Hmm, problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Najpre veliki pozdrav doktorima,,,
zao mije sto se nisam predstavio vec upadam ovako, jbg sila Boga ne moli,,,

Primetio sam da ste se vec susretali sa youtube acceleratorom i problemima koje on nosi sa sobom,,,
pokusao sam se obracunati sa njime ali i dalje stoji vidljivi problem u Hijackthis-u pa cu i njega okaciti uz Frst,,,

Deinstalacijom youtube acceleratora nastali vec poznati problemi spajanja na internet, ali uspio sam i toda je program obrisan i da sad imam pristup webu,,,

da ne komplikujem previse shvatit cete sami iz logova,,,

Hijackthis log

mycity.rs/must-login.png

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014
Ran by jelena (administrator) on JELENA-PC on 20-12-2014 23:46:47
Running from C:\Users\jelena\Desktop
Loaded Profile: jelena (Available profiles: jelena)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Engleski (Sjedinjene Države)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
() C:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2217000260-1719297150-3848716039-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2217000260-1719297150-3848716039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com/?pc=MSSE
HKU\S-1-5-21-2217000260-1719297150-3848716039-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-2217000260-1719297150-3848716039-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = go.microsoft.com/fwlink/?LinkID=226786&.....M%3DIE8SRC
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2217000260-1719297150-3848716039-1000 -> {62719372-FA8D-428F-BE32-06ED4A776C1A} URL = google.com/search?q={searchTerms}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{3CC04514-C12B-4C1F-AFB7-B87900D1136F}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> CFBDCDC43159CCE1BD6BC1E80230076C13F6D0CD53C40724EA2DAC33FC7084B4
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Adblock Plus) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (Print) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2014-12-20]
CHR Extension: (Google Novčanik) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Photo Enlarge) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2014-12-20]
CHR StartMenuInternet: Google Chrome - Chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 23:46 - 2014-12-20 23:47 - 00008227 _____ () C:\Users\jelena\Desktop\FRST.txt
2014-12-20 23:45 - 2014-12-20 23:45 - 00017637 _____ () C:\Users\jelena\Desktop\hijackthis.log
2014-12-20 23:05 - 2014-12-20 23:06 - 00003112 _____ () C:\Users\jelena\Documents\cc_20141220_230542.reg
2014-12-20 22:19 - 2014-12-20 22:19 - 00000000 ____D () C:\ProgramData\23405448
2014-12-20 22:14 - 2014-12-20 22:14 - 00000000 ____D () C:\ProgramData\opgbnmjkicibjnefpbicnmjpcjibfmef
2014-12-20 21:32 - 2014-12-20 21:32 - 00028284 _____ () C:\Users\jelena\Documents\cc_20141220_213214.reg
2014-12-20 21:32 - 2014-12-20 21:32 - 00001314 _____ () C:\Users\jelena\Documents\cc_20141220_213232.reg
2014-12-20 19:45 - 2014-12-20 22:22 - 00000000 ____D () C:\AdwCleaner
2014-12-20 19:45 - 2014-12-20 19:45 - 02166272 _____ () C:\Users\jelena\Desktop\AdwCleaner.exe
2014-12-20 18:44 - 2014-12-20 23:46 - 00000000 ____D () C:\FRST
2014-12-20 18:39 - 2014-12-20 18:39 - 01114112 _____ (Farbar) C:\Users\jelena\Desktop\FRST.exe
2014-12-20 17:23 - 2014-12-20 17:23 - 00000000 ____D () C:\ProgramData\llmjjdnglchphfiidpbbnochglbhkihp
2014-12-20 02:30 - 2014-12-20 02:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-19 22:43 - 2014-12-19 22:43 - 00007630 _____ () C:\Users\jelena\AppData\Local\Resmon.ResmonCfg
2014-12-19 21:39 - 2014-12-19 21:39 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-19 20:28 - 2014-12-19 20:28 - 00000000 ____D () C:\Users\jelena\Documents\Stardock
2014-12-19 20:27 - 2014-12-19 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-12-19 20:27 - 2014-12-19 20:27 - 00000000 ____D () C:\Program Files\Common Files\Stardock
2014-12-19 20:24 - 2014-12-19 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-19 19:59 - 2014-12-19 19:59 - 00000000 __RSH () C:\MSDOS.SYS
2014-12-19 19:59 - 2014-12-19 19:59 - 00000000 __RSH () C:\IO.SYS
2014-12-19 17:32 - 2014-12-19 20:24 - 00000000 ____D () C:\Users\jelena\AppData\Roaming\vlc
2014-12-19 17:31 - 2014-12-19 17:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-19 16:59 - 2014-12-19 16:59 - 00000000 ____D () C:\Users\jelena\AppData\Local\Stardock
2014-12-19 16:58 - 2014-12-19 16:58 - 00000000 ____D () C:\Program Files\Stardock
2014-12-19 16:48 - 2014-12-19 20:29 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-19 16:45 - 2014-12-19 16:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jelena\Downloads\revosetup.exe
2014-12-19 16:44 - 2014-12-19 16:45 - 10801480 _____ (VS Revo Group ) C:\Users\jelena\Downloads\RevoUninProSetup.exe
2014-12-19 16:37 - 2014-12-20 22:23 - 00001340 _____ () C:\Windows\Tasks\BBHHA.job
2014-12-19 16:37 - 2014-12-20 01:51 - 00000000 ____D () C:\Program Files\0dc8bd81-a9ed-48fc-8551-84957bbd3fcd
2014-12-19 16:37 - 2014-12-19 16:37 - 01800160 _____ () C:\Users\jelena\AppData\Roaming\BBHHA.exe
2014-12-19 16:36 - 2014-12-19 16:36 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-19 16:36 - 2014-12-19 16:36 - 00000000 ____D () C:\Users\jelena\AppData\Roaming\Opera Software
2014-12-19 16:36 - 2014-12-19 16:36 - 00000000 ____D () C:\Users\jelena\AppData\Local\Opera Software
2014-12-19 16:35 - 2014-12-19 20:03 - 00000000 ____D () C:\Program Files\Opera
2014-12-19 16:35 - 2014-12-19 16:35 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-19 16:32 - 2014-12-20 22:23 - 00001340 _____ () C:\Windows\Tasks\MEGNC.job
2014-12-19 16:32 - 2014-12-20 01:51 - 00000000 ____D () C:\Program Files\017729a9-f683-467b-9aed-f2659dd3cc81
2014-12-19 16:32 - 2014-12-19 16:41 - 01800160 _____ () C:\Users\jelena\AppData\Roaming\MEGNC.exe
2014-12-19 09:30 - 2014-12-19 09:30 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-19 09:22 - 2014-12-19 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-19 09:22 - 2014-12-19 09:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-19 09:18 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 08:57 - 2014-12-19 08:57 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-19 08:57 - 2014-12-19 08:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-19 08:26 - 2014-12-19 08:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-19 08:26 - 2014-12-19 08:26 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-19 08:25 - 2014-12-19 08:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-19 08:20 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-19 08:20 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-19 08:00 - 2014-12-19 08:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-19 08:00 - 2014-12-19 08:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 08:00 - 2014-12-19 08:00 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-19 07:59 - 2014-12-19 08:01 - 00000000 ____D () C:\Users\jelena\AppData\Local\Adobe
2014-12-19 07:44 - 2014-12-19 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-19 07:43 - 2009-02-27 03:42 - 00031640 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2014-12-19 07:42 - 2014-12-19 09:03 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-12-19 07:42 - 2014-12-19 07:42 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-12-19 07:41 - 2014-12-19 07:41 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-19 07:40 - 2014-12-19 07:40 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-12-19 07:39 - 2014-12-19 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 07:39 - 2014-12-19 21:33 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-19 07:39 - 2014-12-19 07:39 - 00000000 __RHD () C:\MSOCache
2014-12-19 07:39 - 2014-12-19 07:39 - 00000000 ____D () C:\Users\jelena\AppData\Local\Microsoft Help
2014-12-19 01:04 - 2014-12-19 01:04 - 00000000 ____D () C:\Users\jelena\AppData\Local\NVIDIA
2014-12-19 01:04 - 2014-12-19 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-19 01:01 - 2014-12-20 22:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-19 01:01 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 03063256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 02556360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 00670552 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-19 01:01 - 2014-07-02 20:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-19 01:01 - 2014-07-02 20:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-19 01:01 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-12-19 01:01 - 2014-07-02 06:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-19 01:00 - 2014-12-19 01:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-19 01:00 - 2014-12-19 01:01 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-19 00:29 - 2014-05-08 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-19 00:21 - 2014-12-19 00:21 - 00000000 ____D () C:\Windows\system32\Drivers\hr-HR
2014-12-19 00:21 - 2014-12-19 00:21 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-19 00:21 - 2014-12-19 00:21 - 00000000 ____D () C:\Windows\hr-HR
2014-12-19 00:19 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-19 00:19 - 2012-08-23 15:46 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-12-19 00:19 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-19 00:19 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-19 00:15 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-19 00:15 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-19 00:15 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-19 00:15 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-19 00:15 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-19 00:14 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-19 00:14 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-19 00:14 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-19 00:14 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-19 00:14 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-19 00:14 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-19 00:14 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-19 00:14 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-19 00:14 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-19 00:14 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-19 00:14 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-19 00:08 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-19 00:08 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-19 00:08 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-19 00:08 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-19 00:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-19 00:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-19 00:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-19 00:08 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-19 00:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-19 00:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-19 00:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-19 00:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-19 00:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-19 00:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-19 00:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-19 00:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-19 00:08 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-19 00:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-19 00:08 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-19 00:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-19 00:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-19 00:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-19 00:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-19 00:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-19 00:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-19 00:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-19 00:08 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-19 00:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-19 00:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-19 00:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-19 00:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-19 00:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-19 00:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-19 00:08 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-19 00:08 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-19 00:08 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-19 00:08 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-19 00:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-19 00:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-19 00:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-19 00:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-19 00:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-18 23:32 - 2014-12-18 23:33 - 00134588 _____ () C:\Users\jelena\Documents\cc_20141218_233232.reg
2014-12-18 22:14 - 2014-12-20 22:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 22:13 - 2014-12-18 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 22:12 - 2014-12-18 22:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-18 22:12 - 2014-12-18 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-18 22:12 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-18 22:12 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-18 22:12 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 21:35 - 2014-12-18 21:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\jelena\Desktop\HijackThis.exe
2014-12-18 20:53 - 2014-12-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-18 20:51 - 2014-12-19 19:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-26 18:12 - 2014-11-26 18:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 23:20 - 2014-07-21 00:14 - 01879833 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 23:14 - 2014-07-21 11:13 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-20 23:04 - 2014-07-21 10:48 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 22:30 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 22:30 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 22:23 - 2014-07-21 10:48 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 22:23 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 21:31 - 2014-07-21 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-20 19:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-12-20 01:52 - 2014-07-21 04:58 - 00000000 ____D () C:\Users\jelena
2014-12-20 01:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-12-20 01:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-12-19 21:45 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2014-12-19 21:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-19 20:30 - 2014-07-21 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 20:24 - 2014-07-21 04:58 - 00000000 ____D () C:\Users\jelena\AppData\Local\VirtualStore
2014-12-19 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-19 20:17 - 2014-10-04 11:24 - 00000000 ____D () C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8
2014-12-19 19:57 - 2014-07-21 10:55 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-19 19:57 - 2014-07-21 10:48 - 00000000 ____D () C:\Users\jelena\AppData\Local\Google
2014-12-19 19:57 - 2011-04-12 03:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-19 19:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-19 19:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-19 09:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-12-19 09:12 - 2014-07-21 10:48 - 00109280 _____ () C:\Users\jelena\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-19 09:12 - 2009-07-14 05:33 - 00407384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-19 09:11 - 2011-04-12 03:24 - 00000000 ____D () C:\Windows\ShellNew
2014-12-19 09:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-19 07:42 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-19 07:41 - 2014-07-21 13:18 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-12-19 07:36 - 2009-07-14 05:53 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-19 01:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2014-12-19 00:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-19 00:23 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 00:21 - 2014-07-21 14:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-19 00:21 - 2011-04-12 03:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-19 00:21 - 2011-04-12 03:16 - 00000000 ____D () C:\Windows\system32\WCN
2014-12-19 00:21 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-19 00:21 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-19 00:21 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-19 00:21 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-12-19 00:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-19 00:13 - 2014-07-21 12:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 00:11 - 2014-07-21 12:48 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 23:50 - 2014-07-21 11:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-18 22:52 - 2014-07-21 12:58 - 00000000 ____D () C:\Users\jelena\AppData\Roaming\BSplayer
2014-12-18 22:46 - 2014-08-16 11:01 - 00000000 ____D () C:\Windows\Minidump
2014-12-18 22:46 - 2014-07-21 10:10 - 00000000 ____D () C:\Windows\Panther
2014-12-18 22:23 - 2014-07-21 11:03 - 00000000 ____D () C:\Users\jelena\AppData\Local\8797
2014-12-18 22:23 - 2014-07-21 11:02 - 00000000 ____D () C:\Users\jelena\AppData\Local\8522
2014-12-18 22:23 - 2014-07-21 10:52 - 00000000 ____D () C:\Users\jelena\AppData\Local\6560
2014-12-18 20:47 - 2010-11-20 22:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 17:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-07 19:31 - 2014-09-17 18:51 - 00000008 __RSH () C:\ProgramData\ntuser.pol

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 22:41

==================== End Of Log ============================

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

Java Packages



Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR Extension: (Print) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2014-12-20]
CHR Extension: (Photo Enlarge) - C:\Users\jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2014-12-20]
Task: {25710AAA-5DA2-4A71-BA98-F91CC8BEAC24} - System32\Tasks\{1A3715AE-E3CD-4A22-86D3-F32A95E3426A} => pcalua.exe -a "C:\Program Files\YouTube Accelerator\YTAUninstall.exe"
Task: {2CEC2536-78DB-4F50-84CD-E0AC1EE9EDD0} - System32\Tasks\MEGNC => C:\Users\jelena\AppData\Roaming\MEGNC.exe [2014-12-19] () <==== ATTENTION
Task: {4A43B650-AA34-486E-A62C-C83A2B3ADC7A} - System32\Tasks\{E292DF36-84BD-4061-BAF2-FB996A4119A2} => pcalua.exe -a "C:\Program Files\SavePass\Uninstall.exe" -c /fcp=1
Task: {4B817E74-5677-42A7-8E8A-EE1044A3F950} - System32\Tasks\YTAUpdate => C:\PROGRA~1\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {B9704E57-BD85-4D19-8661-B1F575DF3931} - System32\Tasks\{AB732C76-2F6F-4E83-A4DF-D2F83F394443} => pcalua.exe -a "C:\Program Files\Sense\Uninstall.exe" -c /fcp=1
Task: {D849C9E3-E4F1-4600-8AA1-D1AAE3101319} - System32\Tasks\{2796BB70-D307-40D1-8BCF-AD50675A1314} => pcalua.exe -a C:\Users\jelena\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=amt
Task: {E0F0AD81-960D-47D8-8591-900950CA1C51} - System32\Tasks\BBHHA => C:\Users\jelena\AppData\Roaming\BBHHA.exe [2014-12-19] () <==== ATTENTION
Task: C:\Windows\Tasks\BBHHA.job => C:\Users\jelena\AppData\Roaming\BBHHA.exe <==== ATTENTION
Task: C:\Windows\Tasks\MEGNC.job => C:\Users\jelena\AppData\Roaming\MEGNC.exe <==== ATTENTION
C:\ProgramData\opgbnmjkicibjnefpbicnmjpcjibfmef
C:\ProgramData\23405448
C:\ProgramData\llmjjdnglchphfiidpbbnochglbhkihp
C:\ProgramData\IHProtectUpDate
C:\Users\jelena\AppData\Roaming\MEGNC.exe
C:\Program Files\YouTube Accelerator
C:\Program Files\SavePass
C:\Program Files\Sense
C:\Users\jelena\AppData\Roaming\webssearches
C:\Users\jelena\AppData\Roaming\BBHHA.exe
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Korak 3

Imaš instaliranu developer verziju Google Chrome-a.
Idi u Control Idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data.
Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš.

Kada ga deinstaliraš, skini ga sa Google sajta, https://www.google.com/chrome/browser/ i instaliraj opet.



Korak 4

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pre svega zahvaljujem za ulozeni trud,,,
Urađeno i evo izvjesca,,,


mycity.rs/must-login.png

mycity.rs/must-login.png


Ali hijackthis jos uvijek vidi mnogo pokrenutih bad servisa

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U HijackThis logu ne vidim nijedan bad servis.


Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne treba mi zoek.exe već zoek-results.log. Pročitaj uputstvo koej sam ti dao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Sorry kriva mapa,,


mycity.rs/must-login.png


Zoek.exe v5.0.0.0 Updated 21-December-2014
Tool run by jelena on ned 21.12.2014. at 15:10:31,14.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jelena\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-21-125932.log 669 bytes
C:\zoek-results2014-12-21-135940.log 38504 bytes

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Program Files\Opera\26.0.1656.60\opera.exe
C:\Users\jelena\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k SDRSVC

==== Services(whitelist) ======================
Powered by E Dev

R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [WMPNetworkSvc] - Servis za zajedničko mrežno korištenje sadržaja za Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [NisSrv] - Microsoftova mrežna provjera - c:\program files\microsoft security client\nissrv.exe
R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Usluga Google ažuriranje (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Faks - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Usluga Google ažuriranje (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
R0 - [Mup] - MUP - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [intelide] - intelide - C:\Windows\system32\Drivers\intelide.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Upravljački program TCP/IP protokola - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - TDI upravljački program NetIO nasljeđa - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-12-19 07:26:30 2A66E81AE941E54A237490FC35D387C8 1945 ----a-w- C:\Windows\epplauncher.mif
====== C:\Users\jelena\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2014-12-19 08:18:12 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-19 07:20:54 54540EFB081D4960B5AE3E9F6BFB59A5 2744320 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-12-19 07:20:49 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\System32\mstscax.dll
2014-12-19 07:00:41 B6A67FD67FE93F26BCCE1D23757F767D 701616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2014-12-19 07:00:41 36BEBC479FA64E6BC7F7B9D4CC5D37EA 71344 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-12-19 06:43:35 C52CE534397E1D3A442FB4C88A3CBE42 31640 ----a-w- C:\Windows\System32\msonpmon.dll
2014-12-19 00:01:29 07B6B65A898EEBA1D1B4628DD2300AE2 609240 ----a-w- C:\Windows\System32\nvStreaming.exe
2014-12-19 00:01:19 982B5D8EB4B030F500F1CD32A748586F 62936 ----a-w- C:\Windows\System32\nvshext.dll
2014-12-19 00:01:18 D4DC85256833834B65E1D77CF8785D27 3063256 ----a-w- C:\Windows\System32\nvsvc.dll
2014-12-19 00:01:18 B55FA6AD6C4A74AFC85433490E97C0DE 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-12-19 00:01:18 679C33D2517AB127BBA5586419154743 377288 ----a-w- C:\Windows\System32\nvmctray.dll
2014-12-19 00:01:18 5004DAF6A37C5C73FFCF4D3935A6FE87 670552 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-12-19 00:01:18 41F26C0C40BCAF53CA05D655B7A98F3F 2556360 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-12-19 00:01:18 07D8145BCD7D20EA8694E4FD18451C18 4389848 ----a-w- C:\Windows\System32\nvcpl.dll
2014-12-19 00:01:07 AB61C78F4FF9D69F6CB174876F10F838 61728 ----a-w- C:\Windows\System32\OpenCL.dll
2014-12-18 23:29:46 F70CE04DD355A61DB6FE1B19540CF2F5 13824 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-12-18 23:19:30 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-12-18 23:19:30 3228AB5F8652EAABFF3C5FC7FD0F603A 221184 ----a-w- C:\Windows\System32\rdpudd.dll
2014-12-18 23:15:04 FF0A6E76FAE624AC74780AB008752F98 3209728 ----a-w- C:\Windows\System32\mf.dll
2014-12-18 23:15:04 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-18 23:15:04 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-18 23:15:04 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-18 23:15:04 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\System32\mfps.dll
2014-12-18 23:14:44 F37167FCDB661FD4B54CAD4755ABDD61 32256 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-12-18 23:14:44 D60E27D4BD5A91FCD17D2CB27F86738E 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-18 23:14:43 AF40D823F3B03C7899AEF2293F84D0D7 76288 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-18 23:14:43 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\System32\wksprtPS.dll
2014-12-18 23:14:43 A90F47CDCC0898733596B5070039FC15 14336 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-18 23:14:43 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\System32\tsgqec.dll
2014-12-18 23:14:43 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\System32\rdvidcrl.dll
2014-12-18 23:14:43 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\System32\mstsc.exe
2014-12-18 23:14:43 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2014-12-18 23:14:43 0FC6922517964E9D90DE84DC86F63E40 350208 ----a-w- C:\Windows\System32\wksprt.exe
2014-12-18 23:08:52 E1456E7396022EBE4E5434188D1AC8B0 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-18 23:08:50 8EBAD3A01A65D3580F3F8B9C9F608BDC 1160872 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-18 23:08:49 FC455888F04CD3B5285168DEFB90C55F 159744 ----a-w- C:\Windows\System32\aepic.dll
2014-12-18 23:08:49 E5C2BF29D0FEC787DA91D29787CDB192 873984 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-18 23:08:49 DEB2A13BDCD5939413840AF81CB91BFA 728576 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-18 23:08:49 46ED960D3A6FFF26F73AFAAAD7451B92 610304 ----a-w- C:\Windows\System32\invagent.dll
2014-12-18 23:08:48 DAC0DB8F0F6E6AF26BEBF0538B1BFCB0 315392 ----a-w- C:\Windows\System32\devinv.dll
2014-12-18 23:08:48 8CFB82DF99F9555AF4E4FF33F56A7759 337920 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-18 23:08:47 F25EC3FC42D2689301B1351E7FB6B537 202752 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-18 23:08:41 FE7875DC6ED353C42D9771458351E893 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-12-18 23:08:41 EC5A3E4E21079B9D423AA0760828D678 620032 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-12-18 23:08:41 BA6D49B511A38D9082BE885A05024CC2 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-12-18 23:08:41 759E2FAD5371512C6679FA346719493E 47104 ----a-w- C:\Windows\System32\jsproxy.dll
2014-12-18 23:08:41 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\Windows\System32\vbscript.dll
2014-12-18 23:08:41 35BD045804B67E78F4CAB72CB820AF7F 418304 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-12-18 23:08:41 2EADED07BDA52C1FC5A6D4E1CC5858F0 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-12-18 23:08:41 2ABC5587D582ACCEA30B4CF968C2A4A5 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-12-18 23:08:41 24A091B9A97E9B323B6CE8278B547B20 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-18 23:08:40 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\Windows\System32\wininet.dll
2014-12-18 23:08:39 CF9D05678B02B44FBC8D8AD8C9F30D58 478208 ----a-w- C:\Windows\System32\ieui.dll
2014-12-18 23:08:39 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\Windows\System32\dxtrans.dll
2014-12-18 23:08:38 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\Windows\System32\mshtmled.dll
2014-12-18 23:08:38 2E9E105037AC1274656C3D1125323352 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-12-18 23:08:38 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-12-18 23:08:37 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\Windows\System32\iertutil.dll
2014-12-18 23:08:36 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\Windows\System32\jscript9.dll
2014-12-18 23:08:36 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\Windows\System32\mshtml.dll
2014-12-18 23:08:34 F98B3860BB47089EA8C1504F043E90E9 342200 ----a-w- C:\Windows\System32\iedkcs32.dll
2014-12-18 23:08:34 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\Windows\System32\urlmon.dll
2014-12-18 23:08:34 DEB9476A3CD1A5819DD4504BB7C6BA66 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-12-18 23:08:34 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\Windows\System32\msfeeds.dll
2014-12-18 23:08:34 BB25F69463AD8E7E51B5D9D158B5F8DF 30720 ----a-w- C:\Windows\System32\iernonce.dll
2014-12-18 23:08:34 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-12-18 23:08:34 3F9906067851CE792303E0E64A8381E6 684544 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-12-18 23:08:33 F0BCBD8FCDA145EED53ED66C45CC378B 62464 ----a-w- C:\Windows\System32\iesetup.dll
2014-12-18 23:08:33 930F63D6BC43D4BCD937DFCECDA95F82 168960 ----a-w- C:\Windows\System32\msrating.dll
2014-12-18 23:08:33 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-12-18 23:08:32 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\Windows\System32\ieframe.dll
2014-12-18 23:08:14 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-12-18 23:08:11 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\System32\charmap.exe
2014-12-18 23:07:55 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-12-18 23:07:55 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-12-18 23:07:55 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-12-18 23:07:55 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-18 23:07:55 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\Windows\System32\WsmSvc.dll
====== C:\Windows\system32\drivers =====
2014-12-18 23:19:32 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\drivers\terminpt.sys
2014-12-18 23:19:32 65375DF758CA1872AB7EBBBA457FD5E6 14848 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-12-18 23:14:43 C6A5FBD4977305E1FA23E02C042DB463 49152 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-12-18 23:08:51 7FE680A3DFA421C4A8E4879AE4C5AAB0 74752 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-12-18 21:14:16 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-18 21:12:16 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-18 21:12:16 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-18 21:12:16 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-26 17:12:55 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
2014-12-21 07:42:35 2354BA5FE32072C5F174518E157F4EEC 3932 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2014-12-21 07:42:35 16E93C358DAA50BB0D27EAD41AD2C74F 936 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 07:42:34 B247EEA24DC7A8C00C90FD0F0DEA7978 932 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 07:42:34 93E04627D409115E93D44921416B66B9 3680 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 15:36:33 B4827B6607940C2CECB1A96EBD44F553 3832 ----a-w- C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1419003391
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-12-19 20:39:11 -------- d-----w- C:\Program Files\Common Files\DESIGNER
2014-12-19 19:27:16 -------- d-----w- C:\Program Files\Common Files\Stardock
2014-12-19 16:31:38 -------- d-----w- C:\Program Files\VideoLAN
2014-12-19 15:58:37 -------- d-----w- C:\Program Files\Stardock
2014-12-19 15:48:13 -------- d-----w- C:\Program Files\VS Revo Group
2014-12-19 15:35:29 -------- d-----w- C:\Program Files\Opera
2014-12-19 08:22:03 -------- d-----w- C:\Program Files\Microsoft Silverlight
2014-12-19 06:42:44 -------- d-----w- C:\Program Files\Microsoft Works
2014-12-19 06:42:21 -------- d-----w- C:\Program Files\Microsoft Visual Studio
2014-12-19 06:40:34 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8
2014-12-19 06:39:41 -------- d-----w- C:\Program Files\Microsoft Office
2014-12-19 00:00:49 -------- d-----w- C:\Program Files\NVIDIA Corporation
======= C: =====
2014-12-19 18:59:12 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS
2014-12-19 18:59:12 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS
====== C:\Users\jelena\AppData\Roaming ======
2014-12-21 13:58:26 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-12-21 13:58:26 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-12-21 13:58:26 -------- d-----w- C:\Users\jelena\AppData\Local\Temp
2014-12-21 13:58:26 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-12-21 13:58:26 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-12-19 21:43:53 A0834D9E05BB1EB9B3D2481B43C4BC6B 7630 ----a-w- C:\Users\jelena\AppData\Local\Resmon.ResmonCfg
2014-12-19 19:29:38 -------- d-----w- C:\Users\jelena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2014-12-19 16:32:15 -------- d-----w- C:\Users\jelena\AppData\Roaming\vlc
2014-12-19 15:59:30 -------- d-----w- C:\Users\jelena\AppData\Local\Stardock
2014-12-19 15:36:40 -------- d-----w- C:\Users\jelena\AppData\Local\Opera Software
2014-12-19 15:36:39 -------- d-----w- C:\Users\jelena\AppData\Roaming\Opera Software
2014-12-19 07:57:45 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
2014-12-19 07:57:45 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-19 06:39:46 -------- d-----w- C:\Users\jelena\AppData\Local\Microsoft Help
2014-12-19 00:04:17 -------- d-----w- C:\Users\jelena\AppData\Local\NVIDIA
2014-12-19 00:01:50 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\NVIDIA
====== C:\Users\jelena ======
2014-12-21 07:43:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-20 18:45:04 7AC98BE8593253FDDF8293E1C60B04BA 2166272 ----a-w- C:\Users\jelena\Desktop\AdwCleaner.exe
2014-12-20 17:39:21 09FA6560469ECD71D6F330AD3D27359A 1113600 ----a-w- C:\Users\jelena\Desktop\FRST.exe
2014-12-19 19:27:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-12-19 19:24:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-19 15:45:09 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\jelena\Downloads\revosetup.exe
2014-12-19 15:44:34 5F200A1A68AB2FCD74F3D9324955EFDB 10801480 ----a-w- C:\Users\jelena\Downloads\RevoUninProSetup.exe
2014-12-19 08:22:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-19 06:44:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-19 06:39:40 -------- d-----w- C:\ProgramData\Microsoft Help
2014-12-19 00:04:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-19 00:01:41 -------- d-----w- C:\ProgramData\NVIDIA
2014-12-19 00:00:54 -------- d-----w- C:\ProgramData\NVIDIA Corporation

====== C: exe-files ==
2014-12-21 07:43:25 205E775B4B2C165922203A390B115523 40747600 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.95\39.0.2171.95_chrome_installer.exe
2014-12-21 07:42:33 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
2014-12-21 07:42:33 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
2014-12-21 07:42:32 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe
2014-12-21 07:42:32 3B48AD813C32CC752341B390477AB92B 880784 ----a-w- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
2014-12-21 07:42:31 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdate.exe
2014-12-21 07:42:31 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
2014-12-21 07:42:31 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
2014-12-21 07:42:31 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
2014-12-20 18:45:04 7AC98BE8593253FDDF8293E1C60B04BA 2166272 ----a-w- C:\Users\jelena\Desktop\AdwCleaner.exe
2014-12-20 17:39:21 09FA6560469ECD71D6F330AD3D27359A 1113600 ----a-w- C:\Users\jelena\Desktop\FRST.exe
2014-12-19 19:29:39 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
2014-12-19 19:27:31 B8160BEEA290D06839634ADCDC454928 380928 ----a-w- C:\Program Files\Stardock\ObjectDock\Lang\ODTranslateAid.exe
2014-12-19 19:27:17 B0B8BE5736A798808F08CF63AC07A5C6 3444008 ----a-w- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
2014-12-19 19:27:17 2DE21D94BB9516513BAA75DD9DEE0F21 106760 ----a-w- C:\Program Files\Stardock\ObjectDock\Dock64.exe
2014-12-19 19:27:12 3A938ED2427DF10E571041069E6980CB 162304 ----a-w- C:\Program Files\Stardock\ObjectDock\UNWISE.EXE
2014-12-19 19:24:15 52437302E4A48A6915AFE987423A1587 275217 ----a-w- C:\Program Files\VideoLAN\VLC\uninstall.exe
2014-12-19 15:45:09 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\jelena\Downloads\revosetup.exe
2014-12-19 15:44:34 5F200A1A68AB2FCD74F3D9324955EFDB 10801480 ----a-w- C:\Users\jelena\Downloads\RevoUninProSetup.exe
2014-12-19 15:36:32 EEF3F22892837F327BD609CDDB0961C4 466040 ----a-w- C:\Program Files\Opera\launcher.exe
2014-12-19 15:36:32 D949F74A64BA9181348D740EA233FE3B 3227768 ----a-w- C:\Program Files\Opera\26.0.1656.60\opera_autoupdate.exe
2014-12-19 15:36:32 0D9A46339F79E568B4A21CFDFDBB635F 535160 ----a-w- C:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
2014-12-19 15:36:32 01FAAA8678A4B7A618ECB0E6B8531A3D 73336 ----a-w- C:\Program Files\Opera\26.0.1656.60\wow_helper.exe
2014-12-19 15:36:31 A3DAE3974C421BC03B6C0B84FDCB5612 1265272 ----a-w- C:\Program Files\Opera\26.0.1656.60\installer.exe
2014-12-19 15:36:31 16C09F21868E91A0BCE25B4AA7C67114 50337912 ----a-w- C:\Program Files\Opera\26.0.1656.60\opera.exe
2014-12-19 08:18:12 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-19 07:02:00 95B8A4245A6CD37D36E56FAE5A23E2B1 463152 ----a-w- C:\MSOCache\All Users\{90120000-0100-041A-0000-0000000FF1CE}-C\setup.exe
2014-12-19 07:01:52 5A432A042DAE460ABE7199B758E8606C 145184 ----a-w- C:\MSOCache\All Users\{90120000-0100-041A-0000-0000000FF1CE}-C\ose.exe
2014-12-19 07:01:50 C6D0721E9156EB2A40A04BB38BE0B2A5 813384 ----a-w- C:\MSOCache\All Users\{90120000-006E-041A-0000-0000000FF1CE}-C\DW20.EXE
2014-12-19 07:01:50 29E177C7BB7343F365F12AD9A8AF4C48 434528 ----a-w- C:\MSOCache\All Users\{90120000-006E-041A-0000-0000000FF1CE}-C\dwtrig20.exe
2014-12-19 07:00:41 B6A67FD67FE93F26BCCE1D23757F767D 701616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2014-12-19 00:05:26 AA5D818D6FF0AD757D0DA4A982B63F37 331952 ----a-w- C:\Users\jelena\AppData\Local\NVIDIA\NvBackend\Packages\000063ef\DRS update.18761999.exe
2014-12-19 00:01:57 5E12F3C445931555B33BB63A7798AEE8 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{A3B474FB-E7AB-45F4-BC89-3230CE3EB015}\setup.exe
2014-12-19 00:01:51 5E12F3C445931555B33BB63A7798AEE8 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{1D4E2B55-50C7-424D-8321-5791DD36D886}\setup.exe
2014-12-19 00:01:49 F6C586C6D7A253ACA913FB49831797DE 1795872 ----a-w- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
2014-12-19 00:01:30 E97C9A5DD0E5CA746718C4874EC9C360 2604544 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvsttest.exe
2014-12-19 00:01:30 946B936D054FD437669DB963336C2AD0 1900888 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvstview.exe
2014-12-19 00:01:30 15D20333674D1F9BD576F89887E60435 8351520 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\NVStWiz.exe
2014-12-19 00:01:29 C030E7E24BA459FF95F5ACF56910F7A3 439752 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvstreg.exe
2014-12-19 00:01:29 5EA8C7C5CDF228E16C571DAAD8CE5360 827680 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe
2014-12-19 00:01:29 5DA84663B5DC64AF9D5E944D809A6099 413128 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2014-12-19 00:01:29 265738053949C8AACD43C5556196BD31 1101088 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe
2014-12-19 00:01:29 148372BA8B6185A49927EC4820BC3BF3 896344 ----a-w- C:\Program Files\NVIDIA Corporation\3D Vision\NvStereoUtilityOGL.exe
2014-12-19 00:01:29 07B6B65A898EEBA1D1B4628DD2300AE2 609240 ----a-w- C:\Windows\System32\nvStreaming.exe
2014-12-19 00:01:18 EA09FCC1DA2548150A8EFD84AC3FD99A 64456 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp.exe
2014-12-19 00:01:18 A55C7D137652544A3B96BEC3473CD24B 5919520 ----a-w- C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
2014-12-19 00:01:18 8E18B7366F88ABB9B322A8C96A081151 1818968 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2014-12-19 00:01:18 73DFCA5CDC2E24473841A6AB39AE0CDF 2801952 ----a-w- C:\Program Files\NVIDIA Corporation\Control Panel Client\NvGpuUtilization.exe
2014-12-19 00:01:18 60AFE8883F45F41234BEEEF16660129A 940320 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
2014-12-19 00:01:18 5004DAF6A37C5C73FFCF4D3935A6FE87 670552 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-12-19 00:01:16 4EA9134CB273B4F0E07C36171B568FA7 412504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{F8B802C1-6FF4-44D4-BB6B-806681E3DC54}\setup.exe
2014-12-19 00:01:02 B12A490B9F29FC2A8DFAD0103B8B9448 76096 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{EF46F655-ACB7-4CC8-BBBE-450124C369E2}\nvsetup.exe
2014-12-19 00:01:02 8AEAB3267798CA03960FF4D0181FB89B 30509040 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{EF46F655-ACB7-4CC8-BBBE-450124C369E2}\NvCplSetupEng.exe
2014-12-19 00:01:02 50D6A68C67232609649DD6B6F0BA65E9 18752896 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.{275629FB-67AC-4523-82FC-4762C3EFE46D}\3DVision.exe
2014-12-19 00:01:00 931CABEBCAB4623AB64718496DC2BC1F 80082168 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{EF46F655-ACB7-4CC8-BBBE-450124C369E2}\NvCplSetupInt.exe
2014-12-19 00:01:00 54B0AC0509E09ACDC701802190FFBCEA 379864 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{EF46F655-ACB7-4CC8-BBBE-450124C369E2}\dbInstaller.exe
2014-12-19 00:00:56 5E12F3C445931555B33BB63A7798AEE8 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{95FD1F62-045B-401D-8BCE-DFF5CB67DFC4}\setup.exe
2014-12-18 23:15:04 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-18 23:15:04 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-18 23:14:44 D60E27D4BD5A91FCD17D2CB27F86738E 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-18 23:14:43 AF40D823F3B03C7899AEF2293F84D0D7 76288 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-18 23:14:43 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\System32\mstsc.exe
2014-12-18 23:14:43 0FC6922517964E9D90DE84DC86F63E40 350208 ----a-w- C:\Windows\System32\wksprt.exe
2014-12-18 23:08:50 8EBAD3A01A65D3580F3F8B9C9F608BDC 1160872 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-18 23:08:49 2CBC9BFDA640160A1E8AB5F14B1634F9 62624 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe
2014-12-18 23:08:47 F2E2F379E2B3F44206AD4A2B6746A36C 42656 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-12-18 23:08:47 0E7DF272B045808C95A1B2CB06AF8DBE 138912 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-12-18 23:08:41 FE7875DC6ED353C42D9771458351E893 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-12-18 23:08:41 24A091B9A97E9B323B6CE8278B547B20 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-18 23:08:34 A8A8FD02E3A9264A603892DE1F522166 221184 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-12-18 23:08:34 3F9906067851CE792303E0E64A8381E6 684544 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-12-18 23:08:33 43CE0C99DBC0F96DB2B7259B0BE0930E 468992 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-12-18 23:08:31 A24BFBAE8B50A6780B68FF3673FAB52F 815280 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-12-18 23:08:14 DEF30B58859FBA3458DCA4057AAABA7A 40448 ----a-w- C:\Windows\servicing\GC32\tzupd.exe
2014-12-18 23:08:11 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\System32\charmap.exe
2014-12-18 23:07:55 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
=== C: other files ==
2014-12-19 18:59:12 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS
2014-12-19 18:59:12 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS
2014-12-19 15:43:46 52DE60AE2E529F3A54516FB116C198F7 757111 ----a-w- C:\Users\jelena\AppData\Roaming\Opera Software\Opera Stable\dictionaries\hr.zip
2014-12-19 00:02:00 F4992A26D629288ADBBDC3A715629FA1 163104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{112A1DA7-CCC8-4422-99A7-8EBC8C345684}\nvhda64.sys
2014-12-19 00:02:00 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{112A1DA7-CCC8-4422-99A7-8EBC8C345684}\nvhda64v.sys
2014-12-19 00:02:00 C210DB4776C094D9A7A0EAAE8E45A5DE 452056 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{B707FB24-2C78-4461-8A2E-59E83E2233D1}\nvstusb64.sys
2014-12-19 00:02:00 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{112A1DA7-CCC8-4422-99A7-8EBC8C345684}\nvhda32v.sys
2014-12-19 00:02:00 71E400FE3AFBA04B82DFD7F732905DBD 435416 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{B707FB24-2C78-4461-8A2E-59E83E2233D1}\nvstusb32.sys
2014-12-19 00:02:00 47FEB587AAE06F6717FCABF8BCF184FD 129312 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{112A1DA7-CCC8-4422-99A7-8EBC8C345684}\nvhda32.sys
2014-12-19 00:01:57 F7CDB1E9976C6ED003D70648A858D221 15704 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{A3B474FB-E7AB-45F4-BC89-3230CE3EB015}\NVI2SystemService64.sys
2014-12-19 00:01:57 223A20CFCD3DB8334342D8A3AF7A4FA3 16840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{A3B474FB-E7AB-45F4-BC89-3230CE3EB015}\NVI2SystemService32.sys
2014-12-19 00:01:55 F4992A26D629288ADBBDC3A715629FA1 163104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{AA7804B1-4B80-4E74-8B18-EFFE3E439D6F}\nvhda64.sys
2014-12-19 00:01:55 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{AA7804B1-4B80-4E74-8B18-EFFE3E439D6F}\nvhda64v.sys
2014-12-19 00:01:55 C210DB4776C094D9A7A0EAAE8E45A5DE 452056 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{D4D4D375-A116-4BE4-811C-7A3CB5442B15}\nvstusb64.sys
2014-12-19 00:01:55 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{AA7804B1-4B80-4E74-8B18-EFFE3E439D6F}\nvhda32v.sys
2014-12-19 00:01:55 71E400FE3AFBA04B82DFD7F732905DBD 435416 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{D4D4D375-A116-4BE4-811C-7A3CB5442B15}\nvstusb32.sys
2014-12-19 00:01:55 47FEB587AAE06F6717FCABF8BCF184FD 129312 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{AA7804B1-4B80-4E74-8B18-EFFE3E439D6F}\nvhda32.sys
2014-12-19 00:01:51 F7CDB1E9976C6ED003D70648A858D221 15704 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{1D4E2B55-50C7-424D-8321-5791DD36D886}\NVI2SystemService64.sys
2014-12-19 00:01:51 223A20CFCD3DB8334342D8A3AF7A4FA3 16840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{1D4E2B55-50C7-424D-8321-5791DD36D886}\NVI2SystemService32.sys
2014-12-19 00:00:56 F7CDB1E9976C6ED003D70648A858D221 15704 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{95FD1F62-045B-401D-8BCE-DFF5CB67DFC4}\NVI2SystemService64.sys
2014-12-19 00:00:56 223A20CFCD3DB8334342D8A3AF7A4FA3 16840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{95FD1F62-045B-401D-8BCE-DFF5CB67DFC4}\NVI2SystemService32.sys
2014-12-18 23:19:32 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\DriverStore\FileRepository\termmou.inf_x86_neutral_0e28c761f9ae155a\terminpt.sys
2014-12-18 23:19:32 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_x86_neutral_339f71420b21f4a1\terminpt.sys
2014-12-18 23:19:32 E951866BAC5A23403F62A349EDBB6EEB 24064 ----a-w- C:\Windows\System32\drivers\terminpt.sys
2014-12-18 23:19:32 65375DF758CA1872AB7EBBBA457FD5E6 14848 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-12-18 23:19:31 57C527AF84748B5C2F5178C499C0B81F 27136 ----a-w- C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_x86_neutral_93ae7b205b7d38be\TsUsbGD.sys
2014-12-18 23:14:44 7E6E0797EB91F1D63641058416044313 26880 ----a-w- C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_x86_neutral_9002d2f3f0cfc5e0\TsUsbGD.sys
2014-12-18 23:14:43 C6A5FBD4977305E1FA23E02C042DB463 49152 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-12-18 23:08:51 7FE680A3DFA421C4A8E4879AE4C5AAB0 74752 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-12-18 21:14:16 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-18 21:12:16 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-18 21:12:16 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-18 21:12:16 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2217000260-1719297150-3848716039-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21.12.2014. 08:42]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21.12.2014. 08:42]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Opera scheduled Autoupdate 1419003391" [C:\Program Files\Opera\launcher.exe]

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Could not determine latest Stable Version)


Google Slides - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
selector is not a valid CSS selector - jelena\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{62719372-FA8D-428F-BE32-06ED4A776C1A} Google Url="https://www.google.com/search?q={searchTerms}"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=92 folders=18 1475692 bytes)

==== EOF on ned 21.12.2014. at 15:13:56,37 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

oidhhegpmlfpoeialbgcdocjalghfpkp;chr
emptyalltemp;
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

log
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.