Deinstalacija Tencent Tecgnology QQ (kineski, maliciozni program)

1

Deinstalacija Tencent Tecgnology QQ (kineski, maliciozni program)

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 307

• Pri pokretanju windows-a pokrene se taj program, kada nešto prezmem sa interneta pojave mi se neka slova na kineskom i ne znam šta znače. Pokušavao sam da ga isključim pomoću Task Managera ali nije uspjelo.
• Problem se počeo ispoljavati prije sedmicu dana (mislim, nisam siguran) kada sam instalirao YT downloader i zajedno sa njim instalirao jos 4 neka bezvezna pograma (jedan od njih je bio i taj kineski).
• Koristim ESET NOD32 Antivirus i on je nešta detektovao, ali sve je uspio očistiti. Ako želite da pogledati šta je bilo evo vam link pa skinite: https://www.sendspace.com/file/qsgcvz
• Pokušao sam Add or Remove programs dag a izbrišem, ali ga tu nisu pronašli. Zatim sam pokušavao i da ga isključim i sa Startup programa, ali system mi to nije dozvolio. Skinuo sam MaxUninstaller I RevoUninstaller, ali ni oni nisu pomogli.
• Raspolažem kablovskom konekcijom ADSL (BH Telecom BiH). Kada ucitam speedtest-ovu stranicu nema mi onog za testiranje brzine internet, ali zadnji put kada sam to mjerio ispalo je otprilike ovako: PING: ne sjećam se, DOWNLOAD SPEED: 4,5 MBps, UPLOAD SPEED: 0,32 MBps.
• Dodatne informacije: Program se zove Tencent Technology QQ. Porijeklom je iz Kine, i na kineskom jeziku. Usporava rad računara malo, ali zato puno usporava rad browsera.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Amar (administrator) on AMAR-PC on 18-06-2015 12:36:24
Running from C:\Users\Amar\Downloads
Loaded Profiles: Amar & UpdatusUser (Available Profiles: Amar & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRTP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRealTimeSpeedup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(腾讯公司) C:\Users\Amar\AppData\Roaming\Tencent\AndroidServer\1.0.0.485\AndroidServer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTRAY.EXE [355296 2015-06-11] (Tencent)
HKLM-x32\...\Run: [PDF Seven] => C:\Program Files\PDFSeven\PDF.exe [489472 2009-12-10] (PDFLogic Corporation)
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\MountPoints2: F - F:\LGAutoRun.exe
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\MountPoints2: {97bc34de-ffca-11e4-8ab1-001fd0d81833} - F:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll [2015-06-11] (Tencent)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=143405.....Y1BAEJY1BX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=98115343_hao_pg
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=14.....1BX&q={searchTerms}
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=98115343_hao_pg
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=143405.....Y1BAEJY1BX
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=14.....1BX&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = http://www.default-search.net/search?sid=578&a.....=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = http://www.default-search.net/search?sid=578&a.....=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24457&r=2015/05/29&hid=1914874679025766387&lg=EN&cc=BA&unqvl=88
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=14.....1BX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&ut.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&ut.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=14.....1BX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL =
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.istartsurf.com/web/?utm_source=b&ut.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&ut.....ult&q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSWebMon64.dat [2015-06-11] (Tencent)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove Folder Synchronization -> {5AF16DF1-1649-5F90-6952-72AE2CD63D6C} -> C:\Windows\SysWow64\msoorc32r.dll [2009-07-14] ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> No Name - {42435041-352D-5350-00A7-7A786E7484D7} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{115EF0E8-F4C7-45ED-93B3-5CF4FB330A84}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istartsurf
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchtotal.info/?pid=24457&r=2015/05/29&hid=1914874679025766387&lg=EN&cc=BA&unqvl=88&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: istartsurf
FF SelectedSearchEngine,S: WebSearch
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.searchtotal.info/?pid=24457&r=2015/05/29&hid=1914874679025766387&lg=EN&cc=BA&unqvl=88&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll [2015-06-11] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3894383191-3516363779-2002392177-1003: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF user.js: detected! => C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\user.js [2015-06-17]
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\default-search.xml [2015-05-24]
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\istartsurf.xml [2015-06-17]
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\WebSearch.xml [2015-05-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2015-05-24]
FF Extension: DigISuaover - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\OL@A.net [2015-05-26]
FF Extension: The AdBlocker - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\olmlridtzwamkt@cnjembqhqbbpywfqbtd.net [2015-06-05]
FF Extension: QuickSearch - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\searchffv2@gmail.com [2015-06-11]
FF Extension: Search Enginer - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\sweetsearch@gmail.com [2015-06-11]
FF Extension: Ge-ForcePlus v3 - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-06-17]
FF Extension: PriceMMinouS - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\x0yeZPO@rl.edu [2015-05-29]
FF Extension: Shopper-Pro - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-06-16]
FF Extension: MEGA - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\firefox@mega.co.nz.xpi [2015-05-22]
FF Extension: YouTube mp3 - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\info@youtube-mp3.org.xpi [2015-05-25]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\extensions\searchffv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\extensions\sweetsearch@gmail.com

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11]
CHR Extension: (Google Drive) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-11]
CHR Extension: (YouTube) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-20]
CHR Extension: (Google Search) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-20]
CHR Extension: (Google Sheets) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ooebklgpfnbcnpokahmdidgbmlcdepkm] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S2 PDFSevenPrinting; C:\Program Files\PDFSeven\PDFSevenPrinting.exe [513536 2009-07-06] (PDFLogic Corporation) [File not signed]
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRTP.exe [297608 2015-06-11] (Tencent)
S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TAOFrame.exe [293728 2015-06-11] (Tencent)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ba96e052; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemPlus\SystemPlus.dll",serv
S2 SmdmFService; C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe [X]
S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe /service [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159480 2015-01-30] (ESET)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUdisk64.sys [62264 2015-04-17] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [129336 2015-06-11] (电脑管家)
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-06-01] ()
R2 SPDRIVER_1.42.1.1870; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1870\jsdrv.sys [52376 2015-06-01] ()
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-06-11] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-11] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-11] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TS888x64.sys [28984 2015-06-18] (Tencent)
R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\tscpm64.sys [42296 2015-06-11] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSDefenseBT64.sys [28472 2015-06-11] (Tencent)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-11] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSSysKit64.sys [87352 2015-06-11] (电脑管家)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 12:36 - 2015-06-18 12:36 - 00018890 _____ C:\Users\Amar\Downloads\FRST.txt
2015-06-18 12:36 - 2015-06-18 12:36 - 00000000 ____D C:\FRST
2015-06-18 12:35 - 2015-06-18 12:35 - 02109952 _____ (Farbar) C:\Users\Amar\Downloads\FRST64.exe
2015-06-17 18:49 - 2015-06-17 18:49 - 00002317 _____ C:\Users\Amar\Desktop\Minecraft.lnk
2015-06-17 18:04 - 2015-06-17 18:04 - 00003628 _____ C:\Users\Amar\Desktop\Antivirus-Scan.txt
2015-06-17 16:28 - 2015-06-17 16:28 - 00001417 _____ C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-17 16:16 - 2015-06-17 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-06-17 16:16 - 2015-06-17 16:16 - 00000000 ____D C:\ProgramData\ESET
2015-06-17 16:16 - 2015-06-17 16:16 - 00000000 ____D C:\Program Files\ESET
2015-06-17 16:08 - 2015-06-17 16:11 - 77025280 _____ C:\Users\Amar\Downloads\eav_nt64_ENU.msi
2015-06-17 16:00 - 2015-06-17 16:00 - 00006749 _____ C:\Users\Amar\Downloads\Internet Explorer Launcher.widget
2015-06-17 15:36 - 2015-06-17 15:37 - 00001595 _____ C:\Windows\IE11_main.log
2015-06-16 18:52 - 2015-06-18 12:17 - 00000392 _____ C:\Windows\setupact.log
2015-06-16 18:52 - 2015-06-16 18:52 - 00000000 _____ C:\Windows\setuperr.log
2015-06-16 18:51 - 2015-06-18 12:17 - 00003962 _____ C:\Windows\PFRO.log
2015-06-16 17:19 - 2015-06-16 17:19 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-16 17:19 - 2015-06-16 17:19 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-16 17:19 - 2015-06-16 17:19 - 00000000 ____D C:\Program Files\CCleaner
2015-06-16 17:17 - 2015-06-16 17:17 - 06552640 _____ (Piriform Ltd) C:\Users\Amar\Downloads\ccsetup506pro.exe
2015-06-16 17:04 - 2015-06-16 17:06 - 55915216 _____ (Microsoft Corporation) C:\Users\Amar\Downloads\IE11-Windows6.1-x64-en-us.exe
2015-06-16 16:20 - 2015-06-16 16:20 - 04764824 _____ (http://www.maxuninstaller.com/ ) C:\Users\Amar\Downloads\MaxUninstaller_Setup.exe
2015-06-16 16:19 - 2015-06-16 16:19 - 00000000 ____D C:\Users\Amar\AppData\Roaming\DriveTheLife2013
2015-06-15 22:45 - 2015-06-15 22:45 - 00000000 ____D C:\Windows\en
2015-06-15 22:44 - 2015-06-15 22:44 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-06-15 22:44 - 2015-06-15 22:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-06-15 22:43 - 2015-06-15 22:43 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-06-15 22:43 - 2015-06-15 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-15 22:42 - 2015-06-15 22:44 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-06-15 22:41 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-06-15 22:41 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-06-15 22:41 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-06-15 22:41 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-06-15 22:40 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-06-15 22:40 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-06-15 22:40 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-06-15 22:40 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-06-15 22:39 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-06-15 22:39 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-06-15 22:35 - 2015-06-16 12:22 - 00000000 ____D C:\Users\Amar\AppData\Local\Windows Live
2015-06-15 22:33 - 2015-06-15 22:33 - 01239752 _____ (Microsoft Corporation) C:\Users\Amar\Downloads\wlsetup-web.exe
2015-06-15 21:12 - 2015-06-15 21:12 - 00000000 ____D C:\Windows\SysWOW64\3060
2015-06-14 22:11 - 2015-06-15 20:13 - 00000000 ____D C:\Users\Amar\Documents\SonyVegasPro13
2015-06-14 20:58 - 2015-06-14 20:58 - 00004768 _____ C:\Users\Amar\Downloads\Big Explosion Effect Video Mp4 HD Sound.mp4.sfk
2015-06-14 20:57 - 2015-06-14 20:57 - 00287801 _____ C:\Users\Amar\Downloads\Big Explosion Effect Video Mp4 HD Sound.mp4
2015-06-12 15:56 - 2015-06-14 22:36 - 00000000 ____D C:\Users\Amar\Documents\Bandicam
2015-06-12 15:56 - 2015-06-12 15:56 - 00000000 ____D C:\Users\Amar\AppData\Roaming\BANDISOFT
2015-06-12 15:49 - 2015-06-12 15:49 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk
2015-06-12 15:49 - 2015-06-12 15:49 - 00000992 _____ C:\Users\Amar\Desktop\Bandicam.lnk
2015-06-12 15:49 - 2015-06-12 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-06-12 15:49 - 2015-06-12 15:49 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2015-06-12 15:49 - 2015-06-12 15:49 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-06-12 15:45 - 2015-06-12 15:45 - 09870176 _____ (Bandisoft) C:\Users\Amar\Downloads\bdcamsetup.exe
2015-06-12 15:45 - 2015-06-12 15:45 - 00049664 _____ C:\Users\Amar\Downloads\keymaker.exe
2015-06-12 12:20 - 2015-06-12 12:20 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-12 12:01 - 2015-06-12 12:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-12 12:01 - 2015-06-12 12:01 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-12 12:00 - 2015-06-12 12:00 - 08051800 _____ (TeamViewer GmbH) C:\Users\Amar\Downloads\TeamViewer_Setup_hr.exe
2015-06-12 11:36 - 2015-06-12 11:36 - 00000036 _____ C:\Users\Amar\Documents\BalkanTrio.MP4.sfl
2015-06-12 11:35 - 2015-06-12 11:36 - 09821278 _____ C:\Users\Amar\Documents\BalkanTrio.MP4
2015-06-12 11:14 - 2012-10-03 12:24 - 857409536 _____ C:\Users\Amar\Downloads\Smoking_Text.avi
2015-06-12 11:14 - 2012-10-03 12:22 - 00015344 _____ C:\Users\Amar\Downloads\Smoking_Text.veg
2015-06-12 11:14 - 2012-04-19 14:28 - 01169517 _____ C:\Users\Amar\Downloads\smoke_pass.mp4
2015-06-12 11:13 - 2015-06-12 11:13 - 00000000 ____D C:\Users\Amar\Downloads\Smoking-Text
2015-06-12 11:03 - 2015-06-12 11:05 - 23338527 _____ C:\Users\Amar\Downloads\Smoking-Text.zip
2015-06-12 10:27 - 2015-06-12 10:27 - 00000000 ____D C:\Users\Amar\Documents\Lightshot
2015-06-11 22:49 - 2015-06-11 22:49 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Publish Providers
2015-06-11 22:36 - 2015-06-11 22:36 - 00000000 ____D C:\ProgramData\Sony
2015-06-11 22:36 - 2015-06-11 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-06-11 22:36 - 2015-06-11 22:36 - 00000000 ____D C:\Program Files (x86)\Sony
2015-06-11 22:11 - 2015-06-11 22:31 - 411005560 _____ (Sony Creative Software Inc.) C:\Users\Amar\Downloads\vegaspro13.0.453.exe
2015-06-11 22:06 - 2015-06-11 22:06 - 00003140 _____ C:\Windows\System32\Tasks\{E6F26AAD-9F61-4583-803B-70B8D8EB34FC}
2015-06-11 22:04 - 2015-06-11 22:06 - 40839715 _____ (Sony Creative Software Inc.) C:\Users\Amar\Downloads\Unconfirmed 715274.crdownload
2015-06-11 21:59 - 2015-06-18 12:18 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-11 21:38 - 2015-06-11 22:07 - 00000000 ____D C:\Program Files (x86)\MiniGet
2015-06-11 21:38 - 2015-06-11 21:38 - 00000000 ____D C:\Users\Amar\AppData\Roaming\MiniGet
2015-06-11 21:36 - 2015-06-17 18:32 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-06-11 21:36 - 2015-06-17 16:40 - 00000000 ____D C:\ProgramData\TymraSaq
2015-06-11 21:36 - 2015-06-11 21:36 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-06-11 21:36 - 2015-06-11 21:36 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-06-11 21:36 - 2015-06-11 21:35 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-11 21:35 - 2015-06-17 16:24 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-06-11 21:35 - 2015-06-11 21:35 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-11 21:35 - 2015-06-11 21:35 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-11 21:35 - 2015-06-11 21:35 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-11 21:35 - 2015-06-11 21:35 - 00000000 _____ C:\Windows\prleth.sys
2015-06-11 21:35 - 2015-06-11 21:35 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-11 21:34 - 2015-06-17 15:17 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Tencent
2015-06-11 21:34 - 2015-06-12 12:24 - 00000000 ____D C:\ProgramData\Tencent
2015-06-11 21:34 - 2015-06-11 21:34 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-11 21:30 - 2015-06-11 21:30 - 00000000 ____D C:\ProgramData\Rising
2015-06-11 21:17 - 2015-06-11 21:34 - 224907828 _____ (Sony Creative Software Inc.) C:\Users\Amar\Downloads\Unconfirmed 110625.crdownload
2015-06-10 21:35 - 2015-06-10 21:35 - 00394273 _____ C:\Users\Amar\Downloads\Za Mrezu MB-stambeni.zip
2015-06-10 11:52 - 2015-06-10 11:52 - 05235200 _____ C:\Users\Amar\Downloads\Lista SP za Mrezu -KAKANJ 1.xls
2015-06-10 10:59 - 2015-06-10 10:59 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (12).xlsx
2015-06-10 10:56 - 2015-06-10 10:56 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (11).xlsx
2015-06-10 10:54 - 2015-06-10 10:54 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (9).xlsx
2015-06-10 10:54 - 2015-06-10 10:54 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (10).xlsx
2015-06-10 10:53 - 2015-06-10 10:53 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (8).xlsx
2015-06-10 10:53 - 2015-06-10 10:53 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (7).xlsx
2015-06-10 10:52 - 2015-06-10 10:52 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (6).xlsx
2015-06-10 10:52 - 2015-06-10 10:52 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (5).xlsx
2015-06-10 10:50 - 2015-06-10 10:50 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (4).xlsx
2015-06-10 10:12 - 2015-06-10 10:12 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (3).xlsx
2015-06-10 10:10 - 2015-06-10 10:10 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (2).xlsx
2015-06-10 10:09 - 2015-06-10 10:09 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti (1).xlsx
2015-06-10 10:07 - 2015-06-10 10:07 - 00015196 _____ C:\Users\Amar\Downloads\spisak Kakanj gosti.xlsx
2015-06-09 15:17 - 2015-06-09 15:18 - 01955328 _____ C:\Users\Amar\Downloads\kategorizacija_retail klijenti (1).ppt
2015-06-09 15:16 - 2015-06-09 15:17 - 01955328 _____ C:\Users\Amar\Downloads\kategorizacija_retail klijenti.ppt
2015-06-09 12:45 - 2015-06-09 12:45 - 00170962 _____ C:\Users\Amar\Downloads\mmffncokckfccddfenhkhnllmlobdahm_main (1).crx
2015-06-09 12:44 - 2015-06-09 12:44 - 00170962 _____ C:\Users\Amar\Downloads\mmffncokckfccddfenhkhnllmlobdahm_main.crx
2015-06-08 23:30 - 2015-06-17 20:39 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2015-06-08 23:30 - 2015-06-17 19:42 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-3894383191-3516363779-2002392177-1001.job
2015-06-08 23:30 - 2015-06-08 23:30 - 00003282 _____ C:\Windows\System32\Tasks\update-sys
2015-06-08 23:30 - 2015-06-08 23:30 - 00003258 _____ C:\Windows\System32\Tasks\update-S-1-5-21-3894383191-3516363779-2002392177-1001
2015-06-08 23:30 - 2015-06-08 23:30 - 00000424 _____ C:\Users\Amar\AppData\Local\UserProducts.xml
2015-06-08 23:30 - 2015-06-08 23:30 - 00000003 _____ C:\Users\Amar\AppData\Local\updater.log
2015-06-08 23:30 - 2015-06-08 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-06-08 23:30 - 2015-06-08 23:30 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2015-06-08 23:29 - 2015-06-08 23:29 - 02511360 _____ (Skillbrains ) C:\Users\Amar\Downloads\setup-lightshot.exe
2015-06-08 22:22 - 2015-06-08 22:22 - 07947159 _____ C:\Users\Amar\Downloads\PanoramicBridges.deskthemepack
2015-06-08 22:19 - 2015-06-08 22:20 - 12757300 _____ C:\Users\Amar\Downloads\PanoramicForests.deskthemepack
2015-06-08 21:12 - 2015-06-15 21:12 - 00000000 ____D C:\Windows\SysWOW64\3059
2015-06-08 13:12 - 2015-06-08 13:12 - 00500224 _____ C:\Users\Amar\Downloads\Master_MBA_Mostar.ppt
2015-06-07 12:55 - 2015-06-07 12:55 - 09605800 _____ C:\Users\Amar\Downloads\Captive-Minecraft-Beta1_6.zip
2015-06-07 12:55 - 2015-06-07 12:55 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-05 11:06 - 2015-06-05 11:06 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-06-04 22:00 - 2015-06-04 22:00 - 00125138 _____ C:\Users\Amar\Downloads\XRay-1.8.1-v2.15.2.jar
2015-06-04 09:34 - 2015-06-04 09:34 - 00002784 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-06-04 09:34 - 2015-06-04 09:34 - 00002784 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-06-04 09:34 - 2015-06-04 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-04 09:34 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-06-04 09:34 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-06-04 09:32 - 2015-06-04 09:32 - 14290738 _____ (HOW Inc. ) C:\Users\Amar\Downloads\FYTDSetup.exe
2015-06-04 09:32 - 2015-06-04 09:32 - 00000000 ____D C:\Users\Amar\AppData\Roaming\How Inc
2015-06-04 09:31 - 2015-06-04 09:32 - 01179136 _____ (How, Inc) C:\Users\Amar\Downloads\FreeYouTubeDownloaderOC.exe
2015-06-03 10:52 - 2015-06-03 10:53 - 29830402 _____ C:\Users\Amar\Downloads\PureBDcraft 128x MC18.zip
2015-06-03 10:07 - 2015-06-03 10:07 - 00995328 _____ C:\Users\Amar\Downloads\LISTA FIRMI na SP - follow up FEBRUAR (1).xls
2015-06-03 10:06 - 2015-06-03 10:07 - 00995328 _____ C:\Users\Amar\Downloads\LISTA FIRMI na SP - follow up FEBRUAR.xls
2015-06-03 10:05 - 2015-06-03 10:05 - 00645835 _____ C:\Users\Amar\Downloads\Dodatak (2).zip
2015-06-03 10:04 - 2015-06-03 10:04 - 00645835 _____ C:\Users\Amar\Downloads\Dodatak.zip
2015-06-03 10:04 - 2015-06-03 10:04 - 00645835 _____ C:\Users\Amar\Downloads\Dodatak (1).zip
2015-06-03 09:47 - 2015-06-03 09:48 - 01280677 _____ C:\Users\Amar\Downloads\noname.eml
2015-06-01 15:37 - 2015-06-17 17:48 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-06-01 15:37 - 2015-06-01 22:21 - 00004228 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313338343632363036342d3437415a556c2a3223346c41
2015-05-29 16:02 - 2015-05-29 16:03 - 00000000 ____D C:\Users\Amar\AppData\Roaming\NCH Software
2015-05-29 16:02 - 2015-05-29 16:02 - 00647232 _____ (NCH Software) C:\Users\Amar\Downloads\prismsetup.exe
2015-05-29 16:02 - 2015-05-29 16:02 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-05-29 16:02 - 2015-05-29 16:02 - 00000000 ____D C:\ProgramData\NCH Software
2015-05-29 15:57 - 2015-05-29 16:00 - 81350051 _____ C:\Users\Amar\Downloads\Motivation Music.mp4
2015-05-29 15:57 - 2015-05-29 15:57 - 00000000 ____D C:\Users\Amar\AppData\Roaming\LightningDownloader
2015-05-29 15:56 - 2015-05-29 15:56 - 00816504 _____ C:\Users\Amar\Downloads\UmmyVD-Web-Loader-[110].exe
2015-05-29 15:51 - 2015-06-12 10:15 - 00000000 ____D C:\Program Files (x86)\SystemPlus
2015-05-29 15:50 - 2015-05-29 15:50 - 00000000 ____D C:\ProgramData\ninpljdkpbifbcgphkipeonchoaleanf
2015-05-29 15:49 - 2015-06-12 15:43 - 00000000 ____D C:\ProgramData\{add68b0b-62d1-7a46-add6-68b0b62d2c2d}
2015-05-26 16:11 - 2015-05-26 16:23 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Audacity
2015-05-26 15:32 - 2015-06-17 16:44 - 00000000 ____D C:\Program Files (x86)\FuunDeAls
2015-05-26 15:31 - 2015-05-26 15:31 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-05-26 15:11 - 2015-05-29 15:51 - 00000000 ____D C:\Program Files (x86)\SystemAid
2015-05-25 22:02 - 2015-06-15 21:12 - 00000418 _____ C:\Windows\Tasks\At1.job
2015-05-25 22:02 - 2015-06-08 21:12 - 00000000 ____D C:\Windows\SysWOW64\3045
2015-05-25 22:02 - 2015-05-25 22:02 - 00001646 _____ C:\Windows\System32\Tasks\At1
2015-05-25 21:59 - 2015-05-25 21:59 - 00003222 _____ C:\Windows\System32\Tasks\{7253B64A-D019-46B6-97B4-B95FF0D172B8}
2015-05-25 21:41 - 2015-05-25 21:41 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-05-25 20:59 - 2015-06-17 13:00 - 00000000 ____D C:\Users\Amar\AppData\Roaming\.minecraft
2015-05-24 17:55 - 2015-05-26 15:11 - 00000000 ____D C:\ProgramData\a76b387700005caa
2015-05-24 17:54 - 2015-05-24 17:54 - 00000000 _____ C:\Users\Amar\AppData\Local\Temp.dat
2015-05-24 17:30 - 2015-06-10 09:51 - 00000000 ____D C:\Users\Amar\Desktop\New folder
2015-05-24 17:03 - 2015-06-18 12:17 - 00002762 _____ C:\Windows\Tasks\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5_user.job
2015-05-24 17:02 - 2015-06-18 12:17 - 00002762 _____ C:\Windows\Tasks\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5.job
2015-05-24 17:02 - 2015-06-17 18:04 - 00000000 ____D C:\Program Files (x86)\Ge-Force
2015-05-24 17:02 - 2015-05-24 17:05 - 00000000 ____D C:\Users\Amar\AppData\Local\BrowserHelper
2015-05-24 17:02 - 2015-05-24 17:03 - 00005792 _____ C:\Windows\System32\Tasks\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5
2015-05-24 17:02 - 2015-05-24 17:02 - 00003718 _____ C:\Windows\System32\Tasks\SMupdate1
2015-05-24 17:01 - 2015-06-17 17:48 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-05-24 17:01 - 2015-06-17 16:24 - 00000000 ____D C:\ProgramData\ShopperPro
2015-05-24 17:01 - 2015-06-01 22:21 - 00004192 _____ C:\Windows\System32\Tasks\ShopperPro
2015-05-24 17:01 - 2015-06-01 22:20 - 00003564 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-05-24 17:01 - 2015-05-24 17:01 - 00003490 _____ C:\Windows\System32\Tasks\SPDriver
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-05-24 17:00 - 2015-06-17 16:23 - 00000000 ____D C:\ProgramData\smdmf
2015-05-24 17:00 - 2015-05-24 17:00 - 00000000 ____D C:\Users\Amar\AppData\Local\CrashRpt
2015-05-24 17:00 - 2015-05-24 17:00 - 00000000 ____D C:\Program Files (x86)\Assets Manager
2015-05-24 16:53 - 2015-05-24 16:53 - 00002684 _____ C:\Users\Amar\Documents\Register Vegas Pro.htm
2015-05-24 16:49 - 2015-06-11 22:36 - 00000000 ____D C:\Users\Amar\AppData\Local\Sony
2015-05-24 16:48 - 2015-06-12 11:35 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Sony
2015-05-24 16:24 - 2015-05-24 16:27 - 00000000 ____D C:\Users\Amar\AppData\Roaming\vlc
2015-05-24 16:22 - 2015-05-24 16:22 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-05-21 17:43 - 2015-05-21 17:43 - 00000000 ____D C:\Users\Amar\AppData\Local\Macromedia
2015-05-21 17:14 - 2015-06-11 22:06 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 17:14 - 2015-05-21 17:14 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Mozilla
2015-05-21 17:14 - 2015-05-21 17:14 - 00000000 ____D C:\Users\Amar\AppData\Local\Mozilla
2015-05-21 17:14 - 2015-05-21 17:14 - 00000000 ____D C:\ProgramData\Mozilla
2015-05-21 17:14 - 2015-05-21 17:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 17:13 - 2015-06-17 16:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 12:31 - 2015-04-26 11:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-18 12:30 - 2015-05-18 17:02 - 00000024 _____ C:\Users\Amar\AppData\Roaming\appdataFr25.bin
2015-06-18 12:26 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-18 12:26 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-18 12:24 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 12:17 - 2015-04-27 11:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-18 12:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 20:48 - 2015-04-20 22:56 - 02054818 _____ C:\Windows\WindowsUpdate.log
2015-06-17 20:48 - 2015-04-20 15:48 - 00000000 ____D C:\Users\Amar\AppData\Roaming\uTorrent
2015-06-17 19:52 - 2015-04-27 11:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 18:04 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-17 16:48 - 2015-04-20 14:30 - 00000000 ____D C:\Program Files (x86)\SallePluss
2015-06-17 16:48 - 2015-04-20 14:30 - 00000000 ____D C:\Program Files (x86)\SalePlus
2015-06-17 16:47 - 2015-05-13 12:31 - 00000000 ____D C:\Program Files (x86)\Outlookcom Notifier
2015-06-17 16:47 - 2015-05-13 12:30 - 00000000 ____D C:\Program Files (x86)\PrIceMinusu
2015-06-17 16:42 - 2015-05-13 12:31 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-06-17 16:40 - 2015-05-13 12:29 - 00000000 ____D C:\ProgramData\{b205d4be-a04d-bac4-b205-5d4bea0452fa}
2015-06-17 15:51 - 2015-04-20 23:52 - 00000000 ____D C:\Windows\Panther
2015-06-16 17:21 - 2015-04-27 11:38 - 00000000 ____D C:\Users\Amar\AppData\Local\CrashDumps
2015-06-15 22:43 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-14 20:17 - 2015-04-20 15:49 - 00064416 _____ C:\Users\Amar\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-12 15:22 - 2015-04-27 11:28 - 00000000 ____D C:\ProgramData\TechSmith
2015-06-12 15:22 - 2015-04-20 14:01 - 00000000 ____D C:\Users\Amar
2015-06-12 14:57 - 2009-07-14 06:45 - 04852064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 11:57 - 2015-04-27 11:35 - 00000000 ____D C:\Users\Amar\Documents\Camtasia Studio
2015-06-12 10:16 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-11 22:15 - 2015-04-27 10:22 - 00000000 ____D C:\ProgramData\Adobe
2015-06-11 22:12 - 2015-04-27 10:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-11 21:36 - 2015-04-20 14:02 - 00000000 ____D C:\Users\Amar\AppData\Local\VirtualStore
2015-06-11 21:09 - 2015-04-20 14:30 - 00000000 ____D C:\ProgramData\11374850354828519318
2015-06-10 17:31 - 2015-04-26 11:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 17:31 - 2015-04-26 11:28 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 17:31 - 2015-04-26 11:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-08 13:10 - 2015-05-09 17:37 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Skype
2015-06-05 14:36 - 2015-04-27 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-05-29 16:54 - 2015-04-26 11:27 - 00000000 ____D C:\Users\Amar\AppData\Local\Adobe
2015-05-25 22:05 - 2015-04-20 14:09 - 00000000 ____D C:\Users\Amar\Desktop\Icons
2015-05-25 19:23 - 2015-05-14 19:16 - 00000000 ____D C:\Program Files\Google
2015-05-25 19:23 - 2015-04-20 14:10 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-24 17:54 - 2015-04-20 14:10 - 00000000 ____D C:\Users\Amar\AppData\Local\Google
2015-05-24 17:34 - 2015-04-27 12:11 - 00003584 _____ C:\Users\Amar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-21 17:56 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 17:19 - 2015-05-03 11:47 - 00000000 ____D C:\Users\Amar\VirtualBox VMs
2015-05-21 17:19 - 2015-05-03 11:47 - 00000000 ____D C:\Users\Amar\.VirtualBox

==================== Files in the root of some directories =======

2015-06-05 11:06 - 2015-06-05 11:06 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-05-18 17:02 - 2015-06-18 12:30 - 0000024 _____ () C:\Users\Amar\AppData\Roaming\appdataFr25.bin
2015-04-27 12:11 - 2015-05-24 17:34 - 0003584 _____ () C:\Users\Amar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-24 17:54 - 2015-05-24 17:54 - 0000000 _____ () C:\Users\Amar\AppData\Local\Temp.dat
2015-06-08 23:30 - 2015-06-08 23:30 - 0000003 _____ () C:\Users\Amar\AppData\Local\updater.log
2015-06-08 23:30 - 2015-06-08 23:30 - 0000424 _____ () C:\Users\Amar\AppData\Local\UserProducts.xml

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some files in TEMP:
====================
C:\Users\Amar\AppData\Local\Temp\InstHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 19:06

==================== End of log ============================
DODATNI FAJLOVI (FRST i Addition):

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Zdravo,

probacemo da pomognemo.

Uninstaliraj sledece programe:
Assets Manager
BondedBoot
Ge-Force
Outlookcom Notifier
SalePlus
Shopper-Pro

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

 
CreateRestorePoint:
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\MountPoints2: F - F:\LGAutoRun.exe
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\MountPoints2: {97bc34de-ffca-11e4-8ab1-001fd0d81833} - F:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=143405.....Y1BAEJY1BX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=98115343_hao_pg
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=14.....1BX&q={searchTerms}
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=98115343_hao_pg
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=143405.....Y1BAEJY1BX
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=14.....1BX&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = http://www.default-search.net/search?sid=578&a.....=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = http://www.default-search.net/search?sid=578&a.....=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24457&r=2015/05/29&hid=1914874679025766387&lg=EN&cc=BA&unqvl=88
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=14.....1BX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&ut.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&ut.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=14.....1BX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL =
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.istartsurf.com/web/?utm_source=b&ut.....ult&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&ut.....ult&q={searchTerms}
Toolbar: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> No Name - {42435041-352D-5350-00A7-7A786E7484D7} - No File
FF DefaultSearchEngine: istartsurf
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchtotal.info/?pid=24457&r=2015/05/29&hid=1914874679025766387&lg=EN&cc=BA&unqvl=88&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: istartsurf
FF SelectedSearchEngine,S: WebSearch
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.searchtotal.info/?pid=24457&r=2015/05/29&hid=1914874679025766387&lg=EN&cc=BA&unqvl=88&l=1&q=
FF user.js: detected! => C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\user.js [2015-06-17]
FF Plugin HKU\S-1-5-21-3894383191-3516363779-2002392177-1003: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\default-search.xml [2015-05-24]
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\istartsurf.xml [2015-06-17]
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\WebSearch.xml [2015-05-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2015-05-24]
FF Extension: DigISuaover - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\OL@A.net [2015-05-26]
FF Extension: The AdBlocker - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\olmlridtzwamkt@cnjembqhqbbpywfqbtd.net [2015-06-05]
FF Extension: QuickSearch - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\searchffv2@gmail.com [2015-06-11]
FF Extension: Search Enginer - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\sweetsearch@gmail.com [2015-06-11]
FF Extension: Ge-ForcePlus v3 - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-06-17]
FF Extension: PriceMMinouS - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\x0yeZPO@rl.edu [2015-05-29]
FF Extension: Shopper-Pro - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-06-16]
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\default-search.xml [2015-05-24]
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\istartsurf.xml [2015-06-17]
FF SearchPlugin: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\searchplugins\WebSearch.xml [2015-05-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2015-05-24]
FF Extension: DigISuaover - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\OL@A.net [2015-05-26]
FF Extension: The AdBlocker - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\olmlridtzwamkt@cnjembqhqbbpywfqbtd.net [2015-06-05]
FF Extension: QuickSearch - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\searchffv2@gmail.com [2015-06-11]
FF Extension: Search Enginer - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\sweetsearch@gmail.com [2015-06-11]
FF Extension: Ge-ForcePlus v3 - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-06-17]
FF Extension: PriceMMinouS - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\x0yeZPO@rl.edu [2015-05-29]
FF Extension: Shopper-Pro - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-06-16]
S2 SmdmFService; C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe [X]
S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe /service [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] <==== ATTENTION
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-06-01] ()
R2 SPDRIVER_1.42.1.1870; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1870\jsdrv.sys [52376 2015-06-01] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S2 ba96e052; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemPlus\SystemPlus.dll",serv
Task: {04E2788D-50BC-43CD-B299-AC39910F9DCF} - System32\Tasks\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5 => C:\Program Files (x86)\Ge-Force\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5.exe <==== ATTENTION
Task: {09AB0C44-72BA-4C98-A018-BD52B1B0F69B} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1870\jsdrv.exe <==== ATTENTION
Task: {529B29D5-592A-41F1-9F0B-6C377B878568} - System32\Tasks\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5_user => C:\Program Files (x86)\Ge-Force\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5.exe <==== ATTENTION
Task: {BFCAC6EF-4DD2-4CCF-995B-02AE75A27E0D} - System32\Tasks\At1 => C:\Windows\SysWOW64\mobsynnc.exe [2010-11-21] () <==== ATTENTION
Task: {C3EEF5DD-0FCB-4A22-B4D5-6D706DFBCFE6} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {D2347A15-203B-4772-8658-A0255D202E53} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION

Task: {DD1794BB-515C-42D0-8268-E660F409A7AF} - System32\Tasks\SPBIW_UpdateTask_Time_313338343632363036342d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {E700E114-90B8-458D-B512-0C5745EBA033} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {FE2402F3-1076-439C-8B6C-339834F36883} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {FF790CD7-7F02-476A-AFB1-437BD310449C} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5.job => C:\Program Files (x86)\Ge-Force\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5_user.job => C:\Program Files (x86)\Ge-Force\d51e29ae-aa8a-41d2-b928-cdf3e6068f26-5.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Amar\Downloads\noname.eml:OECustomProperty
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 307

Evo fixlog:
https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 307

Instalirao sam i pokrenuo scan proces. Program mi je učitao Tencnet Technology QQ i označio sam to za brisanje, uspješno je izbrisano. Hvala helen1.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Postavi mi log. Nismo jos zavrsili. To sto je tebi problem, je zapravo najmanji problem ovde. Very Happy

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 307

Evo 4 puta sam scanirao evo vam zadnji log:
https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

 
autoclean;
emptyclsid;
emptyfolderscheck;delete
emptyalltemp;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 307

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Da li ima problema?

Ko je trenutno na forumu
 

Ukupno su 769 korisnika na forumu :: 49 registrovanih, 8 sakrivenih i 712 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, _Sale, A.R.Chafee.Jr., AK - 230, aramis s, Bane san, bato, BraneS, djordje92sm, draganca, dragon986, FOX, Georgius, girici2, hatman, hyla, ILGromovnik, Insan, joca83, kovinacc, MarKhan, Marko Marković, Mirage 2000N, moldway, mustangkg, nebkv, nuke92, Oluj2.1, pedja.st, pein, pera bager, raskoljnikov, rovac, royst33, ruma, S-lash, S2M, sakota79, Simon simonović, Snorks, Sr.Stat., Srky Boy, Toni, Vlada1389, vladom6, vlvl, voja64, willie, 223223