Iskaču reklame!

1

Iskaču reklame!

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Pozdrav,

Ponovo imam problem sa reklamama.

Prilikom pregleda sajtova na internetu na ekranu se pojavi nekoliko reklama. Obavezno se pojavljuju prilikom korišćenja padajućeg menija ili kada nešto upisujem (korisničko ime ili slično), kada otvaram neku sliku ili linka, a i kada samo čitam uvek stoje barem 2-3.

Problem imam poslednjih mesec dana.

Zaštitni softver ništa ne detektuje.

Pokušao sam čišćenje sa Malwarebyte, počisti neke stvari ali problem i dalje ostaje.
Instalirao sam neki program koji sprečava reklame (ne sećam se više koji), reklame su i dalje iskakale ali nije bilo slike, samo okvir. Mislim da se taj program "ugradio" u Mozilu.

Kablovski internet.

Klinci igraju igrice na internetu, preko raznih servera, skidaju preko Torrenta i ko zna šta još.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
Ran by user6 (administrator) on USER6-PC on 03-12-2014 19:50:18
Running from C:\Users\user6\Desktop
Loaded Profile: user6 (Available profiles: user6)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: engleski (SAD)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BaiduProtect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Baidu) C:\Program Files (x86)\Common Files\Baidu\BDDownload\107\bddownloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CPA) C:\Program Files (x86)\baidu\BindEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Bandoo Media Inc.) C:\Users\user6\AppData\Local\iLivid\iLivid.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-11-10] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [UVS11 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341488 2007-03-03] (InterVideo Digital Technology Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [Google Update] => "C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [] => [X]
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [DAEMON Tools Lite] => D:\vuk\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [baidu] => C:\Program Files (x86)\baidu\BindEx.exe [28672 2014-09-07] (CPA)
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [iLivid] => C:\Users\user6\AppData\Local\iLivid\iLivid.exe [7913472 2014-05-25] (Bandoo Media Inc.)
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {7a8c5730-6c92-11e4-aa10-bc5ff4da1084} - F:\Install.exe
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {db4a4062-4ae5-11e4-a354-bc5ff4da1084} - F:\steambackup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main,Search Page = sweet-page.com/web/?type=ds&ts=1415.....L5K&q={searchTerms}
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = sweet-page.com/web/?type=ds&ts=1415.....L5K&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyE0D0AtCtDzzyE0CyD0AyEtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByCtDtA0FyB0ByEtGzzyC0FtBtGyCtAyC0EtG0A0EtBtBtGtB0DzyyC0EyCyC0BzzyEtA0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzy0A0D0C0A0AtG0DtCtDtDtGyEtD0AtDtG0A0EyE0CtGtAtAtCtD0CtCyD0AtCzy0Czz2QtN1B1L1H1Ezu1O2U1M1B&cr=2101629463&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyE0D0AtCtDzzyE0CyD0AyEtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByCtDtA0FyB0ByEtGzzyC0FtBtGyCtAyC0EtG0A0EtBtBtGtB0DzyyC0EyCyC0BzzyEtA0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzy0A0D0C0A0AtG0DtCtDtDtGyEtD0AtDtG0A0EyE0CtGtAtAtCtD0CtCyD0AtCzy0Czz2QtN1B1L1H1Ezu1O2U1M1B&cr=2101629463&ir=
BHO: TotalPlusHD-3.1V02.11 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\TotalPlusHD-3.1V02.11\TotalPlusHD-3.1V02.11-bho64.dll No File
BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: YoutubeAdBlocke -> {814694f3-80be-404b-8475-d54553b5e9ec} -> C:\Program Files (x86)\YoutubeAdBlocke\wHMkQuQKgCA0d4.x64.dll No File
BHO: GoSave -> {c286c06e-c719-4e7b-a8dd-9618f78a5915} -> C:\Program Files (x86)\GoSave\0KLTc4KQ1X58Xu.x64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: TotalPlusHD-3.1V02.11 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\TotalPlusHD-3.1V02.11\TotalPlusHD-3.1V02.11-bho.dll No File
BHO-x32: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: YoutubeAdBlocke -> {814694f3-80be-404b-8475-d54553b5e9ec} -> C:\Program Files (x86)\YoutubeAdBlocke\wHMkQuQKgCA0d4.dll No File
BHO-x32: GoSave -> {c286c06e-c719-4e7b-a8dd-9618f78a5915} -> C:\Program Files (x86)\GoSave\0KLTc4KQ1X58Xu.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searc-hall.info/?pid=2273&r=2014/10/29&hid=3468128206519862363&lg=EN&cc=RS&unqvl=65&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2683369425-3361945966-1453627295-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2683369425-3361945966-1453627295-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2683369425-3361945966-1453627295-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user6\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: GoSave - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\fK9@y.edu [2014-10-29]
FF Extension: YoutubeAdBlocke - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\UsAiI@1.org [2014-10-29]
FF Extension: Test Pilot - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-08-10]
FF Extension: Adblock Plus - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-10]
FF HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1415370533&from=cor&uid=ST500DM002-1BD142_S2ALLL5KXXXXS2ALLL5K
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1415370533&from=cor&uid=ST500DM002-1BD142_S2ALLL5KXXXXS2ALLL5K"
CHR DefaultSearchKeyword: Default -> sweet-page
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-03]
CHR Extension: (Google документи) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-03]
CHR Extension: (Google диск) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-03]
CHR Extension: (YouTube) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-03]
CHR Extension: (Google претрага) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-03]
CHR Extension: (Google табеле) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-03]
CHR Extension: (EnterDigital) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipjaehplfnnamlkgojdjpbiicpjbhjm [2014-11-13]
CHR Extension: (Google новчаник) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-03]
CHR Extension: (Gmail) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BDSGRTP; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BaiduProtect.exe [1931880 2014-11-06] (百度在线网络技术(北京)有限公司)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-10] (Nero AG) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-10] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [181072 2014-10-21] (Baidu)
R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [169288 2014-11-04] (Baidu)
R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [144712 2014-11-11] (Baidu Technology)
R1 BDMWrench; C:\Windows\System32\DRIVERS\BDMWrench.sys [56648 2014-10-17] (Baidu)
R2 BDSafeBrowser; C:\Windows\System32\DRIVERS\BDSafeBrowser.sys [48968 2014-10-20] (Baidu)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-15] (Disc Soft Ltd)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-20] (Symantec Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-21] (Echobit, LLC)
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [31128 2006-10-25] (Compuware Corporation) [File not signed]
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S1 BDMWrench_x64; system32\DRIVERS\BDMWrench_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 19:50 - 2014-12-03 19:50 - 00021161 _____ () C:\Users\user6\Desktop\FRST.txt
2014-12-03 19:49 - 2014-12-03 19:50 - 00000000 ____D () C:\FRST
2014-12-03 19:48 - 2014-12-03 19:48 - 02117120 _____ (Farbar) C:\Users\user6\Desktop\FRST64.exe
2014-12-03 15:40 - 2014-12-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-03 15:40 - 2014-12-03 15:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-01 21:01 - 2014-12-01 21:01 - 01064448 _____ () C:\Users\user6\Downloads\d182d0bbd0be.ppt
2014-11-30 08:12 - 2014-11-30 08:13 - 00000055 _____ () C:\Users\user6\Desktop\Novi tekstualni dokument.txt
2014-11-29 09:54 - 2014-11-29 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-26 16:24 - 2014-11-26 16:24 - 00254080 _____ () C:\Users\user6\Downloads\zadaci.bmp
2014-11-25 14:17 - 2014-11-25 14:56 - 4213047452 _____ () C:\Users\user6\Downloads\GTA_SA.iso
2014-11-22 19:22 - 2006-10-25 19:28 - 00031128 _____ (Compuware Corporation) C:\Windows\SysWOW64\Drivers\hid8103.sys
2014-11-22 19:22 - 2005-11-24 10:49 - 00073728 _____ () C:\Windows\SysWOW64\dancemat.exe
2014-11-22 10:54 - 2014-11-22 10:54 - 00000000 ____D () C:\Users\user6\AppData\Local\NokiaAccount
2014-11-22 10:54 - 2014-11-22 10:54 - 00000000 ____D () C:\Users\user6\AppData\Local\Nokia
2014-11-21 21:06 - 2014-11-21 21:06 - 00001241 _____ () C:\Users\Public\Desktop\Restaurant Empire.lnk
2014-11-21 21:06 - 2014-11-21 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight
2014-11-21 21:03 - 2014-11-21 21:03 - 00000000 ____D () C:\Program Files (x86)\Enlight
2014-11-19 12:41 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 12:41 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 12:41 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 12:41 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:59 - 2014-11-18 14:59 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Darkfall
2014-11-18 13:03 - 2014-11-18 13:03 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-18 12:48 - 2014-11-18 12:48 - 00000594 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-11-18 12:48 - 2014-11-18 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-18 12:47 - 2014-11-18 12:47 - 01142392 _____ () C:\Users\user6\Downloads\SteamSetup.exe
2014-11-16 22:55 - 2014-11-16 22:56 - 00000000 ____D () C:\AdwCleaner
2014-11-16 07:15 - 2014-11-16 07:15 - 00000000 ____D () C:\ProgramData\Steam
2014-11-16 07:07 - 2014-11-16 07:07 - 00000535 _____ () C:\Users\Public\Desktop\Pro Evolution Soccer 2015.lnk
2014-11-16 07:07 - 2014-11-16 07:07 - 00000535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2015.lnk
2014-11-16 06:52 - 2014-11-16 06:52 - 00001026 _____ () C:\Users\user6\Desktop\DTLite.exe - prečica.lnk
2014-11-15 19:50 - 2014-11-15 19:50 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-11-15 19:42 - 2014-11-15 19:42 - 00000000 ____D () C:\Users\user6\Downloads\Pro.Evolution.Soccer.2015-RELOADED
2014-11-15 19:05 - 2014-11-15 19:05 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-11-15 19:05 - 2014-11-15 19:05 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-11-15 19:05 - 2014-11-15 19:05 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-11-15 19:05 - 2014-11-15 19:05 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-11-15 19:05 - 2014-11-15 19:05 - 00001639 _____ () C:\Users\Public\Desktop\System Shock 2.lnk
2014-11-15 19:05 - 2014-11-15 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-11-15 19:05 - 2014-11-15 19:05 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-11-15 19:04 - 2014-11-15 19:04 - 00000000 ____D () C:\GOG Games
2014-11-15 18:55 - 2014-11-15 18:55 - 00000000 ____D () C:\Users\user6\Downloads\System Shock 2 GOG
2014-11-14 17:21 - 2014-11-14 17:21 - 00000837 _____ () C:\Users\user6\Desktop\Tasty Planet Back for Seconds.lnk
2014-11-14 17:16 - 2014-11-14 17:16 - 00000000 ____D () C:\ProgramData\InterVideo
2014-11-14 17:15 - 2014-11-14 17:15 - 00002184 _____ () C:\Users\Public\Desktop\Ulead VideoStudio 11.lnk
2014-11-14 17:15 - 2014-11-14 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 11
2014-11-14 17:15 - 2014-11-14 17:15 - 00000000 ____D () C:\Program Files (x86)\Ulead Systems
2014-11-14 17:15 - 2007-03-06 11:58 - 00210456 _____ () C:\Windows\SysWOW64\IVIresizeW7.dll
2014-11-14 17:15 - 2007-03-06 11:58 - 00206360 _____ () C:\Windows\SysWOW64\IVIresizeA6.dll
2014-11-14 17:15 - 2007-03-06 11:58 - 00198168 _____ () C:\Windows\SysWOW64\IVIresizeP6.dll
2014-11-14 17:15 - 2007-03-06 11:58 - 00198168 _____ () C:\Windows\SysWOW64\IVIresizeM6.dll
2014-11-14 17:15 - 2007-03-06 11:58 - 00194072 _____ () C:\Windows\SysWOW64\IVIresizePX.dll
2014-11-14 17:15 - 2007-03-06 11:58 - 00026136 _____ () C:\Windows\SysWOW64\IVIresize.dll
2014-11-14 17:10 - 2014-11-14 17:10 - 00000000 ____D () C:\Users\user6\AppData\Local\Unity
2014-11-13 19:52 - 2014-11-13 19:59 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Ulead Systems
2014-11-13 19:52 - 2014-11-13 19:52 - 00000000 ____D () C:\Users\user6\Documents\Ulead VideoStudio
2014-11-13 19:48 - 2014-11-14 17:15 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-11-13 19:26 - 2014-11-13 19:26 - 147782696 _____ (Corel ) C:\Users\user6\Downloads\UVS11Plus_TBYB_EUS.exe
2014-11-13 19:23 - 2014-11-13 19:23 - 00762160 _____ ( ) C:\Users\user6\Downloads\ulead-videostudio_Mv_DM.exe
2014-11-13 15:32 - 2014-11-13 19:02 - 00000000 ____D () C:\Program Files (x86)\Movie Maker
2014-11-13 14:38 - 2014-11-13 14:39 - 33564604 _____ (Games ) C:\Users\user6\Downloads\TastyPlanetBackSeconds.exe
2014-11-12 12:43 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 12:43 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 12:43 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 12:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 12:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 12:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 12:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 12:43 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 12:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 12:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 12:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 12:43 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 12:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 12:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 12:43 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 12:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 12:43 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 12:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 12:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 12:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 12:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 12:43 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 12:43 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 12:43 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 12:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 12:43 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 12:43 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 12:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 12:43 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 12:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 12:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 12:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 12:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 12:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 12:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 12:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 12:43 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 12:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 12:43 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 12:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 12:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 12:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 12:43 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 12:43 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 12:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 12:43 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 12:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 12:43 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 12:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 12:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 12:43 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 12:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 12:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 12:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 12:43 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 12:43 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 12:43 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 12:43 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 12:43 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 12:43 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 12:43 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 12:43 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 12:43 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 12:43 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 12:43 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 12:43 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 12:43 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 12:43 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 12:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 12:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 12:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 12:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 12:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 12:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 12:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 12:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 12:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 12:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 12:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 12:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 12:41 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 12:41 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 12:41 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 12:41 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 12:41 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 12:41 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 12:41 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 12:41 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 12:41 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 12:41 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 12:41 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 12:41 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 12:41 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 12:41 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 12:41 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 12:41 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 12:41 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 12:41 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 12:41 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 12:41 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 12:41 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 17:44 - 2014-11-11 17:44 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-11-11 08:17 - 2014-11-11 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tasty Planet
2014-11-11 08:17 - 2014-11-11 08:17 - 00000000 ____D () C:\Users\user6\AppData\Roaming\PlayFirst
2014-11-11 08:17 - 2014-11-11 08:17 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-11-11 08:17 - 2014-11-11 08:17 - 00000000 ____D () C:\Program Files (x86)\ReflexiveArcade
2014-11-10 19:33 - 2014-11-10 19:33 - 00003424 _____ () C:\Windows\System32\Tasks\RealDownloader Update Check
2014-11-10 19:33 - 2014-11-10 19:33 - 00001268 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-11-10 19:32 - 2014-11-10 19:33 - 00000000 ____D () C:\Program Files (x86)\Real
2014-11-10 19:32 - 2014-11-10 19:32 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-11-10 19:32 - 2014-11-10 19:32 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-11-10 19:32 - 2014-11-10 19:32 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2683369425-3361945966-1453627295-1000
2014-11-10 19:32 - 2014-11-10 19:32 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2683369425-3361945966-1453627295-1000
2014-11-10 19:32 - 2014-11-10 19:32 - 00000000 ____D () C:\Users\user6\AppData\Roaming\RealNetworks
2014-11-10 19:32 - 2014-11-10 19:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-11-10 19:32 - 2014-11-10 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-11-10 19:32 - 2014-11-10 19:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-11-10 19:31 - 2014-11-10 19:38 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Real
2014-11-10 19:30 - 2014-11-10 19:33 - 00000000 ____D () C:\ProgramData\Real
2014-11-10 15:54 - 2014-12-03 18:22 - 00000224 _____ () C:\Users\user6\BullseyeCoverageError.txt
2014-11-09 14:51 - 2014-11-22 10:12 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-09 14:51 - 2014-11-09 14:51 - 00000000 ____D () C:\Users\user6\AppData\Roaming\dingogames
2014-11-09 14:51 - 2014-11-09 14:51 - 00000000 ____D () C:\ProgramData\dingogames
2014-11-09 10:15 - 2014-11-25 14:59 - 00000000 ____D () C:\Users\user6\AppData\Roaming\vlc
2014-11-09 09:31 - 2014-11-09 09:31 - 00000000 ____D () C:\Users\user6\Documents\Assassin's Creed III
2014-11-09 09:30 - 2014-11-09 09:30 - 00002005 _____ () C:\Users\Public\Desktop\Assassins Creed III.lnk
2014-11-09 09:30 - 2014-11-09 09:30 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Theta
2014-11-09 09:30 - 2014-11-09 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III
2014-11-09 09:17 - 2014-11-09 09:30 - 00000000 ____D () C:\Program Files (x86)\Assassins Creed III
2014-11-08 19:32 - 2014-11-08 20:52 - 00000000 ____D () C:\Users\user6\Downloads\AC3 [REVENANTS]
2014-11-08 19:12 - 2014-11-08 19:12 - 00000000 ____D () C:\ProgramData\Trymedia
2014-11-08 19:12 - 2014-11-08 19:12 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-11-08 12:02 - 2014-11-08 12:02 - 00000000 ____D () C:\Users\user6\AppData\Local\EMU
2014-11-08 10:24 - 2014-11-08 10:24 - 00000000 ____D () C:\Users\user6\AppData\Local\Skype
2014-11-08 07:24 - 2014-11-30 20:42 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
2014-11-07 22:53 - 2014-11-07 23:20 - 00000000 ____D () C:\Users\user6\AppData\Local\Microsoft Games
2014-11-07 20:59 - 2014-11-07 20:59 - 00002693 _____ () C:\Users\user6\Desktop\Microsoft Office Outlook 2007.lnk
2014-11-07 20:59 - 2014-11-07 20:59 - 00002086 _____ () C:\Users\user6\Desktop\Minecraft.lnk
2014-11-07 20:59 - 2014-11-07 20:59 - 00001242 _____ () C:\Users\user6\Desktop\Paint.lnk
2014-11-07 20:59 - 2014-11-07 20:59 - 00000646 _____ () C:\Users\user6\Desktop\Total Commander 64 bit (2).lnk
2014-11-07 15:31 - 2014-11-07 15:31 - 00003146 _____ () C:\Windows\System32\Tasks\{D164F24E-BA81-4DD3-81D7-E12E809EA145}
2014-11-06 15:20 - 2014-11-06 15:20 - 00000000 ____D () C:\Users\user6\AppData\Local\Ahead
2014-11-05 14:01 - 2014-11-05 20:35 - 00000000 ____D () C:\Users\user6\AppData\Local\Sony
2014-11-05 13:33 - 2014-11-05 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-11-05 13:33 - 2014-11-05 20:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-11-04 19:05 - 2014-11-05 20:36 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-04 19:05 - 2014-11-05 15:29 - 00000000 ____D () C:\Users\user6\AppData\Local\Adobe
2014-11-04 19:05 - 2014-11-05 13:33 - 00001889 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-11-04 18:29 - 2014-11-05 20:36 - 00000000 ____D () C:\Users\user6\AppData\Local\Microsoft Help
2014-11-04 12:30 - 2014-12-03 15:57 - 00000000 ____D () C:\Users\user6\AppData\Local\LogMeIn Hamachi
2014-11-04 12:30 - 2014-11-21 22:08 - 00000000 ____D () C:\Users\user6\AppData\Local\VirtualStore
2014-11-04 12:30 - 2014-11-04 12:30 - 00000000 ____D () C:\Users\user6\AppData\Local\LogMeIn
2014-11-03 16:52 - 2014-11-04 18:23 - 00000000 ____D () C:\Users\user6\Documents\Disney Interactive Studios
2014-11-03 14:11 - 2014-11-26 18:23 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-03 14:11 - 2014-11-03 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-03 14:10 - 2014-12-03 19:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 14:10 - 2014-12-03 18:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-03 14:10 - 2014-11-14 18:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-03 14:10 - 2014-11-14 18:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-03 14:10 - 2014-11-03 14:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-03 14:10 - 2014-11-03 14:10 - 00880272 _____ (Google Inc.) C:\Users\user6\Downloads\ChromeSetup.exe
2014-11-03 14:07 - 2014-11-03 14:07 - 00004050 _____ () C:\Windows\System32\Tasks\LaunchApp
2014-11-03 14:06 - 2014-11-13 20:29 - 00121056 _____ () C:\Users\user6\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-03 14:05 - 2014-11-03 14:05 - 00001008 _____ () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2014-11-03 14:05 - 2014-11-03 14:05 - 00001000 _____ () C:\Users\user6\Desktop\iLivid.lnk
2014-11-03 14:00 - 2014-11-03 14:02 - 00000000 ____D () C:\Users\user6\AppData\Local\Mozilla
2014-11-03 14:00 - 2014-11-03 14:00 - 00000000 ____D () C:\Users\user6\AppData\Local\Macromedia
2014-11-03 13:59 - 2014-11-04 18:36 - 00000000 __SHD () C:\Users\user6\AppData\Local\EmieUserList
2014-11-03 13:59 - 2014-11-04 18:36 - 00000000 __SHD () C:\Users\user6\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 19:16 - 2014-03-13 06:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 18:51 - 2014-01-18 15:22 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000UA.job
2014-12-03 16:09 - 2014-11-02 16:09 - 00001338 _____ () C:\Windows\Tasks\KKTHHJ.job
2014-12-03 16:08 - 2014-11-02 16:09 - 00001332 _____ () C:\Windows\Tasks\KQH.job
2014-12-03 16:07 - 2014-11-02 16:07 - 00001338 _____ () C:\Windows\Tasks\JOQEYV.job
2014-12-03 16:06 - 2014-11-02 16:06 - 00001336 _____ () C:\Windows\Tasks\EYEVH.job
2014-12-03 16:00 - 2012-08-09 23:56 - 01167706 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 15:46 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 15:46 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 15:45 - 2012-08-10 11:47 - 00699126 _____ () C:\Windows\system32\perfh00E.dat
2014-12-03 15:45 - 2012-08-10 11:47 - 00176450 _____ () C:\Windows\system32\perfc00E.dat
2014-12-03 15:45 - 2009-07-14 06:13 - 01671176 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 15:39 - 2014-01-07 23:15 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-12-03 15:39 - 2014-01-07 02:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-03 15:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 15:39 - 2009-07-14 05:51 - 00190024 _____ () C:\Windows\setupact.log
2014-12-02 20:29 - 2014-09-04 17:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 15:51 - 2014-10-04 19:10 - 00000000 ____D () C:\ProgramData\Baidu
2014-12-02 12:13 - 2014-01-18 15:14 - 00000000 ____D () C:\Users\user6\AppData\Roaming\.minecraft
2014-12-02 12:06 - 2012-08-10 16:38 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Skype
2014-12-01 09:23 - 2010-11-21 04:47 - 02197090 _____ () C:\Windows\PFRO.log
2014-11-30 08:04 - 2012-08-10 16:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-29 23:51 - 2014-01-18 15:22 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000Core.job
2014-11-26 13:16 - 2014-03-13 06:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 13:16 - 2014-01-07 06:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 13:16 - 2014-01-07 06:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-22 19:22 - 2014-10-07 16:45 - 00000000 ____D () C:\Windows\USB Vibration
2014-11-22 19:22 - 2014-04-21 18:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-22 19:21 - 2014-09-10 15:56 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-22 19:20 - 2014-10-07 17:16 - 00000000 ____D () C:\Users\user6\Downloads\PROGRAMI I DRAJVER
2014-11-22 19:17 - 2014-09-15 21:08 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2014-11-21 22:04 - 2014-04-21 18:13 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-21 21:04 - 2014-10-07 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MARVEL Super Heroes
2014-11-16 19:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2014-11-16 19:40 - 2009-07-14 03:34 - 00000580 _____ () C:\Windows\win.ini
2014-11-16 07:15 - 2014-03-10 09:42 - 00000000 ____D () C:\ProgramData\KONAMI
2014-11-16 07:14 - 2014-03-10 09:42 - 00000000 ____D () C:\Users\user6\Documents\KONAMI
2014-11-15 19:44 - 2014-10-03 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-11-15 19:43 - 2014-01-18 10:58 - 00000000 ____D () C:\Users\user6\Desktop\Vukove igrice
2014-11-15 19:05 - 2009-07-14 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-15 15:41 - 2014-10-01 12:31 - 00000000 ____D () C:\Users\user6\Documents\FIFA 14
2014-11-14 12:16 - 2009-07-14 05:45 - 00433848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-11-13 16:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 13:06 - 2014-05-05 22:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 12:51 - 2014-09-08 13:04 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Sony
2014-11-13 12:24 - 2012-08-10 16:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 22:10 - 2014-01-07 07:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 22:10 - 2012-08-10 00:45 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 15:45 - 2014-10-05 07:54 - 00144712 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.sys
2014-11-10 19:32 - 2014-09-30 10:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-10 19:32 - 2013-04-11 11:55 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-11-10 19:32 - 2013-04-11 11:55 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-11-10 18:12 - 2014-09-11 15:51 - 00000000 ____D () C:\Users\user6\AppData\Local\iLivid
2014-11-10 18:11 - 2014-09-11 15:52 - 00000000 ____D () C:\Program Files (x86)\Movies App
2014-11-10 15:54 - 2012-08-09 23:56 - 00000000 ____D () C:\Users\user6
2014-11-10 11:03 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-09 21:30 - 2014-01-16 20:50 - 00000093 _____ () C:\Users\user6\AppData\default.pls
2014-11-09 10:13 - 2014-06-12 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-11-08 12:01 - 2014-09-01 19:55 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-11-05 20:36 - 2014-11-02 16:08 - 00000000 ____D () C:\Users\user6\AppData\Roaming\BabSolution
2014-11-05 20:36 - 2014-10-29 21:19 - 00000000 ____D () C:\Users\user6\AppData\Roaming\SkypEmoticons
2014-11-05 20:36 - 2014-10-26 09:38 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic
2014-11-05 20:36 - 2014-10-20 20:01 - 00000000 ____D () C:\Users\user6\Documents\Rockstar Games
2014-11-05 20:36 - 2014-09-12 12:21 - 00000000 ____D () C:\Users\user6\AppData\Roaming\RHEng
2014-11-05 20:36 - 2014-09-11 16:05 - 00000000 ____D () C:\Users\user6\AppData\Local\Torch
2014-11-05 20:36 - 2014-09-01 17:03 - 00000000 ____D () C:\Users\user6\AppData\Roaming\DAEMON Tools Ultra
2014-11-05 20:36 - 2014-06-25 20:09 - 00000000 ____D () C:\Users\user6\AppData\Roaming\BitTorrent
2014-11-05 20:36 - 2014-06-07 06:27 - 00000000 ____D () C:\Users\user6\AppData\Roaming\BANDISOFT
2014-11-05 20:36 - 2014-04-22 09:00 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-11-05 20:36 - 2014-03-16 22:02 - 00000000 ____D () C:\Users\user6\AppData\Roaming\KompoZer
2014-11-05 20:36 - 2014-03-09 17:48 - 00000000 ____D () C:\Users\user6\AppData\Roaming\BitLord
2014-11-05 20:36 - 2014-02-23 15:22 - 00000000 ____D () C:\Users\user6\Documents\Kako Prodavati Na eBayu Upute za Prodaju Preko Ebaya_files
2014-11-05 20:36 - 2014-01-18 15:05 - 00000000 ____D () C:\Users\user6\AppData\Roaming\uTorrent
2014-11-05 20:36 - 2014-01-07 06:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-05 20:36 - 2012-08-10 16:28 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-11-05 20:36 - 2012-08-10 16:26 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-11-05 20:36 - 2012-08-10 16:26 - 00000000 ____D () C:\Users\user6\AppData\Roaming\GHISLER
2014-11-05 20:36 - 2012-08-10 16:20 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-05 20:36 - 2012-08-10 16:14 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Winamp
2014-11-05 20:36 - 2012-08-10 16:14 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
2014-11-05 20:36 - 2012-08-09 23:56 - 00000000 ___RD () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-05 20:36 - 2012-08-09 23:56 - 00000000 ___RD () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-05 20:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-05 20:35 - 2014-10-03 13:37 - 00000000 ____D () C:\Users\user6\Documents\Electronic Arts
2014-11-05 20:35 - 2014-09-30 11:01 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Steam
2014-11-05 20:35 - 2014-09-12 12:24 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Opera Software
2014-11-05 20:35 - 2014-09-01 19:57 - 00000000 ____D () C:\Users\user6\AppData\Roaming\DAEMON Tools Lite
2014-11-05 20:35 - 2014-07-20 17:10 - 00000000 ____D () C:\Users\user6\AppData\Local\NVIDIA
2014-11-05 20:35 - 2014-03-16 22:02 - 00000000 ____D () C:\Users\user6\Documents\kompozer-0.7.10-win32
2014-11-05 20:35 - 2014-03-16 21:20 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Notepad++
2014-11-05 20:35 - 2012-08-10 16:27 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Mozilla
2014-11-05 20:35 - 2012-08-10 16:21 - 00000000 ____D () C:\Users\user6\AppData\Roaming\Adobe
2014-11-05 20:35 - 2012-08-10 16:19 - 00000000 ____D () C:\Users\user6\AppData\Local\Google
2014-11-05 20:29 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-04 06:37 - 2014-10-04 19:14 - 00169288 _____ (Baidu) C:\Windows\system32\Drivers\bd0004.sys
2014-11-03 14:07 - 2012-08-09 23:56 - 00001421 _____ () C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-03 13:56 - 2014-09-01 17:05 - 00000000 ____D () C:\Program Files (x86)\Ubisoft

Some content of TEMP:
====================
C:\Users\user6\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\user6\AppData\Local\Temp\ICReinstall_fifa-15-full-version.exe
C:\Users\user6\AppData\Local\Temp\lowproc.exe
C:\Users\user6\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\user6\AppData\Local\Temp\Quarantine.exe
C:\Users\user6\AppData\Local\Temp\sqlite3.dll
C:\Users\user6\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 16:30

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Exclamation Korak 0

Imaš instalirana dva AV programa: Baidu i Microsoft Security Essentials. Deinstaliraj jedan od njih.



Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

iLivid
McAfee Security Scan Plus
Softonic for Windows
YTD Video Downloader 4.8.2



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start

HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [iLivid] => C:\Users\user6\AppData\Local\iLivid\iLivid.exe [7913472 2014-05-25] (Bandoo Media Inc.)
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {7a8c5730-6c92-11e4-aa10-bc5ff4da1084} - F:\Install.exe
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {db4a4062-4ae5-11e4-a354-bc5ff4da1084} - F:\steambackup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1415.....L5K&q={searchTerms}
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1415.....L5K&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyE0D0AtCtDzzyE0CyD0AyEtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByCtDtA0FyB0ByEtGzzyC0FtBtGyCtAyC0EtG0A0EtBtBtGtB0DzyyC0EyCyC0BzzyEtA0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzy0A0D0C0A0AtG0DtCtDtDtGyEtD0AtDtG0A0EyE0CtGtAtAtCtD0CtCyD0AtCzy0Czz2QtN1B1L1H1Ezu1O2U1M1B&cr=2101629463&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyE0D0AtCtDzzyE0CyD0AyEtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByCtDtA0FyB0ByEtGzzyC0FtBtGyCtAyC0EtG0A0EtBtBtGtB0DzyyC0EyCyC0BzzyEtA0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzy0A0D0C0A0AtG0DtCtDtDtGyEtD0AtDtG0A0EyE0CtGtAtAtCtD0CtCyD0AtCzy0Czz2QtN1B1L1H1Ezu1O2U1M1B&cr=2101629463&ir=
BHO: TotalPlusHD-3.1V02.11 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\TotalPlusHD-3.1V02.11\TotalPlusHD-3.1V02.11-bho64.dll No File
BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll No File
BHO: YoutubeAdBlocke -> {814694f3-80be-404b-8475-d54553b5e9ec} -> C:\Program Files (x86)\YoutubeAdBlocke\wHMkQuQKgCA0d4.x64.dll No File
BHO: GoSave -> {c286c06e-c719-4e7b-a8dd-9618f78a5915} -> C:\Program Files (x86)\GoSave\0KLTc4KQ1X58Xu.x64.dll No File
BHO-x32: TotalPlusHD-3.1V02.11 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\TotalPlusHD-3.1V02.11\TotalPlusHD-3.1V02.11-bho.dll No File
BHO-x32: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll No File
BHO-x32: YoutubeAdBlocke -> {814694f3-80be-404b-8475-d54553b5e9ec} -> C:\Program Files (x86)\YoutubeAdBlocke\wHMkQuQKgCA0d4.dll No File
BHO-x32: GoSave -> {c286c06e-c719-4e7b-a8dd-9618f78a5915} -> C:\Program Files (x86)\GoSave\0KLTc4KQ1X58Xu.dll No File
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
FF DefaultSearchUrl: hxxp://websearch.searc-hall.info/?pid=2273&r=2014/10/29&hid=3468128206519862363&lg=EN&cc=RS&unqvl=65&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF user.js: detected! => C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: GoSave - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\fK9@y.edu [2014-10-29]
FF Extension: YoutubeAdBlocke - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\UsAiI@1.org [2014-10-29]
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1415370533&from=cor&uid=ST500DM002-1BD142_S2ALLL5KXXXXS2ALLL5K
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1415370533&from=cor&uid=ST500DM002-1BD142_S2ALLL5KXXXXS2ALLL5K"
CHR DefaultSearchKeyword: Default -> sweet-page
CHR Extension: (EnterDigital) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipjaehplfnnamlkgojdjpbiicpjbhjm [2014-11-13]
Task: {2980C194-7356-40F2-BCC5-CD85C214185B} - \EPUpdater No Task File <==== ATTENTION
Task: {469EF746-22DF-4604-91EC-B449B8855820} - System32\Tasks\KKTHHJ => C:\Users\user6\AppData\Roaming\KKTHHJ.exe <==== ATTENTION
Task: {5585BD52-67BB-47DE-AF0C-B5E34C960BB4} - \Only-search No Task File <==== ATTENTION
Task: {5BC961A6-C4E0-432D-B4BE-632E40DF295D} - System32\Tasks\EYEVH => C:\Users\user6\AppData\Roaming\EYEVH.exe <==== ATTENTION
Task: {68A9148F-D118-4561-8961-0D48D23AF79B} - System32\Tasks\JOQEYV => C:\Users\user6\AppData\Roaming\JOQEYV.exe <==== ATTENTION
Task: {74F037C3-97F1-4AC1-A12B-4CEEBC27EEFD} - \Only-search Updater No Task File <==== ATTENTION
Task: {76489A6D-0506-45C5-B35A-77B1A04C3ED0} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {9B36B0EA-8BE5-4995-9DCF-3387231F4631} - System32\Tasks\KQH => C:\Users\user6\AppData\Roaming\KQH.exe <==== ATTENTION
Task: C:\Windows\Tasks\EYEVH.job => C:\Users\user6\AppData\Roaming\EYEVH.exe <==== ATTENTION
Task: C:\Windows\Tasks\JOQEYV.job => C:\Users\user6\AppData\Roaming\JOQEYV.exe <==== ATTENTION
Task: C:\Windows\Tasks\KKTHHJ.job => C:\Users\user6\AppData\Roaming\KKTHHJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\KQH.job => C:\Users\user6\AppData\Roaming\KQH.exe <==== ATTENTION
C:\Users\user6\AppData\Local\iLivid
C:\Program Files (x86)\TotalPlusHD-3.1V02.11
C:\Program Files (x86)\TheTorntv V10
C:\Program Files (x86)\YoutubeAdBlocke
C:\Program Files (x86)\GoSave
C:\Program Files (x86)\DAEMON Tools Toolbar
C:\Users\user6\AppData\Roaming\KKTHHJ.exe
C:\Users\user6\AppData\Roaming\EYEVH.exe
C:\Users\user6\AppData\Roaming\JOQEYV.exe
C:\Program Files (x86)\MyPC Backup
C:\Users\user6\AppData\Roaming\KQH.exe

S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-20] (Symantec Corporation)
C:\Program Files (x86)\Common Files\Symantec Shared

EmptyTemp:

End


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).





Arrow Korak 4

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Imaš instalirana dva AV programa: Baidu i Microsoft Security Essentials. Deinstaliraj jedan od njih.
Deinstalirao Baidu.

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

iLivid
McAfee Security Scan Plus
Softonic for Windows
YTD Video Downloader 4.8.2

McAfee deinstalirao, kod ostala 3 je izašla poruka da programi nisu nađeni, da je moguće da su već deinstalirani, pobrisane su samo ikonice.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by user6 at 2014-12-03 20:48:03 Run:1
Running from C:\Users\user6\Desktop
Loaded Profile: user6 (Available profiles: user6)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start

HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [iLivid] => C:\Users\user6\AppData\Local\iLivid\iLivid.exe [7913472 2014-05-25] (Bandoo Media Inc.)
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {7a8c5730-6c92-11e4-aa10-bc5ff4da1084} - F:\Install.exe
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {db4a4062-4ae5-11e4-a354-bc5ff4da1084} - F:\steambackup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main,Search Page = sweet-page.com/web/?type=ds&ts=1415.....L5K&q={searchTerms}
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = sweet-page.com/web/?type=ds&ts=1415.....L5K&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyE0D0AtCtDzzyE0CyD0AyEtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByCtDtA0FyB0ByEtGzzyC0FtBtGyCtAyC0EtG0A0EtBtBtGtB0DzyyC0EyCyC0BzzyEtA0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzy0A0D0C0A0AtG0DtCtDtDtGyEtD0AtDtG0A0EyE0CtGtAtAtCtD0CtCyD0AtCzy0Czz2QtN1B1L1H1Ezu1O2U1M1B&cr=2101629463&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyE0D0AtCtDzzyE0CyD0AyEtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByCtDtA0FyB0ByEtGzzyC0FtBtGyCtAyC0EtG0A0EtBtBtGtB0DzyyC0EyCyC0BzzyEtA0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzy0A0D0C0A0AtG0DtCtDtDtGyEtD0AtDtG0A0EyE0CtGtAtAtCtD0CtCyD0AtCzy0Czz2QtN1B1L1H1Ezu1O2U1M1B&cr=2101629463&ir=
BHO: TotalPlusHD-3.1V02.11 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\TotalPlusHD-3.1V02.11\TotalPlusHD-3.1V02.11-bho64.dll No File
BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll No File
BHO: YoutubeAdBlocke -> {814694f3-80be-404b-8475-d54553b5e9ec} -> C:\Program Files (x86)\YoutubeAdBlocke\wHMkQuQKgCA0d4.x64.dll No File
BHO: GoSave -> {c286c06e-c719-4e7b-a8dd-9618f78a5915} -> C:\Program Files (x86)\GoSave\0KLTc4KQ1X58Xu.x64.dll No File
BHO-x32: TotalPlusHD-3.1V02.11 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\TotalPlusHD-3.1V02.11\TotalPlusHD-3.1V02.11-bho.dll No File
BHO-x32: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll No File
BHO-x32: YoutubeAdBlocke -> {814694f3-80be-404b-8475-d54553b5e9ec} -> C:\Program Files (x86)\YoutubeAdBlocke\wHMkQuQKgCA0d4.dll No File
BHO-x32: GoSave -> {c286c06e-c719-4e7b-a8dd-9618f78a5915} -> C:\Program Files (x86)\GoSave\0KLTc4KQ1X58Xu.dll No File
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
FF DefaultSearchUrl: hxxp://websearch.searc-hall.info/?pid=2273&r=2014/10/29&hid=3468128206519862363&lg=EN&cc=RS&unqvl=65&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF user.js: detected! => C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: GoSave - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\fK9@y.edu [2014-10-29]
FF Extension: YoutubeAdBlocke - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\UsAiI@1.org [2014-10-29]
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1415370533&from=cor&uid=ST500DM002-1BD142_S2ALLL5KXXXXS2ALLL5K
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1415370533&from=cor&uid=ST500DM002-1BD142_S2ALLL5KXXXXS2ALLL5K"
CHR DefaultSearchKeyword: Default -> sweet-page
CHR Extension: (EnterDigital) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipjaehplfnnamlkgojdjpbiicpjbhjm [2014-11-13]
Task: {2980C194-7356-40F2-BCC5-CD85C214185B} - \EPUpdater No Task File <==== ATTENTION
Task: {469EF746-22DF-4604-91EC-B449B8855820} - System32\Tasks\KKTHHJ => C:\Users\user6\AppData\Roaming\KKTHHJ.exe <==== ATTENTION
Task: {5585BD52-67BB-47DE-AF0C-B5E34C960BB4} - \Only-search No Task File <==== ATTENTION
Task: {5BC961A6-C4E0-432D-B4BE-632E40DF295D} - System32\Tasks\EYEVH => C:\Users\user6\AppData\Roaming\EYEVH.exe <==== ATTENTION
Task: {68A9148F-D118-4561-8961-0D48D23AF79B} - System32\Tasks\JOQEYV => C:\Users\user6\AppData\Roaming\JOQEYV.exe <==== ATTENTION
Task: {74F037C3-97F1-4AC1-A12B-4CEEBC27EEFD} - \Only-search Updater No Task File <==== ATTENTION
Task: {76489A6D-0506-45C5-B35A-77B1A04C3ED0} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {9B36B0EA-8BE5-4995-9DCF-3387231F4631} - System32\Tasks\KQH => C:\Users\user6\AppData\Roaming\KQH.exe <==== ATTENTION
Task: C:\Windows\Tasks\EYEVH.job => C:\Users\user6\AppData\Roaming\EYEVH.exe <==== ATTENTION
Task: C:\Windows\Tasks\JOQEYV.job => C:\Users\user6\AppData\Roaming\JOQEYV.exe <==== ATTENTION
Task: C:\Windows\Tasks\KKTHHJ.job => C:\Users\user6\AppData\Roaming\KKTHHJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\KQH.job => C:\Users\user6\AppData\Roaming\KQH.exe <==== ATTENTION
C:\Users\user6\AppData\Local\iLivid
C:\Program Files (x86)\TotalPlusHD-3.1V02.11
C:\Program Files (x86)\TheTorntv V10
C:\Program Files (x86)\YoutubeAdBlocke
C:\Program Files (x86)\GoSave
C:\Program Files (x86)\DAEMON Tools Toolbar
C:\Users\user6\AppData\Roaming\KKTHHJ.exe
C:\Users\user6\AppData\Roaming\EYEVH.exe
C:\Users\user6\AppData\Roaming\JOQEYV.exe
C:\Program Files (x86)\MyPC Backup
C:\Users\user6\AppData\Roaming\KQH.exe

S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-20] (Symantec Corporation)
C:\Program Files (x86)\Common Files\Symantec Shared

EmptyTemp:

End
*****************

HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => value deleted successfully.
"HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a8c5730-6c92-11e4-aa10-bc5ff4da1084}" => Key deleted successfully.
"HKCR\CLSID\{7a8c5730-6c92-11e4-aa10-bc5ff4da1084}" => Key not found.
"HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db4a4062-4ae5-11e4-a354-bc5ff4da1084}" => Key deleted successfully.
"HKCR\CLSID\{db4a4062-4ae5-11e4-a354-bc5ff4da1084}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611321185}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611331111}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{814694f3-80be-404b-8475-d54553b5e9ec}" => Key deleted successfully.
"HKCR\CLSID\{814694f3-80be-404b-8475-d54553b5e9ec}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c286c06e-c719-4e7b-a8dd-9618f78a5915}" => Key deleted successfully.
"HKCR\CLSID\{c286c06e-c719-4e7b-a8dd-9618f78a5915}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611321185}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611331111}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{814694f3-80be-404b-8475-d54553b5e9ec}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{814694f3-80be-404b-8475-d54553b5e9ec}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c286c06e-c719-4e7b-a8dd-9618f78a5915}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{c286c06e-c719-4e7b-a8dd-9618f78a5915}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
"HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => Key deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\MyOnlineSearch.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\fK9@y.edu => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\UsAiI@1.org => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipjaehplfnnamlkgojdjpbiicpjbhjm => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2980C194-7356-40F2-BCC5-CD85C214185B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2980C194-7356-40F2-BCC5-CD85C214185B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{469EF746-22DF-4604-91EC-B449B8855820}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{469EF746-22DF-4604-91EC-B449B8855820}" => Key deleted successfully.
C:\Windows\System32\Tasks\KKTHHJ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KKTHHJ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5585BD52-67BB-47DE-AF0C-B5E34C960BB4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5585BD52-67BB-47DE-AF0C-B5E34C960BB4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Only-search" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5BC961A6-C4E0-432D-B4BE-632E40DF295D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC961A6-C4E0-432D-B4BE-632E40DF295D}" => Key deleted successfully.
C:\Windows\System32\Tasks\EYEVH => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EYEVH" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68A9148F-D118-4561-8961-0D48D23AF79B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A9148F-D118-4561-8961-0D48D23AF79B}" => Key deleted successfully.
C:\Windows\System32\Tasks\JOQEYV => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JOQEYV" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74F037C3-97F1-4AC1-A12B-4CEEBC27EEFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74F037C3-97F1-4AC1-A12B-4CEEBC27EEFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Only-search Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76489A6D-0506-45C5-B35A-77B1A04C3ED0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76489A6D-0506-45C5-B35A-77B1A04C3ED0}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchApp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B36B0EA-8BE5-4995-9DCF-3387231F4631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B36B0EA-8BE5-4995-9DCF-3387231F4631}" => Key deleted successfully.
C:\Windows\System32\Tasks\KQH => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KQH" => Key deleted successfully.
C:\Windows\Tasks\EYEVH.job => Moved successfully.
C:\Windows\Tasks\JOQEYV.job => Moved successfully.
C:\Windows\Tasks\KKTHHJ.job => Moved successfully.
C:\Windows\Tasks\KQH.job => Moved successfully.
C:\Users\user6\AppData\Local\iLivid => Moved successfully.
"C:\Program Files (x86)\TotalPlusHD-3.1V02.11" => File/Directory not found.
"C:\Program Files (x86)\TheTorntv V10" => File/Directory not found.
"C:\Program Files (x86)\YoutubeAdBlocke" => File/Directory not found.
"C:\Program Files (x86)\GoSave" => File/Directory not found.
"C:\Program Files (x86)\DAEMON Tools Toolbar" => File/Directory not found.
"C:\Users\user6\AppData\Roaming\KKTHHJ.exe" => File/Directory not found.
"C:\Users\user6\AppData\Roaming\EYEVH.exe" => File/Directory not found.
"C:\Users\user6\AppData\Roaming\JOQEYV.exe" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Users\user6\AppData\Roaming\KQH.exe" => File/Directory not found.
eeCtrl => Service deleted successfully.
EraserUtilRebootDrv => Service deleted successfully.
C:\Program Files (x86)\Common Files\Symantec Shared => Moved successfully.
EmptyTemp: => Removed 674.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Zoek.exe v5.0.0.0 Updated 03-December-2014
Tool run by user6 on Wed 12/03/2014 at 21:27:47.50.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user6\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/3/2014 9:28:24 PM Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BaiduProtect.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Users\user6\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Capture Device Service] - Capture Device Service - c:\program files (x86)\common files\intervideo\deviceservice\devsvc.exe
R2 - [LMIGuardianSvc] - LMIGuardianSvc - c:\program files (x86)\logmein hamachi\lmiguardiansvc.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe
R2 - [RealPlayer Cloud Service] - RealPlayer Cloud Service - c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe
R2 - [RealPlayerUpdateSvc] - RealPlayer Update Service - c:\program files (x86)\real\updateservice\realplayerupdatesvc.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [UMVPFSrv] - UMVPFSrv - c:\program files (x86)\common files\logishrd\lvmvfm\umvpfsrv.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
R3 - [WMPNetworkSvc] - Usluga deljenja putem mreže za Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Faks - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
R0 - [Mup] - MUP - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Upravljački program TCP/IP protokola - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO TDI upravljačkog programa podrške koji je zastareo - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\user6\AppData\Local\Temp ====
2014-12-03 19:58:21 875E1B7B8E832EF5CA95CA9D0D23C501 160712 ----a-w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp\FixSe.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-22 18:22:01 FFAEFE89E5E9F630984B5E7B8EF3637D 73728 ----a-w- C:\Windows\SysWOW64\dancemat.exe
====== C:\Windows\SysWOW64\drivers =====
2014-11-22 18:22:02 4FDACAACCF32AF26F1254F53BCFE17E7 31128 ----a-w- C:\Windows\SysWOW64\drivers\hid8103.sys
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-11-15 18:50:22 33F90B202E9DD9B7D489EB59310FDC34 283064 ----a-w- C:\Windows\Sysnative\drivers\dtsoftbus01.sys
2014-11-12 11:43:44 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
2014-11-10 18:33:24 A3FD285F87D9D7964297498963EFD728 3424 ----a-w- C:\Windows\Sysnative\Tasks\RealDownloader Update Check
2014-11-10 18:32:57 10D6CABD346E0B0074B48E91BE684520 3362 ----a-w- C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2683369425-3361945966-1453627295-1000
2014-11-07 14:31:22 6686E556C44D2571BF7628A6382BF101 3146 ----a-w- C:\Windows\Sysnative\Tasks\{D164F24E-BA81-4DD3-81D7-E12E809EA145}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-11-21 20:03:37 -------- d-----w- C:\PROGRA~2\Enlight
2014-11-18 11:48:26 -------- d-----w- C:\PROGRA~2\COMMON~1\Steam
2014-11-15 18:05:16 -------- d-----w- C:\PROGRA~2\OpenAL
2014-11-14 16:15:09 -------- d-----w- C:\PROGRA~2\Ulead Systems
2014-11-14 16:15:09 -------- d-----w- C:\PROGRA~2\COMMON~1\Ulead Systems
2014-11-13 18:49:00 -------- d-----w- C:\PROGRA~2\COMMON~1\InterVideo
2014-11-13 18:48:41 -------- d-----w- C:\PROGRA~2\Windows Media Components
2014-11-13 14:32:56 -------- d-----w- C:\PROGRA~2\Movie Maker
2014-11-11 16:44:47 -------- d-----w- C:\PROGRA~2\Sony
2014-11-11 07:17:06 -------- d-----w- C:\PROGRA~2\ReflexiveArcade
2014-11-10 18:32:45 -------- d-----w- C:\PROGRA~2\RealNetworks
2014-11-10 18:32:36 -------- d-----w- C:\PROGRA~2\COMMON~1\xing shared
2014-11-10 18:32:11 -------- d-----w- C:\PROGRA~2\Real
2014-11-09 08:17:36 -------- d-----w- C:\PROGRA~2\Assassins Creed III
2014-11-08 18:12:30 -------- d-----w- C:\PROGRA~2\RealArcade
======= C: =====
====== C:\Users\user6\AppData\Roaming ======
2014-12-03 19:57:54 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Baidu
2014-11-22 09:54:25 -------- d-----w- C:\Users\user6\AppData\Local\NokiaAccount
2014-11-22 09:54:10 -------- d-----w- C:\Users\user6\AppData\Local\Nokia
2014-11-18 13:59:44 -------- d-----w- C:\Users\user6\AppData\Roaming\Darkfall
2014-11-18 12:03:05 -------- d-----w- C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-15 18:04:24 -------- d-----w- C:\Users\user6\AppData\Local\Programs
2014-11-14 17:16:23 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google
2014-11-14 16:10:44 -------- d-----w- C:\Users\user6\AppData\Local\Unity
2014-11-13 18:52:16 -------- d-----w- C:\Users\user6\AppData\Roaming\Ulead Systems
2014-11-11 07:17:46 -------- d-----w- C:\Users\user6\AppData\Roaming\PlayFirst
2014-11-10 18:32:55 -------- d-----w- C:\Users\user6\AppData\Roaming\RealNetworks
2014-11-10 18:31:51 -------- d-----w- C:\Users\user6\AppData\Roaming\Real
2014-11-09 13:51:14 -------- d-----w- C:\Users\user6\AppData\Roaming\dingogames
2014-11-09 09:15:49 -------- d-----w- C:\Users\user6\AppData\Roaming\vlc
2014-11-09 08:30:40 -------- d-----w- C:\Users\user6\AppData\Roaming\Theta
2014-11-08 11:02:10 -------- d-----w- C:\Users\user6\AppData\Local\EMU
2014-11-08 09:24:28 -------- d-----w- C:\Users\user6\AppData\Local\Skype
2014-11-07 21:53:46 -------- d-----w- C:\Users\user6\AppData\Local\Microsoft Games
2014-11-06 14:20:13 -------- d-----w- C:\Users\user6\AppData\Local\Ahead
2014-11-05 13:01:10 -------- d-----w- C:\Users\user6\AppData\Local\Sony
2014-11-04 18:05:12 -------- d-----w- C:\Users\user6\AppData\Local\Adobe
2014-11-04 17:29:09 -------- d-----w- C:\Users\user6\AppData\Local\Microsoft Help
2014-11-04 11:30:49 -------- d-----w- C:\Users\user6\AppData\Local\VirtualStore
====== C:\Users\user6 ======
2014-12-03 19:57:20 -------- d-----w- C:\ProgramData\Baidu
2014-12-03 19:54:03 CBDDB6C4BCD895F8879FD6AC588007A0 2154496 ----a-w- C:\Users\user6\Desktop\AdwCleaner.exe
2014-12-03 18:48:49 AEED85060B2A31847910E7FE2A27F433 2117632 ----a-w- C:\Users\user6\Desktop\FRST64.exe
2014-11-21 20:06:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight
2014-11-18 11:48:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-16 06:15:00 -------- d-----w- C:\ProgramData\Steam
2014-11-15 18:05:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-11-14 16:16:00 -------- d-----w- C:\ProgramData\InterVideo
2014-11-14 16:15:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 11
2014-11-13 18:48:04 -------- d-----w- C:\ProgramData\Ulead Systems
2014-11-11 07:17:46 -------- d-----w- C:\ProgramData\PlayFirst
2014-11-11 07:17:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tasty Planet
2014-11-10 18:32:45 -------- d-----w- C:\ProgramData\RealNetworks
2014-11-10 18:32:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-11-10 18:30:49 -------- d-----w- C:\ProgramData\Real
2014-11-10 14:54:58 94539E43203067066A0BE0D5C1B7E80E 224 ----a-w- C:\Users\user6\BullseyeCoverageError.txt
2014-11-09 13:51:14 -------- d---a-w- C:\ProgramData\TEMP
2014-11-09 13:51:14 -------- d-----w- C:\ProgramData\dingogames
2014-11-09 08:30:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III
2014-11-08 06:24:16 -------- d-----w- C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7

====== C: exe-files ==
2014-12-03 19:58:21 875E1B7B8E832EF5CA95CA9D0D23C501 160712 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\FixSe.exe
2014-12-03 19:54:03 CBDDB6C4BCD895F8879FD6AC588007A0 2154496 ----a-w- C:\Users\user6\Desktop\AdwCleaner.exe
2014-12-03 18:48:49 E1343EA369362BF83003CFEC62803E1E 2117120 ----a-w- C:\Users\user6\Desktop\FRST-OlderVersion\FRST64.exe
2014-12-03 18:48:49 AEED85060B2A31847910E7FE2A27F433 2117632 ----a-w- C:\Users\user6\Desktop\FRST64.exe
=== C: other files ==
2014-12-03 19:50:02 F75F5F5703182987905AE13CC18E72EA 181072 ----a-w- C:\Windows\Temp\bdsgupdate\bd0001_x64.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"DAEMON Tools Lite"="D:\vuk\DAEMON Tools Lite\DTLite.exe -autorun"
"baidu"="C:\Program Files (x86)\baidu\BindEx.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe -osboot"
"RealDownloader"="C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe"
"UVS11 Preload"="C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"DAEMON Tools Lite"="D:\vuk\DAEMON Tools Lite\DTLite.exe -autorun"
"baidu"="C:\Program Files (x86)\baidu\BindEx.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

==== Startup Folders ======================

2014-03-16 21:34:32 1310 ----a-w- C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2014-11-10 18:32:28 1252 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/26/2014 01:16 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000Core.job --a------ C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000UA.job --a------ C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000Core" [C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000UA" [C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\RealDownloader Update Check" [C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2683369425-3361945966-1453627295-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2683369425-3361945966-1453627295-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{133ED77D-58FB-4F43-8C40-F249139BD11A}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{7BF69A36-5BD0-411F-98A4-C87BCC129704}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{B21FFA08-559B-4B7E-984C-B63C73BF471A}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{C0F55EF1-4853-4556-922F-DF3A21E32FF4}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{CD55ECA3-A956-4BE1-87FD-22B53F96FCCD}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{E82C8DE0-E221-4B32-A939-C76D85F8D63C}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{F7289DDC-A1D5-4B05-9670-9DA733F0566C}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [11/10/2014 07:32 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\user6\AppData\Roaming\KompoZer\Profiles\qq3j173k.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

ProfilePath: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default
- Undetermined - testpilot@labs.mozilla.com
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default
8303B3CEC05500F763B4FA75210598BB - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash
252949179FE1C491B7D16A9AA376B29B - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
2BC6A052D9B153F6DC2F0E420FB4F407 - C:\Users\user6\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

Search by Image - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
CostMin - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia
GoSave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gimnfmndackejdophhfpmcjmoepmaaba
Search by Image - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
CostMin - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia
GoSave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gimnfmndackejdophhfpmcjmoepmaaba
Search by Image - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
CostMin - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia
GoSave - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gimnfmndackejdophhfpmcjmoepmaaba
Search by Image - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
CostMin - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia
GoSave - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gimnfmndackejdophhfpmcjmoepmaaba
Radio Canyon - user6\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk
TheTorntv V10 - user6\AppData\Roaming\Opera Software\Opera Stable\Extensions\pmijnggdaadccmmmoofgdcaikjmkiglk

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}] not found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Wed 12/03/2014 at 21:31:14.95 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

dlcmldoakheecmjemghnkjpboipifcia;chr
gimnfmndackejdophhfpmcjmoepmaaba;chr
bikofacodmhdpkfdeeocponfcgjcdfbk;chr
pmijnggdaadccmmmoofgdcaikjmkiglk;chr
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"baidu"=-;r
C:\Program Files (x86)\baidu;f
emptyalltemp;
shortcutfix;
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Zoek.exe v5.0.0.0 Updated 03-December-2014
Tool run by user6 on Wed 12/03/2014 at 22:11:19.14.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user6\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-03-203114.log 25987 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Remedy deleted successfully
C:\PROGRA~2\Ubisoft deleted successfully
C:\PROGRA~3\7bb6df21-8ca8-4eec-965d-8cd2261544c7 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\user6\AppData\Roaming\Publish Providers deleted successfully
C:\Users\user6\AppData\Roaming\rmi deleted successfully
C:\Users\user6\AppData\Roaming\{3a2ca7df-1235-10f6-c724-e9253a2ca7df} deleted successfully
C:\Users\user6\AppData\Local\NokiaAccount deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\user6\AppData\Roaming\KompoZer\Profiles\qq3j173k.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20141203_1021_.backup

ProfilePath: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default

user.js not found
---- Lines astrmndasr removed from prefs.js ----
user_pref("extensions.astrmndasr.AL", 4);
user_pref("extensions.astrmndasr.aflt", "ast_aw_14_40_ff");
user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}");
user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1Qzu0B0CyD0F0FyE0D0AtCtDzzyE0CyD0AyEtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1
user_pref("extensions.astrmndasr.cr", "2101629463");
user_pref("extensions.astrmndasr.data.1475e97c0146bfb1c490339546d9e72ee", "1");
user_pref("extensions.astrmndasr.data._dy", "20141012");
user_pref("extensions.astrmndasr.data.a._dy", "20141012");
user_pref("extensions.astrmndasr.data.a.aliveDate", "20141012");
user_pref("extensions.astrmndasr.data.a.instlDate", "20141003");
user_pref("extensions.astrmndasr.data.ch_dv2", "true");
user_pref("extensions.astrmndasr.dfltLng", "");
user_pref("extensions.astrmndasr.dfltSrch", true);
user_pref("extensions.astrmndasr.dnsErr", true);
user_pref("extensions.astrmndasr.excTlbr", false);
user_pref("extensions.astrmndasr.general.guid", "a73c4c1c-a8ca-47b2-8969-635cffe9ca4e");
user_pref("extensions.astrmndasr.hmpg", true);
user_pref("extensions.astrmndasr.id", "BC5FF4DA1084C5A4");
user_pref("extensions.astrmndasr.instlDay", "16346");
user_pref("extensions.astrmndasr.instlRef", "SPDY");
user_pref("extensions.astrmndasr.prdct", "astrmndasr");
user_pref("extensions.astrmndasr.tlbrId", "");
user_pref("extensions.astrmndasr.vrsn", "");
user_pref("extensions.astrmndasr.vrsni", "");
user_pref("extensions.astrmndasr_i.newTab", true);
user_pref("extensions.astrmndasr_i.smplGrp", "none");
user_pref("extensions.astrmndasr_i.vrsnTs", "14:25:20");
---- FireFox user.js and prefs.js backups ----

prefs_20141203_1021_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"baidu"=-

==== Deleting Files \ Folders ======================

C:\PROGRA~3\7bb6df21-8ca8-4eec-965d-8cd2261544c7 not found
"C:\Program Files (x86)\baidu" not found
C:\Users\user6\AppData\Roaming\WB.CFG deleted
C:\Users\user6\AppData\Roaming\BitLord deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Baidu deleted
C:\PROGRA~3\spds90.txt deleted
C:\PROGRA~3\Baidu deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\user6\AppData\LocalLow\{853FC82B-7801-E10E-308D-A1AA9BBCEB53} deleted
C:\Windows\wininit.ini deleted
C:\Windows\SpeedItup Free Uninstall Log.txt deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\user6\Documents\BitLord deleted
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\CT3289075 deleted
"C:\Users\user6\AppData\Roaming\EYEVH" deleted
"C:\Users\user6\AppData\Roaming\JOQEYV" deleted
"C:\Users\user6\AppData\Roaming\KKTHHJ" deleted
"C:\Users\user6\AppData\Roaming\KQH" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [11/10/2014 07:32 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\user6\AppData\Roaming\KompoZer\Profiles\qq3j173k.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

ProfilePath: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default
- Undetermined - testpilot@labs.mozilla.com
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default
8303B3CEC05500F763B4FA75210598BB - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash
252949179FE1C491B7D16A9AA376B29B - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
2BC6A052D9B153F6DC2F0E420FB4F407 - C:\Users\user6\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Radio Canyon - user6\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk
TheTorntv V10 - user6\AppData\Roaming\Opera Software\Opera Stable\Extensions\pmijnggdaadccmmmoofgdcaikjmkiglk

==== Chromium Fix ======================

C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_govome.inspsearch.com_0.localstorage deleted successfully
C:\Users\user6\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk deleted successfully
C:\Users\user6\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_bikofacodmhdpkfdeeocponfcgjcdfbk_0.localstorage deleted successfully
C:\Users\user6\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_bikofacodmhdpkfdeeocponfcgjcdfbk_0.localstorage-journal deleted successfully
C:\Users\user6\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_bikofacodmhdpkfdeeocponfcgjcdfbk_0 deleted successfully
C:\Users\user6\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\bikofacodmhdpkfdeeocponfcgjcdfbk deleted successfully
C:\Users\user6\AppData\Roaming\Opera Software\Opera Stable\Extensions\pmijnggdaadccmmmoofgdcaikjmkiglk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== shortcuts on Users Desktops ======================

C:\Users\user6\Desktop\DTLite.exe - pre?ica.lnk -
C:\Users\user6\Desktop\fifa14-3dm.exe.lnk - C:\Program Files (x86)\Electronic Arts\FIFA 14\Game\fifa14-3dm.exe
C:\Users\user6\Desktop\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
C:\Users\user6\Desktop\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\user6\Desktop\Minecraft.lnk - C:\Users\user6\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe
C:\Users\user6\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\user6\Desktop\Tasty Planet Back for Seconds.lnk - D:\vuk\Tasty Planet Back for Seconds\tastyplanet2.exe
C:\Users\user6\Desktop\Total Commander 64 bit (2).lnk - C:\totalcmd\TOTALCMD64.EXE
C:\Users\user6\Desktop\Total Commander 64 bit.lnk - C:\totalcmd\TOTALCMD64.EXE
C:\Users\user6\Desktop\vuk.lnk - D:\vuk
C:\Users\user6\Desktop\Zamena jezika - Nyelv atvaltasa.lnk -
C:\Users\user6\Desktop\Vukove igrice\Building the Great Wall of China.lnk - C:\Program Files (x86)\LeeGT-Games\Building the Great Wall of China\Building the Great Wall of China.exe
C:\Users\user6\Desktop\Vukove igrice\Games for Windows - LIVE.lnk - C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
C:\Users\user6\Desktop\Vukove igrice\LEGO Star Wars.lnk - D:\vuk\lego marvel super heroes ep.mp4
C:\Users\user6\Desktop\Vukove igrice\Madagascar (TM).lnk - C:\Program Files (x86)\Activision\Madagascar\Launcher.exe
C:\Users\user6\Desktop\Vukove igrice\Minecraft.lnk - C:\Users\user6\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe
C:\Users\user6\Desktop\Vukove igrice\PerformanceTest (2).lnk - D:\vuk\PerformanceTest\PerformanceTest64.exe
C:\Users\user6\Desktop\Vukove igrice\Pro Evolution Soccer 2013 DEMO - pre?ica (3).lnk -
C:\Users\user6\Desktop\Vukove igrice\The Chronicles of Narnia.lnk - C:\Program Files (x86)\Buena Vista Games\Narnia\Narnia.exe
C:\Users\user6\Desktop\Vukove igrice\The Simpsons - Hit and Run™.lnk -
C:\Users\user6\Desktop\Vukove igrice\TuneUp Utilities 2014.lnk - C:\Program Files (x86)\TuneUp Utilities 2014\Integrator.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Assassins Creed III.lnk - C:\Program Files (x86)\Assassins Creed III\AC3SP.exe
C:\Users\Public\Desktop\Fraps.lnk - D:\Fraps\fraps.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Pro Evolution Soccer 2015.lnk - D:\vuk\Pro Evolution Soccer 2015\PES2015.exe
C:\Users\Public\Desktop\RealPlayer Cloud.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop
C:\Users\Public\Desktop\Restaurant Empire.lnk - C:\Program Files (x86)\Enlight\Restaurant Empire\Restaurant Empire.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Public\Desktop\Steam.lnk - D:\vuk\Steam\Steam.exe
C:\Users\Public\Desktop\System Shock 2.lnk - C:\GOG Games\System Shock 2\start.exe
C:\Users\Public\Desktop\Ulead VideoStudio 11.lnk - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\vstudio.exe

==== shortcuts in Users Start Menu ======================

C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto San Andreas™.lnk -
C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Restaurant Empire™.lnk -
C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Spider-Man™.lnk -
C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\The Matrix Path of Neo™.lnk -
C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - D:\vuk\Steam\Steam.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2015.lnk - D:\vuk\Pro Evolution Soccer 2015\PES2015.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III\Assassins Creed III.lnk - C:\Program Files (x86)\Assassins Creed III\AC3SP.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III\Uninstall Assassins Creed III.lnk - C:\Program Files (x86)\Assassins Creed III\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk - D:\vuk\DAEMON Tools Lite\DT.gadget
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - D:\vuk\DAEMON Tools Lite\SPTDinst-x64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\Uninstall.lnk - D:\vuk\DAEMON Tools Lite\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\FIFA 14\FIFA 14 - Configuration.lnk - C:\Program Files (x86)\Electronic Arts\FIFA 14\Game\fifasetup\fifaconfig.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\FIFA 14\FIFA 14.lnk - C:\Program Files (x86)\Electronic Arts\FIFA 14\Game\fifa14.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\FIFA 14\Uninstall FIFA 14.lnk - C:\Program Files (x86)\Electronic Arts\FIFA 14\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight\Restaurant Empire\Restaurant Empire Readme.lnk - C:\Program Files (x86)\Enlight\Restaurant Empire\readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight\Restaurant Empire\Restaurant Empire Video Setting.lnk - C:\Program Files (x86)\Enlight\Restaurant Empire\VSetting.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight\Restaurant Empire\Restaurant Empire.lnk - C:\Program Files (x86)\Enlight\Restaurant Empire\Restaurant Empire.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight\Restaurant Empire\Uninstall Restaurant Empire.lnk - C:\Windows\system32\RunDll32.exe C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C0A9803-4592-11D7-B796-0050BFE4DB80}\Setup.exe" -l0x9 -uninst -f Setup.ilg
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight\Restaurant Empire\Web Links\Enlight Web Site.lnk - C:\Program Files (x86)\Enlight\Restaurant Empire\Weblinks\enlight.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight\Restaurant Empire\Web Links\Restaurant Empire Web Site.lnk - C:\Program Files (x86)\Enlight\Restaurant Empire\Weblinks\restaurant.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\System Shock 2.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\System Shock 2\System Shock 2.lnk - C:\GOG Games\System Shock 2\start.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\System Shock 2\Uninstall System Shock 2.lnk - C:\GOG Games\System Shock 2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\System Shock 2\Documents\Manual.lnk - C:\GOG Games\System Shock 2\Manual.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD\Neighbours From Hell 2\Play Neighbours From Hell 2.lnk - D:\vuk\bin\game.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD\Neighbours From Hell 2\Register game online.lnk - D:\vuk\Register.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD\Neighbours From Hell 2\Uninstall Neighbours From Hell 2.lnk - C:\Windows\system32\msiexec.exe /i {43A44FC2-FC81-444F-B847-D93F535B7208}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD\Neighbours From Hell 2\Visit JoWooD Homepage.lnk - D:\vuk\JoWooD Productions Software AG.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MARVEL Super Heroes\Uninstall LEGO MARVEL Super Heroes.lnk - D:\vuk\LEGO MARVEL Super Heroes\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /i {BD2C175F-89BE-45E9-938E-0CF622EFF52A} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Cloud.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:start_menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files (x86)\Real\RealPlayer\realconverter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Downloader.lnk - C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Trimmer.lnk - C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy\Max Payne 2\Max Payne 2.lnk - C:\Program Files (x86)\Remedy\Max Payne 2\MaxPayne2_(zabranjeno)ed.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy\Max Payne 2\Uninstall.lnk - C:\Program Files (x86)\Remedy\Max Payne 2\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer\San Andreas Multiplayer.lnk - C:\Program Files (x86)\Rockstar Games\GTA San Andreas\samp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer\Uninstall.lnk - C:\Program Files (x86)\Rockstar Games\GTA San Andreas\SAMPUninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 10.0\Vegas Pro 10.0 Readme.lnk - D:\vuk\Readme\Vegas_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 10.0\Video Capture 6.0 Readme.lnk - D:\vuk\Readme\Videocapture_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Vegas Pro 11.0 (64-bit).lnk - D:\vuk\vegas110.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Vegas Pro 11.0 Readme.lnk - D:\vuk\Readme\Vegas_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Video Capture 6.0 Readme.lnk - D:\vuk\Readme\Videocapture_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - D:\vuk\Steam\Steam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tasty Planet\Uninstall Tasty Planet.lnk - D:\vuk\Tasty Planet\ReflexiveArcade\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 11\Read Me.lnk - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\README.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 11\Ulead VideoStudio 11.lnk - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\vstudio.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f145e786cf0c05ef\Torch.lnk - C:\Users\user6\AppData\Local\Torch\Application\torch.exe --profile-directory=Default
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Fraps.lnk - D:\Fraps\fraps.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Minecraft.lnk - C:\Users\user6\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\pes-2013-en.lnk - D:\Games\pes-2013-en.exe
C:\Users\user6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user6\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\user6\AppData\Local\Mozilla\Firefox\Profiles\g0r9vezx.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=430 folders=69 35929521 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\user6\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\user6\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 12/03/2014 at 22:30:05.38 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Besprekorno!
Mislim da je Mozilla restartovana.
Probao sam i Chrome, nigde ništa od reklama, ni u pokušaju. Very Happy

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Obavićemo još jednu provjeru.



Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Ko je trenutno na forumu
 

Ukupno su 653 korisnika na forumu :: 23 registrovanih, 3 sakrivenih i 627 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., amaterSRB, Boris90, branko7, dankisha, elenemste, GveX, ILGromovnik, mcgunner, Nekicoveculjak, neutralal.com, proleter373, royst33, ruma, Skywhaler, Toni, vathra, VES 11119, vlahale, voja64, zillbg, zuxbg