\Program Files (x86)\XWidget\xwidget.exe [1848832 2014-03-18] (xwidget.com) HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation) HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\...\Run: [uTorrent] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-03] (BitTorrent Inc.) HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\...\Run: [f.lux] => C:\Users\Ivan\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\...\Run: [Gili File Lock Helper] => C:\Program Files (x86)\GiliSoft\File Lock Pro\WinFLockerHelp.exe [30528 2013-03-04] (GiliSoft International LLC) HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\...\Run: [appnhost] => C:\Users\Ivan\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project) HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\...\Policies\Explorer: [] HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) BootExecute: PDBoot.exeautocheck autochk * <I??control file..????a00???0System_Microsoft Virtual Drive Enumerator Driver00oldL35.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET.MOFC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOFc:\windows\system32\wbem\iscsirem.mofc:\windows\system32\wbem\offlinefileswmiprovider_uninstall.mofc:\windows\system32\wbem\winsatuninstall.mofc:\windows\system32\wbem\wpcuninst.mofC:\PROGRAM FILES\CONDUSIV TECHNOLOGIES\DISKEEPER\DKDECOUPLEDPROVIDER.MOFC:\AS.MOFC:\FW.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOFC:\WINDOWS\SYSTEM32\WBEM\WDF01000UNINSTALL.MOFC:\WINDOWS\SYSTEM32\WBEM\WUDFXUNINSTALL.MOFC:\WINDOWS\SYSWOW64\WBEM\AACLIENT.MOFC:\WINDOWS\SYSWOW64\WBEM\CLI.MOFC:\WINDOWS\SYSWOW64\WBEM\CLIEGALIASES.MOFC:\WINDOWS\SYSWOW64\WBEM\HBAAPI.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIDSC.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIHBA.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIPRF.MOFC:\WINDOWS\SYSWOW64\WBEM\KERBEROS.MOFC:\WINDOWS\SYSWOW64\WBEM\L2SECHC.MOFC:\WINDOWS\SYSWOW64\WBEM\MSTSC.MOFC:\WINDOWS\SYSWOW64\WBEM\MSTSCAX.MOFC:\WINDOWS\SYSWOW64\WBEM\MSV1_0.MOFC:\WINDOWS\SYSWOW64\WBEM\NCI.MOFC:\WINDOWS\SYSWOW64\WBEM\NLSVC.MOFC:\WINDOWS\SYSWOW64\WBEM\OFFLINEFILESWMIPROVIDER.MOFC:\WINDOWS\SYSWOW64\WBEM\OFFLINEFILESWMIPROVIDER_UNINSTALL.MOFC:\WINDOWS\SYSWOW64\WBEM\POLICMAN.MOFC:\WINDOWS\SYSWOW64\WBEM\PPCRSOPCOMPSCHEMA.MOFC:\WINDOWS\SYSWOW64\WBEM\PPCRSOPUSERSCHEMA.MOFC:\WINDOWS\SYSWOW64\WBEM\RACWMIPROV.MOFC:\WINDOWS\SYSWOW64\WBEM\RDPENDP.MOFC:\WINDOWS\SYSWOW64\WBEM\REGEVENT.MOFC:\WINDOWS\SYSWOW64\WBEM\SCERSOP.MOFC:\WINDOWS\SYSWOW64\WBEM\SCHEDSVC.MOFC:\WINDOWS\SYSWOW64\WBEM\SERVICEMODEL.MOFC:\WINDOWS\SYSWOW64\WBEM\SERVICEMODEL35.MOFC:\WINDOWS\SYSWOW64\WBEM\SSDPSRV.MOFC:\WINDOWS\SYSWOW64\WBEM\VDS.MOFC:\WINDOWS\SYSWOW64\WBEM\VSS.MOFC:\WINDOWS\SYSWOW64\WBEM\WGXINSTALLEDGAME.MOFC:\WINDOWS\SYSWOW64\WBEM\WMIPERFCLASS.MOFC:\WINDOWS\SYSWOW64\WBEM\WMIPERFINST.MOFC:\WINDOWS\SYSWOW64\WBEM\WPCSPROV.MOFC:\WINDOWS\SYSWOW64\WBEM\WPCUNINST.MOFC:\WINDOWS\SYSWOW64\WBEM\WSCENTER.MOFC:\WINDOWS\SYSWOW64\WBEM\WSDAPI.MOFC:\WINDOWS\SYSWOW64\WBEM\EN-US\AACLIENT.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\CLI.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\CLIEGALIASES.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\HBAAPI.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\ISCSIDSC.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\ISCSIPRF.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\MSTSC.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\MSTSCAX.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\OFFLINEFILESWMIPROVIDER.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\POLICMAN.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\RACWMIPROV.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\REGEVENT.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\VDS.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\VSS.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\WGXINSTALLEDGAME.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\WSCENTER.MFL????????????????????????????????????????????????????????????????????????????????????????????????????????autocheck smrgdf C:\Users\Ivan\AppData\Roaming\iolo\Partizan CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKU\S-1-5-21-1920287994-4166790629-4267699446-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: FLockObj Class -> {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} -> C:\Program Files (x86)\GiliSoft\File Lock Pro\FolderLockPlugin64.dll () BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: FLockObj Class -> {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} -> C:\Program Files (x86)\GiliSoft\File Lock Pro\FolderLockPlugin.dll () BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1920287994-4166790629-4267699446-1000 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1920287994-4166790629-4267699446-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ivan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2013-06-23] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR StartupUrls: Default -> "https://www.google.rs/" CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Translate) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-11-10] CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-12-13] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20] CHR Extension: (SocialReviver) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald [2015-02-21] CHR Extension: (Video Downloader professional) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-12-05] CHR Extension: (Photo Zoom for Facebook) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-03-28] CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-11-22] CHR Extension: (Stylish) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-03-28] CHR Extension: (Click&Clean) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-01-05] CHR Extension: (AdBlock) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-25] CHR Extension: (Ashish Mishra) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2015-01-05] CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Print Friendly & PDF) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2014-05-20] CHR Extension: (AVG PrivacyFix) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2014-03-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.) R2 BBDemon; C:\Program Files\Dassault Systemes\B205\win_b64\code\bin\CATSysDemon.exe [46592 2008-02-02] (Dassault Systemes) [File not signed] R2 FLService; C:\Program Files (x86)\GiliSoft\File Lock Pro\FLService.exe [107008 2011-06-09] () [File not signed] S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC) R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-31] (Disc Soft Ltd) R0 FileLock; C:\Windows\System32\DRIVERS\FileLock.sys [49248 2014-12-03] (Gili Soft Inc.) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-13] () R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.) R1 LUM; C:\Windows\system32\drivers\LUM.sys [24848 2007-06-05] (IBM) R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM) S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-07-01] (Intel Corporation) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2015-03-03] (Greatis Software) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited) R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider) R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-15] (Synaptics Incorporated) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfoX64.sys [X] S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 23:09 - 2015-03-06 23:10 - 00026717 _____ () C:\Users\Ivan\Desktop\FRST.txt 2015-03-06 23:09 - 2015-03-06 23:09 - 02092544 _____ (Farbar) C:\Users\Ivan\Desktop\FRST64.exe 2015-03-06 23:09 - 2015-03-06 23:09 - 00000000 ____D () C:\FRST 2015-03-05 18:48 - 2015-03-05 18:52 - 00000000 ____D () C:\Program Files (x86)\Avidemux 2.6 2015-03-05 18:41 - 2015-03-05 18:45 - 00000088 _____ () C:\Windows\SysWOW64\ada5a0709b157f49c2ee0e36fc3c42bb-x86.cache-2 2015-03-05 12:43 - 2015-03-05 12:43 - 00000000 ____D () C:\ProgramData\Baidu 2015-03-04 15:17 - 2015-03-04 15:17 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2015-03-03 20:42 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 20:42 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 20:42 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 20:42 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-03 20:06 - 2015-03-03 20:09 - 00000293 _____ () C:\Windows\SysWOW64\Partizan.RRI 2015-03-03 20:06 - 2015-03-03 20:06 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe 2015-03-03 20:03 - 2015-03-03 20:03 - 00000000 ____D () C:\ProgramData\63842c9200001db2 2015-03-03 19:54 - 2015-03-03 19:54 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys 2015-03-03 19:53 - 2015-03-03 20:06 - 00000000 ____D () C:\Users\Public\Documents\regruninfo 2015-03-03 19:53 - 2015-03-03 19:53 - 00003320 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler 2015-03-03 19:53 - 2015-03-03 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2015-03-03 19:53 - 2015-02-25 16:02 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys 2015-03-03 19:51 - 2015-03-03 20:07 - 00000000 ____D () C:\ProgramData\RegRun 2015-03-03 19:49 - 2015-03-03 20:07 - 00000000 ____D () C:\Users\Ivan\Documents\RegRun2 2015-03-03 19:49 - 2015-03-03 19:53 - 00000002 RSHOT () C:\Windows\winstart.bat 2015-03-03 19:49 - 2015-03-03 19:53 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT 2015-03-03 19:49 - 2015-03-03 19:53 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT 2015-03-03 19:49 - 2015-03-03 19:53 - 00000000 ____D () C:\Program Files (x86)\UnHackMe 2015-03-02 18:53 - 2015-03-02 18:56 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Screamer Radio 2015-03-01 09:42 - 2015-03-05 12:42 - 00000020 _____ () C:\Users\Ivan\AppData\Roaming\appdataFr3.bin 2015-03-01 09:02 - 2015-03-01 09:02 - 00000000 ____D () C:\ProgramData\AdPunisher 2015-02-25 14:26 - 2015-03-04 15:20 - 00000000 ____D () C:\Users\Ivan\Documents\samsung 2015-02-25 14:26 - 2015-02-25 14:26 - 00000000 ____D () C:\Users\Ivan\Documents\SelfMV 2015-02-25 14:25 - 2015-03-04 15:17 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Samsung 2015-02-25 14:25 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-02-25 14:25 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-02-25 14:25 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-02-25 12:08 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 12:08 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-24 19:05 - 2015-02-24 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-24 18:30 - 2015-02-24 18:30 - 00000000 ____D () C:\ProgramData\cfjlhgojnnpnfcodjnjmnlnfflcdnndo 2015-02-24 18:28 - 2015-03-03 10:11 - 00000000 ____D () C:\ProgramData\4781058752674707191 2015-02-24 18:28 - 2015-02-24 18:28 - 00000000 ____D () C:\ProgramData\hkdcmoiepbckcahbimgdajndnffnfnmc 2015-02-24 18:27 - 2015-02-25 08:30 - 00000000 ____D () C:\ProgramData\{a90a34ca-dce0-a66b-a90a-a34cadced32b} 2015-02-17 20:33 - 2015-02-17 20:33 - 00001202 _____ () C:\Users\Ivan\Desktop\Format Factory.lnk 2015-02-17 20:33 - 2015-02-17 20:33 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2015-02-17 17:53 - 2015-02-17 17:53 - 00274656 _____ () C:\Windows\Minidump\021715-10982-01.dmp 2015-02-17 17:29 - 2015-02-17 17:29 - 00274656 _____ () C:\Windows\Minidump\021715-12480-01.dmp 2015-02-12 17:17 - 2015-02-12 17:26 - 00000000 ____D () C:\Users\Ivan\Desktop\VA - Fifty Shades Of Grey OST (Deluxe Edition) (2015) 2015-02-12 16:54 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 16:54 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 16:54 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 16:54 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 08:42 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 08:42 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 08:42 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 08:42 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 08:42 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 08:42 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 08:42 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 08:42 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 08:42 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 08:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 08:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 08:42 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 08:42 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 08:42 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 08:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 08:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 08:42 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 08:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 08:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 08:42 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 08:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 08:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 08:42 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 08:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 08:42 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 08:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 08:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 08:42 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 08:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 08:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 08:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 08:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 08:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 08:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 08:42 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 08:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 08:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 08:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 08:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 08:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 08:42 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 08:42 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 08:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 08:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 08:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 08:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 08:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 08:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 08:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 08:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 08:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 08:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 08:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 08:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 08:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 08:42 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 08:42 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 08:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 08:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 08:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 08:42 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 08:42 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 08:42 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 08:42 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 08:42 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 08:42 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 08:42 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 08:42 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 08:42 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 08:42 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 08:42 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 08:42 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 08:42 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 08:42 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 08:41 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 08:41 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 08:41 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 08:41 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 08:41 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 08:41 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 08:41 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 08:41 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 08:41 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 08:41 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 08:41 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 08:41 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 08:41 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 08:41 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 08:41 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 08:41 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 08:41 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 08:41 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 08:41 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 08:41 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 08:41 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 08:41 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 08:41 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 08:41 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 08:41 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 08:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 08:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 08:41 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 08:41 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 08:41 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 08:41 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 08:41 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 08:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 08:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-08 21:48 - 2015-02-08 21:48 - 00274656 _____ () C:\Windows\Minidump\020815-11434-01.dmp 2015-02-08 12:22 - 2015-02-08 12:22 - 00274656 _____ () C:\Windows\Minidump\020815-11107-01.dmp 2015-02-08 09:23 - 2015-02-08 12:22 - 00000000 ____D () C:\Users\Ivan\Desktop\Slim Thug - Hogg Life The Beginning (2015) 2015-02-05 16:54 - 2015-02-05 16:54 - 00000000 ___HD () C:\Users\Ivan\Desktop\.picasaoriginals ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 23:09 - 2014-12-03 23:24 - 00003077 _____ () C:\Windows\FileLock.bin 2015-03-06 23:09 - 2013-02-13 20:16 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent 2015-03-06 23:07 - 2013-02-13 21:30 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-06 22:49 - 2009-07-14 05:45 - 00025936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-06 22:49 - 2009-07-14 05:45 - 00025936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-06 22:48 - 2013-02-14 00:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-06 22:13 - 2014-03-10 10:42 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job 2015-03-06 22:13 - 2013-02-13 19:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-06 21:07 - 2013-02-13 18:49 - 01315366 _____ () C:\Windows\WindowsUpdate.log 2015-03-06 20:14 - 2014-11-21 13:26 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\AVI ReComp 2015-03-06 19:24 - 2013-02-14 00:51 - 00000000 ____D () C:\Users\Ivan\Documents\ConvertXtoDVD 2015-03-06 16:11 - 2014-10-03 11:07 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\ViberPC 2015-03-06 16:11 - 2014-10-03 10:40 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Viber 2015-03-06 12:28 - 2014-06-23 20:06 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\vlc 2015-03-06 09:47 - 2009-07-14 06:13 - 00006362 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-06 09:46 - 2014-11-22 13:38 - 00030604 _____ () C:\Windows\setupact.log 2015-03-06 09:46 - 2013-02-13 20:42 - 00000000 ____D () C:\ProgramData\MCShield 2015-03-06 08:23 - 2013-02-14 00:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-06 08:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-05 18:52 - 2014-01-21 23:26 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\avidemux 2015-03-04 15:17 - 2013-02-14 01:21 - 00000000 ____D () C:\ProgramData\Samsung 2015-03-04 10:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-03 10:25 - 2013-02-13 20:11 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\AIMP3 2015-02-26 22:53 - 2013-02-14 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-02-25 19:58 - 2013-06-19 08:05 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Nitro PDF 2015-02-25 19:44 - 2013-07-03 08:31 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Dropbox 2015-02-25 14:25 - 2013-02-14 01:21 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-02-25 14:25 - 2013-02-13 18:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-25 08:20 - 2014-11-23 10:34 - 00032456 _____ () C:\Windows\PFRO.log 2015-02-24 23:15 - 2013-04-17 13:08 - 00002261 _____ () C:\Users\Ivan\Desktop\Google Chrome.lnk 2015-02-24 19:04 - 2013-02-14 00:39 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-24 15:19 - 2013-06-05 10:23 - 00000000 ____D () C:\Users\Ivan\Documents\Outlook Files 2015-02-21 21:05 - 2013-02-13 20:13 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Skype 2015-02-21 21:01 - 2013-12-10 21:00 - 00027460 _____ () C:\Windows\system32\lvcoinst.log 2015-02-21 20:54 - 2013-02-13 20:13 - 00000000 ____D () C:\ProgramData\Skype 2015-02-19 18:58 - 2014-12-26 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015 2015-02-18 22:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-17 17:53 - 2013-02-13 20:35 - 00000000 ____D () C:\Windows\Minidump 2015-02-13 16:34 - 2013-11-14 11:48 - 00001013 _____ () C:\Users\Ivan\Desktop\Dropbox.lnk 2015-02-13 16:34 - 2013-11-14 11:47 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-11 13:57 - 2009-07-14 05:45 - 00413072 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-11 13:56 - 2014-12-10 23:54 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-11 13:56 - 2014-05-05 21:35 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-11 13:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-02-11 09:12 - 2013-02-13 20:53 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 09:10 - 2013-08-12 15:07 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 09:10 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini 2015-02-11 09:06 - 2013-02-14 01:33 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-07 20:11 - 2015-01-03 14:42 - 00000852 _____ () C:\Users\Public\Desktop\Far Cry® 4.lnk 2015-02-06 21:53 - 2015-01-15 23:38 - 00000000 ____D () C:\Users\Ivan\Desktop\GOMORRA OST 2015-02-05 16:13 - 2013-02-13 19:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 16:13 - 2013-02-13 19:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 16:13 - 2013-02-13 19:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 06:43 - 2013-02-14 00:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 06:43 - 2013-02-14 00:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-04 16:39 - 2013-02-13 20:19 - 00001213 _____ () C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk ==================== Files in the root of some directories ======= 2015-03-01 09:42 - 2015-03-05 12:42 - 0000020 _____ () C:\Users\Ivan\AppData\Roaming\appdataFr3.bin 2014-09-02 17:21 - 2014-10-09 13:32 - 0099384 _____ () C:\Users\Ivan\AppData\Roaming\inst.exe 2013-02-13 20:33 - 2014-10-09 13:32 - 0007859 _____ () C:\Users\Ivan\AppData\Roaming\pcouffin.cat 2013-02-13 20:33 - 2014-10-09 13:32 - 0001167 _____ () C:\Users\Ivan\AppData\Roaming\pcouffin.inf 2014-01-22 11:58 - 2014-10-09 13:32 - 0000055 _____ () C:\Users\Ivan\AppData\Roaming\pcouffin.log 2013-02-13 20:33 - 2014-10-09 13:32 - 0082816 _____ (VSO Software) C:\Users\Ivan\AppData\Roaming\pcouffin.sys 2014-01-22 01:57 - 2014-01-22 01:57 - 0003584 _____ () C:\Users\Ivan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-09 21:53 - 2014-10-09 21:53 - 0000001 _____ () C:\Users\Ivan\AppData\Local\llftool.4.40.agreement 2014-10-10 22:59 - 2014-10-10 22:59 - 0000019 _____ () C:\Users\Ivan\AppData\Local\llftool.license 2013-06-19 07:46 - 2013-01-08 03:19 - 18158238 _____ () C:\Users\Ivan\AppData\Local\OcrMap.bin 2013-02-17 01:44 - 2014-02-02 23:07 - 0007605 _____ () C:\Users\Ivan\AppData\Local\resmon.resmoncfg 2013-02-16 17:10 - 2013-02-16 17:10 - 0017408 _____ () C:\Users\Ivan\AppData\Local\WebpageIcons.db 2014-10-26 17:57 - 2014-10-26 17:57 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2014-11-30 17:20 - 2014-11-30 17:20 - 0000930 _____ () C:\ProgramData\{67B6CD10-D61A-7838-CDD2-00002D604565} Some content of TEMP: ==================== C:\Users\Ivan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgtcnmu.dll C:\Users\Ivan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplxnhxo.dll C:\Users\Ivan\AppData\Local\Temp\Execute2App.exe C:\Users\Ivan\AppData\Local\Temp\ExPromo.exe C:\Users\Ivan\AppData\Local\Temp\FFSetup3.6.0.0.exe C:\Users\Ivan\AppData\Local\Temp\msvcp90.dll C:\Users\Ivan\AppData\Local\Temp\msvcr90.dll C:\Users\Ivan\AppData\Local\Temp\muzaf1.dll C:\Users\Ivan\AppData\Local\Temp\muzapp.dll C:\Users\Ivan\AppData\Local\Temp\muzapp.exe C:\Users\Ivan\AppData\Local\Temp\muzwmts.dll C:\Users\Ivan\AppData\Local\Temp\ochelper.exe C:\Users\Ivan\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-05 10:53 ==================== End Of Log ============================ mycity.rs/must-login.png

Profil

Sass Drake Poslao: 07 Mar 2015 16:38 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe: AdPunisher Korak 2 Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. HKLM-x32\...\Winlogon: [Shell] explorer.exe,WinUpdateCfg.exe [ ] () <=== ATTENTION BootExecute: PDBoot.exeautocheck autochk * <I??control file..????a00???0System_Microsoft Virtual Drive Enumerator Driver00oldL35.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET.MOFC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOFc:\windows\system32\wbem\iscsirem.mofc:\windows\system32\wbem\offlinefileswmiprovider_uninstall.mofc:\windows\system32\wbem\winsatuninstall.mofc:\windows\system32\wbem\wpcuninst.mofC:\PROGRAM FILES\CONDUSIV TECHNOLOGIES\DISKEEPER\DKDECOUPLEDPROVIDER.MOFC:\AS.MOFC:\FW.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOFC:\WINDOWS\SYSTEM32\WBEM\WDF01000UNINSTALL.MOFC:\WINDOWS\SYSTEM32\WBEM\WUDFXUNINSTALL.MOFC:\WINDOWS\SYSWOW64\WBEM\AACLIENT.MOFC:\WINDOWS\SYSWOW64\WBEM\CLI.MOFC:\WINDOWS\SYSWOW64\WBEM\CLIEGALIASES.MOFC:\WINDOWS\SYSWOW64\WBEM\HBAAPI.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIDSC.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIHBA.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIPRF.MOFC:\WINDOWS\SYSWOW64\WBEM\KERBEROS.MOFC:\WINDOWS\SYSWOW64\WBEM\L2SECHC.MOFC:\WINDOWS\SYSWOW64\WBEM\MSTSC.MOFC:\WINDOWS\SYSWOW64\WBEM\MSTSCAX.MOFC:\WINDOWS\SYSWOW64\WBEM\MSV1_0.MOFC:\WINDOWS\SYSWOW64\WBEM\NCI.MOFC:\WINDOWS\SYSWOW64\WBEM\NLSVC.MOFC:\WINDOWS\SYSWOW64\WBEM\OFFLINEFILESWMIPROVIDER.MOFC:\WINDOWS\SYSWOW64\WBEM\OFFLINEFILESWMIPROVIDER_UNINSTALL.MOFC:\WINDOWS\SYSWOW64\WBEM\POLICMAN.MOFC:\WINDOWS\SYSWOW64\WBEM\PPCRSOPCOMPSCHEMA.MOFC:\WINDOWS\SYSWOW64\WBEM\PPCRSOPUSERSCHEMA.MOFC:\WINDOWS\SYSWOW64\WBEM\RACWMIPROV.MOFC:\WINDOWS\SYSWOW64\WBEM\RDPENDP.MOFC:\WINDOWS\SYSWOW64\WBEM\REGEVENT.MOFC:\WINDOWS\SYSWOW64\WBEM\SCERSOP.MOFC:\WINDOWS\SYSWOW64\WBEM\SCHEDSVC.MOFC:\WINDOWS\SYSWOW64\WBEM\SERVICEMODEL.MOFC:\WINDOWS\SYSWOW64\WBEM\SERVICEMODEL35.MOFC:\WINDOWS\SYSWOW64\WBEM\SSDPSRV.MOFC:\WINDOWS\SYSWOW64\WBEM\VDS.MOFC:\WINDOWS\SYSWOW64\WBEM\VSS.MOFC:\WINDOWS\SYSWOW64\WBEM\WGXINSTALLEDGAME.MOFC:\WINDOWS\SYSWOW64\WBEM\WMIPERFCLASS.MOFC:\WINDOWS\SYSWOW64\WBEM\WMIPERFINST.MOFC:\WINDOWS\SYSWOW64\WBEM\WPCSPROV.MOFC:\WINDOWS\SYSWOW64\WBEM\WPCUNINST.MOFC:\WINDOWS\SYSWOW64\WBEM\WSCENTER.MOFC:\WINDOWS\SYSWOW64\WBEM\WSDAPI.MOFC:\WINDOWS\SYSWOW64\WBEM\EN-US\AACLIENT.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\CLI.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\CLIEGALIASES.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\HBAAPI.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\ISCSIDSC.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\ISCSIPRF.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\MSTSC.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\MSTSCAX.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\OFFLINEFILESWMIPROVIDER.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\POLICMAN.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\RACWMIPROV.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\REGEVENT.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\VDS.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\VSS.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\WGXINSTALLEDGAME.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\WSCENTER.MFL????????????????????????????????????????????????????????????????????????????????????????????????????????autocheck smrgdf C:\Users\Ivan\AppData\Roaming\iolo\Partizan CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 AlternateDataStreams: C:\ProgramData\TEMP:B4AF47A7 AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7 S3 catchme; \??\C:\ComboFix\catchme.sys [X] EmptyTemp: U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt). Korak 3 Imaš instaliranu developer verziju Google Chrome-a. Ako je ti lično nisi instalirao idi u Control Idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data. Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš. Kada ga deinstaliraš, skini ga sa Google sajta, https://www.google.com/chrome/browser/ i instaliraj opet. Korak 4 Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop Dvoklikom pokreni program. u EULA prozoru klikni na I agree. Klikni na dugme Scan i sačekaj da se završi skeniranje. Klikni na dugme Clean i pričekaj da program završi. Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu. Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem. Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl" Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

Profil

stanoye Poslao: 07 Mar 2015 23:02 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01 Ran by Ivan at 2015-03-07 22:48:34 Run:1 Running from C:\Users\Ivan\Desktop Loaded Profiles: Ivan (Available profiles: Ivan) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Winlogon: [Shell] explorer.exe,WinUpdateCfg.exe [ ] () <=== ATTENTION BootExecute: PDBoot.exeautocheck autochk * <I??control file..????a00???0System_Microsoft Virtual Drive Enumerator Driver00oldL35.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET.MOFC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOFc:\windows\system32\wbem\iscsirem.mofc:\windows\system32\wbem\offlinefileswmiprovider_uninstall.mofc:\windows\system32\wbem\winsatuninstall.mofc:\windows\system32\wbem\wpcuninst.mofC:\PROGRAM FILES\CONDUSIV TECHNOLOGIES\DISKEEPER\DKDECOUPLEDPROVIDER.MOFC:\AS.MOFC:\FW.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOFC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOFC:\WINDOWS\SYSTEM32\WBEM\WDF01000UNINSTALL.MOFC:\WINDOWS\SYSTEM32\WBEM\WUDFXUNINSTALL.MOFC:\WINDOWS\SYSWOW64\WBEM\AACLIENT.MOFC:\WINDOWS\SYSWOW64\WBEM\CLI.MOFC:\WINDOWS\SYSWOW64\WBEM\CLIEGALIASES.MOFC:\WINDOWS\SYSWOW64\WBEM\HBAAPI.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIDSC.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIHBA.MOFC:\WINDOWS\SYSWOW64\WBEM\ISCSIPRF.MOFC:\WINDOWS\SYSWOW64\WBEM\KERBEROS.MOFC:\WINDOWS\SYSWOW64\WBEM\L2SECHC.MOFC:\WINDOWS\SYSWOW64\WBEM\MSTSC.MOFC:\WINDOWS\SYSWOW64\WBEM\MSTSCAX.MOFC:\WINDOWS\SYSWOW64\WBEM\MSV1_0.MOFC:\WINDOWS\SYSWOW64\WBEM\NCI.MOFC:\WINDOWS\SYSWOW64\WBEM\NLSVC.MOFC:\WINDOWS\SYSWOW64\WBEM\OFFLINEFILESWMIPROVIDER.MOFC:\WINDOWS\SYSWOW64\WBEM\OFFLINEFILESWMIPROVIDER_UNINSTALL.MOFC:\WINDOWS\SYSWOW64\WBEM\POLICMAN.MOFC:\WINDOWS\SYSWOW64\WBEM\PPCRSOPCOMPSCHEMA.MOFC:\WINDOWS\SYSWOW64\WBEM\PPCRSOPUSERSCHEMA.MOFC:\WINDOWS\SYSWOW64\WBEM\RACWMIPROV.MOFC:\WINDOWS\SYSWOW64\WBEM\RDPENDP.MOFC:\WINDOWS\SYSWOW64\WBEM\REGEVENT.MOFC:\WINDOWS\SYSWOW64\WBEM\SCERSOP.MOFC:\WINDOWS\SYSWOW64\WBEM\SCHEDSVC.MOFC:\WINDOWS\SYSWOW64\WBEM\SERVICEMODEL.MOFC:\WINDOWS\SYSWOW64\WBEM\SERVICEMODEL35.MOFC:\WINDOWS\SYSWOW64\WBEM\SSDPSRV.MOFC:\WINDOWS\SYSWOW64\WBEM\VDS.MOFC:\WINDOWS\SYSWOW64\WBEM\VSS.MOFC:\WINDOWS\SYSWOW64\WBEM\WGXINSTALLEDGAME.MOFC:\WINDOWS\SYSWOW64\WBEM\WMIPERFCLASS.MOFC:\WINDOWS\SYSWOW64\WBEM\WMIPERFINST.MOFC:\WINDOWS\SYSWOW64\WBEM\WPCSPROV.MOFC:\WINDOWS\SYSWOW64\WBEM\WPCUNINST.MOFC:\WINDOWS\SYSWOW64\WBEM\WSCENTER.MOFC:\WINDOWS\SYSWOW64\WBEM\WSDAPI.MOFC:\WINDOWS\SYSWOW64\WBEM\EN-US\AACLIENT.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\CLI.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\CLIEGALIASES.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\HBAAPI.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\ISCSIDSC.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\ISCSIPRF.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\MSTSC.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\MSTSCAX.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\OFFLINEFILESWMIPROVIDER.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\POLICMAN.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\RACWMIPROV.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\REGEVENT.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\VDS.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\VSS.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\WGXINSTALLEDGAME.MFLC:\WINDOWS\SYSWOW64\WBEM\EN-US\WSCENTER.MFL????????????????????????????????????????????????????????????????????????????????????????????????????????autocheck smrgdf C:\Users\Ivan\AppData\Roaming\iolo\Partizan CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 AlternateDataStreams: C:\ProgramData\TEMP:B4AF47A7 AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7 S3 catchme; \??\C:\ComboFix\catchme.sys [X] EmptyTemp: ***************** HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-1920287994-4166790629-4267699446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. C:\Windows => ":nlsPreferences" ADS removed successfully. C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully. C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully. C:\ProgramData\TEMP => ":B4AF47A7" ADS removed successfully. C:\ProgramData\TEMP => ":BF3D62E7" ADS removed successfully. catchme => Service deleted successfully. EmptyTemp: => Removed 913 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:48:51 ==== mycity.rs/must-login.png

Profil

Sass Drake Poslao: 08 Mar 2015 10:01 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop. Zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; dvoklikom pokreni zoek.exe; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sljedeći tekst: `startupall; skipfix-iedefaults; firefoxlook; chromelook; filesrcm;` Klikni na dugme i pričekaj da se skeniranje završi. Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju. Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadržaj tog loga u poruku.

Profil

stanoye Poslao: 08 Mar 2015 11:06 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zoek.exe v5.0.0.0 Updated 07-March-2015 Tool run by Ivan on ned 08.03.2015 at 11:00:15,48. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ivan\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 8.3.2015 11:00:45 Zoek.exe System Restore Point Created Succesfully. ==== Batch Command(s) Run By Tool====================== C:\Windows\system32\appdata deleted ==== Deleting Files \ Folders ====================== C:\Windows\syswow64\appdata deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-03-03 18:49:44 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\winstart.bat ====== C:\Users\Ivan\AppData\Local\Temp ==== 2015-03-08 05:52:07 057631047016A448B842B96E872B132B 43008 ----a-w- C:\Users\Ivan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzfcdt.dll 2015-03-08 05:40:28 057631047016A448B842B96E872B132B 43008 ----a-w- C:\Users\Ivan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnxqc1x.dll 2015-03-07 22:15:46 FFF2C9BA6AB0C6F3A290CD3FBCBDF3C0 165704 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\psmachine.dll 2015-03-07 22:15:46 C51C9B677C0BF6651B4D0AEE60E005A7 188232 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\psmachine_64.dll 2015-03-07 22:15:46 98137411B9C632095F919E2CE70B288A 599368 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\npGoogleUpdate3.dll 2015-03-07 22:15:46 821CC209D61D0ED1F4C86ABE0C8A1319 188232 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\psuser_64.dll 2015-03-07 22:15:46 580930FD62744F10FCDD5375E201BEEA 165704 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\psuser.dll 2015-03-07 22:15:45 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateOnDemand.exe 2015-03-07 22:15:45 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateComRegisterShell64.exe 2015-03-07 22:15:45 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdate.exe 2015-03-07 22:15:45 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleCrashHandler.exe 2015-03-07 22:15:45 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateSetup.exe 2015-03-07 22:15:45 7502515B2447293E7239840134391CE0 28160 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateHelper.msi 2015-03-07 22:15:45 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateWebPlugin.exe 2015-03-07 22:15:45 5C2593649CF4FE6B9ED6F9A734DBF344 1683272 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\goopdate.dll 2015-03-07 22:15:45 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateBroker.exe 2015-03-07 22:15:45 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleCrashHandler64.exe ====== Java Cache ===== 2015-02-16 19:48:58 EBE41E2E243585CEEF82633A31DA140A 434 ----a-w- C:\Users\Ivan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4bd5cc3c-5e3f92e43995fa53ffea9daf8440a7e1c46da4142225dac46e2cfde55cb88e66-6.0.lap 2015-02-16 19:48:58 5F30A3D059CC5FB54F8CDF1CD75ADBC5 19380 ----a-w- C:\Users\Ivan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\18cf85fe-4ff3536d ====== C:\Windows\SysWOW64 ===== 2015-03-05 17:41:12 C55578F7BCD590977170963454F06230 88 ----a-w- C:\Windows\SysWOW64\ada5a0709b157f49c2ee0e36fc3c42bb-x86.cache-2 2015-03-03 19:42:18 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll 2015-03-03 19:06:35 D22B078EAD5480E1A267EFD3934D67C7 293 ----a-w- C:\Windows\SysWOW64\Partizan.RRI 2015-03-03 18:49:44 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\SysWOW64\CONFIG.NT 2015-03-03 18:49:44 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\SysWOW64\AUTOEXEC.NT 2015-02-25 13:25:13 7753FC56F9CAC4B5AFDA3196DB654F21 144664 ----a-w- C:\Windows\SysWOW64\secman.dll 2015-02-25 11:08:47 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-03-03 19:42:18 D713D6446DDBB474D801F361B4B186EA 950272 ----a-w- C:\Windows\Sysnative\perftrack.dll 2015-03-03 19:42:18 C6F7473B55510F0B93961DA03D8E3B38 91136 ----a-w- C:\Windows\Sysnative\wdi.dll 2015-03-03 19:42:18 AA7079AD52B8BFBAE94167D54C32F84F 29696 ----a-w- C:\Windows\Sysnative\powertracker.dll 2015-03-03 19:06:35 D5915A4C454E50D76B343019D9978373 40208 ----a-w- C:\Windows\Sysnative\Partizan.exe 2015-02-25 11:08:47 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls ====== C:\Windows\Sysnative\drivers ===== 2015-02-25 13:25:39 91310683D7B6B292B746D60734B59322 206080 ----a-w- C:\Windows\Sysnative\drivers\ssudmdm.sys 2015-02-25 13:25:39 30710AEFCE721CEEE0F35EB6A01C263C 110336 ----a-w- C:\Windows\Sysnative\drivers\ssudbus.sys 2015-02-11 07:41:53 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-02-11 07:41:53 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-11 07:41:53 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-03-05 17:48:59 -------- d-----w- C:\PROGRA~2\Avidemux 2.6 2015-03-03 18:49:38 -------- d-----w- C:\PROGRA~2\UnHackMe ======= C: ===== ====== C:\Users\Ivan\AppData\Roaming ====== 2015-03-02 17:53:50 -------- d-----w- C:\Users\Ivan\AppData\Local\Screamer Radio 2015-03-01 08:42:56 2AEE73AF0408FAB9DB0A3B48A8F28B77 20 ----a-w- C:\Users\Ivan\AppData\Roaming\appdataFr3.bin 2015-02-25 13:25:14 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Samsung 2015-02-17 19:33:18 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory ====== C:\Users\Ivan ====== 2015-03-08 05:37:17 -------- d-----w- C:\ProgramData\Baidu 2015-03-07 22:16:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-07 21:52:56 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Ivan\Desktop\AdwCleaner.exe 2015-03-06 22:09:00 0CEC5D30350DD4487CB46CBC766168FE 2094592 ----a-w- C:\Users\Ivan\Desktop\FRST64.exe 2015-03-04 14:17:36 -------- d-----w- C:\Users\Public\Documents\NativeFus_Log 2015-03-03 18:51:40 -------- d-----w- C:\ProgramData\RegRun 2015-03-01 08:02:29 -------- d-----w- C:\ProgramData\AdPunisher 2015-02-24 17:27:59 -------- d-----w- C:\ProgramData\{a90a34ca-dce0-a66b-a90a-a34cadced32b} 2015-02-19 17:55:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015 DLC Installer ====== C: exe-files == 2015-03-07 22:16:36 B396940887A697BD797DC2EB20EA2E19 41424976 ----a-w- C:\Program Files (x86)\Google\Update\Install\{8321298C-302C-4289-9EDC-1B3925B21CEE}\41.0.2272.76_chrome_installer.exe 2015-03-07 22:16:36 B396940887A697BD797DC2EB20EA2E19 41424976 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\41.0.2272.76\41.0.2272.76_chrome_installer.exe 2015-03-07 22:15:45 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateOnDemand.exe 2015-03-07 22:15:45 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateComRegisterShell64.exe 2015-03-07 22:15:45 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdate.exe 2015-03-07 22:15:45 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleCrashHandler.exe 2015-03-07 22:15:45 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateSetup.exe 2015-03-07 22:15:45 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateWebPlugin.exe 2015-03-07 22:15:45 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleUpdateBroker.exe 2015-03-07 22:15:45 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Users\Ivan\AppData\Local\Temp\{8F68C250-6580-4220-B1B8-8484419F3CD8}\GoogleCrashHandler64.exe 2015-03-07 22:13:18 7EA5D6C2CE669BBCCEF968DEDC37E2AF 9092688 ----a-w- C:\Program Files (x86)\Google\Update\Install\{828410C5-D716-4A22-9295-9703BEBEAE64}\41.0.2272.76_40.0.2214.115_chrome_updater.exe 2015-03-07 22:13:18 7EA5D6C2CE669BBCCEF968DEDC37E2AF 9092688 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.76\41.0.2272.76_40.0.2214.115_chrome_updater.exe 2015-03-07 21:52:56 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Ivan\Desktop\AdwCleaner.exe 2015-03-06 22:09:00 DB067FDB6AD6DAC38B7A69B282593D54 2092544 ----a-w- C:\Users\Ivan\Desktop\FRST-OlderVersion\FRST64.exe 2015-03-06 22:09:00 0CEC5D30350DD4487CB46CBC766168FE 2094592 ----a-w- C:\Users\Ivan\Desktop\FRST64.exe 2015-03-03 21:23:52 7C83E887E8DFD5FEA0E06D7116B99360 1742928 ----a-w- C:\Users\Ivan\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe 2015-03-03 19:06:35 D5915A4C454E50D76B343019D9978373 40208 ----a-w- C:\Windows\System32\Partizan.exe === C: other files == 2015-03-03 18:49:49 AEAD86162E5024A045D1B9CC970F9FF9 425261 ----a-w- C:\Program Files (x86)\UnHackMe\dbs.zip 2015-03-03 18:49:44 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\winstart.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1920287994-4166790629-4267699446-1000\Software\Microsoft\Windows\CurrentVersion\Run] "xwidget"="C:\Program Files (x86)\XWidget\xwidget.exe" "MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" "uTorrent"="C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "f.lux"="C:\Users\Ivan\AppData\Local\FluxSoftware\Flux\flux.exe /noshow" "Gili File Lock Helper"="C:\Program Files (x86)\GiliSoft\File Lock Pro\WinFLockerHelp.exe CheckLockedFolder" "appnhost"="C:\Users\Ivan\AppData\Local\Mixesoft\AppNHost\appnhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "StartCCC"="C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "EasyTuneVI"="C:\Program Files (x86)\gigabyte\ET6\ETCall.exe" "GBTUpd"="C:\Program Files (x86)\gigabyte\UpdManager\PreRun.exe" "Target"="\??\C:\Users\Ivan\AppData\Local\Temp\_iu14D2N.tmp" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "xwidget"="C:\Program Files (x86)\XWidget\xwidget.exe" "MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" "uTorrent"="C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "f.lux"="C:\Users\Ivan\AppData\Local\FluxSoftware\Flux\flux.exe /noshow" "Gili File Lock Helper"="C:\Program Files (x86)\GiliSoft\File Lock Pro\WinFLockerHelp.exe CheckLockedFolder" "appnhost"="C:\Users\Ivan\AppData\Local\Mixesoft\AppNHost\appnhost.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "command"="c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe" "hkey"="HKLM" "item"="Adobe ARM" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" "hkey"="HKCU" "item"="DAEMON Tools Lite" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup] "command"="c:\\progra~2\\common~1\\instal~1\\update~1\\isuspm.exe -startup" "hkey"="HKCU" "item"="ISUSPM Startup" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler] "command"="\"c:\\program files (x86)\\common files\\installshield\\updateservice\\issch.exe\" -start" "hkey"="HKLM" "item"="ISUSScheduler" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "command"="c:\\program files (x86)\\samsung\\kies\\kies.exe /preload" "hkey"="HKCU" "item"="KiesPreload" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "command"="c:\\program files (x86)\\samsung\\kies\\kiestrayagent.exe" "hkey"="HKLM" "item"="KiesTrayAgent" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "command"="\"c:\\program files (x86)\\common files\\java\\java update\\jusched.exe\"" "hkey"="HKLM" "item"="SunJavaUpdateSched" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid] "hkey"="HKCU" "item"="Xvid" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05.02.2015 16:13] C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS\AutoKMS.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14.02.2013 00:56] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14.02.2013 00:56] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\iolo Process Governor" [C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe] "C:\Windows\SysNative\tasks\klcp_update" ["C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.76 (Up to date, latest Stable version: 41.0.2272.76) Comodo Drag&Drop Service - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo Comodo Web Inspector - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn Comodo Media Downloader - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo Snow - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kdcgdhlccojbnonmhcioigcdodakjcmh Comodo Share Page Service - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf Google Wallet - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Awesome Screenshot: Capture Annotate - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce Google Drive - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf SocialReviver - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald YouTube - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Video Downloader professional - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil Photo Zoom for Facebook - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi Stylish - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe ClickClean - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod AdBlock - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Chrome Hotword Shared Module - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg SmartVideo - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp Google Wallet - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Print Friendly & PDF - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj ClickClean App - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp Gmail - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2 folders=4 16449 bytes) ==== EOF on ned 08.03.2015 at 11:06:04,05 ======================

Profil

Sass Drake Poslao: 08 Mar 2015 11:18 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo mi izgleda čisto. Kakvo je sada stanje? Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

stanoye Poslao: 08 Mar 2015 12:05 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Odlično, više nemam problema, hvala! Malwarebytes Anti-Rootkit BETA 1.09.1.1004 malwarebytes.org Database version: main: v2015.03.08.04 rootkit: v2015.02.25.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17633 Ivan :: IVAN-PC [administrator] 8.3.2015 11:54:20 mbar-log-2015-03-08 (11-54-20).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit \| Drivers \| MBR \| Physical Sectors \| Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken Scan options disabled: Objects scanned: 390504 Time elapsed: 6 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) mycity.rs/must-login.png

Profil

Sass Drake Poslao: 08 Mar 2015 18:01 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Onda bismo završili. • Sledeća procedura će implementirati završno čišćenje. Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop. Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija; Remove disinfection tools Create registry backup Purge System Restore Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad. Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani. Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt) Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja. Pozdrav.

Profil

stanoye Poslao: 08 Mar 2015 19:56 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala puno pozz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Ciscenje

Ko je trenutno na forumu

Ukupno su 1176 korisnika na forumu :: 46 registrovanih, 6 sakrivenih i 1124 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, babaroga, bobomicek, bokisha253, ccoogg123, cifra, darkojbn, deLacy, doktor1964, DPera, dragoljub11987, dulleo, FOX, Georgius, Grah0, havoc995, hyla, ivica976, jackreacher011011, Karla, Krvava Devetka, ksyyaj, laganini123, Lucije Kvint, Mercury, milenko crazy north, milimoj, Mixelotti, mkukoleca, opt1, ozzy, panzerwaffe, radoznao, robert1979, Sirius, stalja, stankolich, Steeeefan, theNedjeljko, tomigun, Tores, vukovi, wizzardone, yrraf, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by