Kako deinstalirati Tencent Tecgnology QQ (kineski, maliciozni program)

1

Kako deinstalirati Tencent Tecgnology QQ (kineski, maliciozni program)

offline
  • Pridružio: 17 Mar 2016
  • Poruke: 8

Pri pokretanju windows-a pokrene se taj program, kada nešto prezmem sa interneta pojave mi se neka slova na kineskom i ne znam šta znače. Pokušavao sam da ga isključim pomoću Task Managera, da ga izbrisem ali nije uspelo. Slucajno sam ga instalirao pre par nedelja kada sam trazio neko uputsvo. Ne koristim ni jedan anti virus. Pokusavao sam da ga deistaliram pomocu raznih programa ali nije moglo da se deinstalira. Koristim ADSL internet telekom Srbija. Brzina sa speedtesta je: ping 31, download speed 9,13, upload speed 0,81.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lenovo (administrator) on LENOVO-B560 (17-03-2016 16:13:12)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMChExt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383568 2012-06-17] (Egis Technology Inc. )
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe [355296 2016-01-31] (Tencent)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\Run: [uTorrent] => C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-25] (Lavasoft)
HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMGCShellExt64.dll [2016-01-31] (Tencent)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-02-28]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
Hosts: 127.0.0.1 clients2.google.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{101F5347-9332-4533-9D51-F8CF59C3ACA5}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{8ECA9868-1982-4411-8B92-1E45943E9365}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97633303_hao_pg
HKU\S-1-5-21-2847302535-1913910683-647611769-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97633303_hao_pg
SearchScopes: HKU\S-1-5-21-2847302535-1913910683-647611769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2847302535-1913910683-647611769-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10195_swoc_campaign_151225__yaie&p={searchTerms}
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\JmdCADfC9kg0.dll [2015-12-18] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-05] (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2012-06-17] (Egis Technology Inc.)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSWebMon64.dat [2016-01-31] (Tencent)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-05] (Oracle Corporation)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\J9XxfYKVq7YT.dll [2015-12-18] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-05] (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll [2012-06-17] (Egis Technology Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-14] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-05] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-14] (Google Inc.)
Toolbar: HKU\S-1-5-21-2847302535-1913910683-647611769-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1454242299&z=7da319b6829bc0101a05f5cg0z2w6zfo7z5o4oet9e&from=cub&uid=WDCXWD5000BEVT-00A0RT0_WD-WX11A21F1259F1259

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istartpageing
FF SelectedSearchEngine: istartpageing
FF Homepage: hxxp://www.istartpageing.com/?type=hp&ts=1454242299&z=7da319b6829bc0101a05f5cg0z2w6zfo7z5o4oet9e&from=cub&uid=WDCXWD5000BEVT-00A0RT0_WD-WX11A21F1259F1259
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\npQMExtensionsMozilla.dll [2016-01-31] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\searchplugins\istartpageing.xml [2016-03-17]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\searchplugins\yahoo-lavasoft.xml [2015-12-25]
FF Extension: Quick Searcher - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-01-31] [not signed]
FF Extension: FirefixTab - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\deskCutv2@gmail.com [2016-01-31] [not signed]
FF Extension: YahooToolsProtected - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\yahooprotected@gmail.com [2016-01-31] [not signed]
FF Extension: TSearch - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-01-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2015-10-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\deskCutv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\yahooprotected@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.istartpageing.com/?type=sc&ts=1454242299&z=7da319b6829bc0101a05f5cg0z2w6zfo7z5o4oet9e&from=cub&uid=WDCXWD5000BEVT-00A0RT0_WD-WX11A21F1259F1259

Chrome:
=======
CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1454242299&z=7da319b6829bc0101a05f5cg0z2w6zfo7z5o4oet9e&from=cub&uid=WDCXWD5000BEVT-00A0RT0_WD-WX11A21F1259F1259
CHR StartupUrls: Default -> "hxxp://www.istartpageing.com/?type=hp&ts=1454242299&z=7da319b6829bc0101a05f5cg0z2w6zfo7z5o4oet9e&from=cub&uid=WDCXWD5000BEVT-00A0RT0_WD-WX11A21F1259F1259"
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-28]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (Quick Searcher) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cagkfnokdfofofnblbpfjnapdojmoffn [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (TSearch) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ialilpegnnfigbcggpbbdecdgencbfge [2016-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-28]
CHR Extension: (电脑管家上网防护) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-02-27]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-25] (Lavasoft Limited)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe [301728 2016-01-31] (Tencent)
U2 QQRepair900; C:\Windows\GJFix\QQRepair900 [136512 2016-03-17] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-03-17] ()
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-25] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUdisk64.sys [184536 2016-03-02] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQSysMonX64.sys [141112 2016-01-29] (电脑管家)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\softaal64.sys [35128 2016-01-31] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-03-17] ()
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89464 2016-01-31] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [131896 2016-01-31] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-01-31] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TS888x64.sys [28920 2016-03-17] (Tencent)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSDefenseBT64.sys [28984 2016-01-31] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [48440 2016-01-14] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2015-12-28] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSSysKit64.sys [87352 2016-01-31] (电脑管家)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 16:13 - 2016-03-17 16:13 - 00020081 _____ C:\Users\Lenovo\Downloads\FRST.txt
2016-03-17 16:12 - 2016-03-17 16:13 - 00000000 ____D C:\FRST
2016-03-17 16:12 - 2016-03-17 16:12 - 02374144 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2016-03-16 21:59 - 2016-03-16 21:59 - 00001759 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2016-03-16 21:59 - 2016-03-16 21:59 - 00001747 _____ C:\Users\Public\Desktop\Eraser.lnk
2016-03-16 21:59 - 2016-03-16 21:59 - 00000000 ____D C:\Program Files\Eraser
2016-03-16 21:58 - 2016-03-16 21:58 - 00772430 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-16 21:49 - 2016-03-16 21:50 - 08338384 _____ (The Eraser Project) C:\Users\Lenovo\Downloads\Eraser 6.2.0.2970.exe
2016-03-14 15:08 - 2016-03-14 15:08 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Macromedia
2016-03-14 15:07 - 2016-03-17 15:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-14 15:07 - 2016-03-14 15:07 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-14 15:07 - 2016-03-14 15:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-14 15:07 - 2016-03-14 15:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Google
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\ProgramData\Google
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\Program Files\Google
2016-03-14 15:06 - 2016-03-14 15:07 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2016-03-07 12:00 - 2016-03-07 12:06 - 00000000 ____D C:\Users\Lenovo\Desktop\mix trap
2016-03-06 13:26 - 2016-03-17 15:27 - 00000000 ____D C:\Windows\GJFix
2016-02-28 20:02 - 2016-03-14 15:07 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Adobe
2016-02-28 20:02 - 2016-02-28 20:02 - 00001172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
2016-02-28 20:02 - 2016-02-28 20:02 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
2016-02-28 20:01 - 2016-02-28 20:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-28 19:42 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-02-27 09:07 - 2016-02-27 09:07 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\talimama
2016-02-24 22:48 - 2016-02-24 22:59 - 06387488 _____ C:\Users\Lenovo\lean on loop.wav
2016-02-16 21:45 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 16:13 - 2015-12-25 19:57 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\uTorrent
2016-03-17 15:34 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-17 15:34 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-17 15:28 - 2016-01-31 13:24 - 00000000 ____D C:\ProgramData\TXQMPC
2016-03-17 15:27 - 2016-01-29 10:28 - 00000000 ____D C:\Users\Lenovo\AppData\LocalLow\uTorrent
2016-03-17 15:26 - 2016-02-03 10:20 - 00028920 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-03-17 15:25 - 2016-01-31 13:11 - 00000332 _____ C:\Windows\Tasks\Update Service for Torrent Search.job
2016-03-17 15:25 - 2015-10-28 20:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-17 15:25 - 2015-10-28 20:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-17 15:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-16 21:58 - 2009-07-14 06:13 - 00772430 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 21:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-16 21:19 - 2015-11-05 13:47 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Winamp
2016-03-16 21:19 - 2015-11-05 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-16 21:19 - 2015-10-28 21:05 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Downloaded Installations
2016-03-16 21:19 - 2015-10-28 20:10 - 00000000 ____D C:\Windows\Panther
2016-03-16 21:13 - 2015-10-28 20:58 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-16 21:13 - 2015-10-28 20:58 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-16 17:25 - 2016-01-31 13:11 - 00000332 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job
2016-03-14 15:07 - 2015-10-28 20:58 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Google
2016-03-14 15:07 - 2015-10-28 20:58 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-12 18:12 - 2016-01-31 13:23 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Tencent
2016-03-10 12:13 - 2015-11-05 18:26 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Skype
2016-03-07 12:01 - 2015-12-04 20:37 - 00000000 ____D C:\Users\Lenovo\Desktop\strana
2016-02-28 16:24 - 2015-12-04 20:37 - 00000000 ____D C:\Users\Lenovo\Desktop\nasa
2016-02-27 22:22 - 2016-01-03 15:59 - 00000000 ____D C:\Users\Lenovo\Downloads\programi
2016-02-27 21:26 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-27 00:48 - 2015-12-18 10:24 - 00000000 ____D C:\Users\Lenovo\Desktop\ako treba
2016-02-24 22:48 - 2015-10-28 19:20 - 00000000 ____D C:\Users\Lenovo
2016-02-22 12:28 - 2015-11-05 14:01 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-01-31 13:24 - 2016-01-31 13:24 - 0005120 _____ () C:\Users\Lenovo\AppData\Roaming\GiftBag.db
2016-01-31 13:12 - 2016-01-31 13:12 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 23:04

==================== End of FRST.txt ============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Zdravo,

Potrebno je da okacis i Addition log, kako je u uputstvu i bilo receno.

offline
  • Pridružio: 17 Mar 2016
  • Poruke: 8

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lenovo (2016-03-17 16:14:09)
Running from C:\Users\Lenovo\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-10-28 18:19:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2847302535-1913910683-647611769-500 - Administrator - Disabled)
Guest (S-1-5-21-2847302535-1913910683-647611769-501 - Limited - Disabled)
Lenovo (S-1-5-21-2847302535-1913910683-647611769-1000 - Administrator - Enabled) => C:\Users\Lenovo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 电脑管家系统防护 (Disabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Disabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AIDA64 Extreme v4.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.50 - FinalWire Ltd.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.1 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.1 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.1 - Egis Technology Inc.) Hidden
Counter-Strike Global Offensive No-Steam (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.34.7.6 - Valve Software)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.8 - Lenovo)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.71.5231 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TSearch (HKLM-x32\...\Torrent Search) (Version: 1.0.0.69 - Company Inc.) <==== ATTENTION
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version: - )
VirtualDJ 8 (HKLM-x32\...\{F7A68F9D-BBF0-48FF-B138-2EFB5165638C}) (Version: 8.0.2048.0 - Atomix Productions)
Web Companion (HKLM-x32\...\{a7b1bdc0-a665-4aae-a507-cf6dc86b27de}) (Version: 2.1.1265.2535 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.5 - Nullsoft, Inc)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
WinRAR 4.01 (HKLM-x32\...\WinRAR 4.01) (Version: - )
电脑管家11.3 (HKLM-x32\...\QQPCMgr) (Version: 11.3.17201.218 - 腾讯科技(深圳)有限公司) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {339A1570-DF91-49C8-B1B4-2ED364364AFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-28] (Google Inc.)
Task: {6113573B-AD27-4446-85B1-0774F15E3882} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-28] (Google Inc.)
Task: {86246633-5CB3-4B85-A3F1-A2DCAAF1EA5D} - System32\Tasks\Update Service for Torrent Search2 => C:\Program Files (x86)\Torrent Search\bWAeOsw.exe [2015-12-18] () <==== ATTENTION
Task: {DF1409D7-6035-4C94-86B1-AAB34A0E063F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-14] (Adobe Systems Incorporated)
Task: {E5CEBFFE-017D-4FF4-A31E-51A15E270DD2} - System32\Tasks\Update Service for Torrent Search => C:\Program Files (x86)\Torrent Search\bWAeOsw.exe [2015-12-18] () <==== ATTENTION
Task: {EF97C0B1-D82E-489F-8BD0-4D5B9685B251} - System32\Tasks\{35305742-A5E6-4412-BE41-06DB8207A1A5} => pcalua.exe -a "E:\MS Office 2007\setup.exe" -d "E:\MS Office 2007"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Update Service for Torrent Search.job => C:\Program Files (x86)\Torrent Search\bWAeOsw.exe <==== ATTENTION
Task: C:\Windows\Tasks\Update Service for Torrent Search2.job => C:\Program Files (x86)\Torrent Search\bWAeOsw.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-12-25 19:58 - 2015-12-25 19:58 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2011-05-28 22:05 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-28 21:15 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2015-10-28 21:15 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2016-01-31 13:23 - 2016-01-31 13:23 - 00108896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMAntiInject.dll
2016-01-31 13:23 - 2016-01-31 13:23 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\zlib.dll
2016-01-31 13:23 - 2016-01-31 13:23 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\sqlite.dll
2016-01-31 13:23 - 2016-01-31 13:23 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\tinyxml.dll
2016-01-31 13:23 - 2016-01-31 13:23 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2016-02-20 10:17 - 2016-02-19 17:36 - 00065008 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2016-01-31 13:23 - 2016-02-27 23:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\oDayProtect.dll
2016-01-31 13:23 - 2016-01-31 13:23 - 00121184 _____ () c:\program files (x86)\tencent\qqpcmgr\11.3.17201.218\qmrtpcontroller.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00113424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00044304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00272656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-12-25 19:58 - 2015-12-25 19:58 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-03-15 18:10 - 2016-03-08 03:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-15 18:10 - 2016-03-08 03:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-01-31 13:23 - 2016-01-31 13:23 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\libexpatw.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-01-31 13:11 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 clients2.google.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2847302535-1913910683-647611769-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{27FE60C7-90FF-40BA-ADCD-F3A5AB0DCB15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5BA397A-8F71-4A15-916C-CF88D83F2CD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B47C2F7E-BB42-4159-8F66-B1DD700503BE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{36FBCC4C-BF2F-4CD3-B16C-E73B3292AEED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1D3D6346-3821-4B68-81C2-15FD2CA4CFFF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CD0F96FE-C866-42CD-AB64-DAD5E7840605}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DAC2DF5B-9546-4062-A0A3-76AB7D31E2C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{AFC75B9D-1339-4D49-9464-3FBCB741B157}D:\programi\cs 1.6\hl.exe] => (Allow) D:\programi\cs 1.6\hl.exe
FirewallRules: [UDP Query User{2D875958-74B8-43C0-82E8-B8BA8BE458C9}D:\programi\cs 1.6\hl.exe] => (Allow) D:\programi\cs 1.6\hl.exe
FirewallRules: [{B2550E6A-A372-4118-899F-9BDEB320D082}] => (Allow) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{489D2628-9F8D-449F-B47C-9029187907AA}] => (Allow) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC11A008-56A6-49C7-80D0-9AE21F156F58}] => (Allow) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6964A60-93CE-4406-8C62-D10F4EC1BD88}] => (Allow) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE0C3956-217E-447B-88F8-E6B0F750A1AA}] => (Allow) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{932B653E-3973-44F0-A6FB-8BE4FABD526F}] => (Allow) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F9D0C46C-DF40-4468-8EDE-E0B5D3B96AFB}D:\programi\csss\hl.exe] => (Block) D:\programi\csss\hl.exe
FirewallRules: [UDP Query User{24B9F3CC-C311-478F-BC5E-CA6C8183BBDA}D:\programi\csss\hl.exe] => (Block) D:\programi\csss\hl.exe
FirewallRules: [TCP Query User{74A520AA-4269-4110-B8B9-B3304FD361D4}D:\programi\cs go\counter-strike global offensive\csgo.exe] => (Allow) D:\programi\cs go\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{C90989E4-D6B7-40FE-95A1-85B1EAD75DF5}D:\programi\cs go\counter-strike global offensive\csgo.exe] => (Allow) D:\programi\cs go\counter-strike global offensive\csgo.exe
FirewallRules: [{34D78D2A-49F0-490B-A567-D613778A1DD8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCmgrInstallGuide.exe
FirewallRules: [{5229CC85-CF4F-4FDE-A5B2-06DFF3F6802D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe
FirewallRules: [{923DAD24-8DB5-4FB5-A318-C2DE761A8C9A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCMgr.exe
FirewallRules: [{6030674E-E4A7-4887-8E4B-D16CBE124794}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{B97F2B9F-96B6-4B3F-A5AB-F9B693505089}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe
FirewallRules: [{45B46C63-CFEC-4586-961D-F57B345F0CDE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMDL.exe
FirewallRules: [{F8026F53-7AEF-4B9C-9DA3-6EA3F8590EA8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{32CE4793-D04C-4DD2-B556-BC14F4823D61}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\bugreport.exe
FirewallRules: [{0BCF25CF-A26E-44A6-8473-66958EC1F21A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCFileOpen.exe
FirewallRules: [{F408CAC4-5A91-43CA-ABFA-3191DCF51DFA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCLeakScan.exe
FirewallRules: [{6D634215-3756-40D3-B78D-B16D8EDBB830}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPConfig.exe
FirewallRules: [{88518FBF-9A23-4194-806B-C3044EB60B3B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCSoftMgr.exe
FirewallRules: [{B1C59577-91F4-4044-9B6E-2084758D8ED1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{4B5AC4C9-4778-4FD1-9120-B3157C43EBF7}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCBTU.exe
FirewallRules: [{D320291B-955E-4FD2-88A7-48DF5BB8D854}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCClinic.exe
FirewallRules: [{082316DE-0ACE-4880-BFBB-D95325DC061A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCLaunch.exe
FirewallRules: [{94968D06-7ECB-4B9A-8ABA-9C2A58D467F6}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{609660FC-33B1-47B6-A805-3F51E467D1E5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCSoftGame.exe
FirewallRules: [{D14E3846-3D1A-4A1E-8E5B-612CCC2EE446}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCSysOptimize.exe
FirewallRules: [{0A26B396-5F8E-47D7-AD2C-6D90146E59FA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCUpdateAVLib.exe
FirewallRules: [{29AA999E-D9F2-4753-B28F-6ECC8CA71922}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQRepair.exe
FirewallRules: [{47EDDB58-0C24-4644-8172-E5E3F26D9527}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCPatch.exe
FirewallRules: [{CC4D6C7B-0744-4C39-993C-5A814DFB784C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TpkUpdate.exe
FirewallRules: [{3C39A1AF-484F-4B86-AF9A-20FB9886822B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMRouterMgr.exe
FirewallRules: [{B39D4689-9722-4C31-9BFC-F0DCFE3B0BFB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMAccountProtection.exe
FirewallRules: [{63F523B5-5353-44A5-A5C0-238FFC9B3929}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMAdBlock.exe
FirewallRules: [{DC47DE00-C477-4CF4-985F-A743D420A412}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-03-2016 18:31:33 Scheduled Checkpoint
16-03-2016 21:51:19 Windows Update
16-03-2016 21:59:28 Installed Eraser 6.2.0.2970

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2016 03:27:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2016 10:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Eraser.exe, version: 6.2.0.2970, time stamp: 0x55e85985
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b
Exception code: 0xe0434352
Fault offset: 0x0000000000009e5d
Faulting process id: 0x1434
Faulting application start time: 0xEraser.exe0
Faulting application path: Eraser.exe1
Faulting module path: Eraser.exe2
Report Id: Eraser.exe3

Error: (03/16/2016 10:05:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Eraser.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at Eraser.DefaultPlugins.WindowsFileSystem.ObfuscateFileSystemInfoName(System.IO.FileSystemInfo)
at Eraser.DefaultPlugins.WindowsFileSystem.DeleteFileSystemInfo(System.IO.FileSystemInfo)
at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder(System.IO.DirectoryInfo, Eraser.Plugins.ProgressManager)
at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder(System.IO.DirectoryInfo, Eraser.Plugins.ProgressManager)
at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder(System.IO.DirectoryInfo, Eraser.Plugins.ProgressManager)
at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder()
at Eraser.DefaultPlugins.FolderErasureTarget.Execute()
at Eraser.Manager.Task.Execute()
at Eraser.Manager.DirectExecutor.Main()
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (03/16/2016 10:03:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Eraser.exe, version: 6.2.0.2970, time stamp: 0x55e85985
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b
Exception code: 0xe0434352
Fault offset: 0x0000000000009e5d
Faulting process id: 0xa58
Faulting application start time: 0xEraser.exe0
Faulting application path: Eraser.exe1
Faulting module path: Eraser.exe2
Report Id: Eraser.exe3

Error: (03/16/2016 10:03:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Eraser.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at Eraser.DefaultPlugins.WindowsFileSystem.ObfuscateFileSystemInfoName(System.IO.FileSystemInfo)
at Eraser.DefaultPlugins.WindowsFileSystem.DeleteFileSystemInfo(System.IO.FileSystemInfo)
at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder(System.IO.DirectoryInfo, Eraser.Plugins.ProgressManager)
at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder(System.IO.DirectoryInfo, Eraser.Plugins.ProgressManager)
at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder(System.IO.DirectoryInfo, Eraser.Plugins.ProgressManager)
at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder()
at Eraser.DefaultPlugins.FolderErasureTarget.Execute()
at Eraser.Manager.Task.Execute()
at Eraser.Manager.DirectExecutor.Main()
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (03/15/2016 05:32:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2016 02:03:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2016 01:59:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2016 06:14:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2016 09:27:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/17/2016 03:25:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QQRepairfb4 service to connect.

Error: (03/17/2016 03:25:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QQRepair1896 service to connect.

Error: (03/16/2016 10:11:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The BB11122844 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/15/2016 05:31:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QQRepair25e7 service to connect.

Error: (03/15/2016 05:31:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QQRepair231b service to connect.

Error: (03/14/2016 10:24:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The BB1115616 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/14/2016 02:02:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QQRepair1e3c service to connect.

Error: (03/14/2016 02:02:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:10:48 PM on ‎3/‎13/‎2016 was unexpected.

Error: (03/13/2016 02:00:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (03/13/2016 01:59:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QQRepair23ec service to connect.


CodeIntegrity:
===================================
Date: 2015-12-25 21:18:10.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 21:18:10.670
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 21:18:10.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 21:18:10.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 64%
Total physical RAM: 3828.51 MB
Available physical RAM: 1340.74 MB
Total Virtual: 7655.21 MB
Available Virtual: 4894.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:133.63 GB) (Free:91.59 GB) NTFS
Drive d: () (Fixed) (Total:332.03 GB) (Free:275.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D60808DA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=133.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Arrow Deinstaliraj:

TSearch preko Control Panela.

Arrow Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

-------

Arrow Postavi mi onda ponovo nove FRST logove, i Addition log ces cekirati i postaviti mi.

offline
  • Pridružio: 17 Mar 2016
  • Poruke: 8

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lenovo (administrator) on LENOVO-B560 (17-03-2016 20:25:45)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383568 2012-06-17] (Egis Technology Inc. )
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe" /regrun
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\Run: [uTorrent] => C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-25] (Lavasoft)
HKU\S-1-5-21-2847302535-1913910683-647611769-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-02-28]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 clients2.google.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{101F5347-9332-4533-9D51-F8CF59C3ACA5}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{8ECA9868-1982-4411-8B92-1E45943E9365}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-2847302535-1913910683-647611769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-05] (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2012-06-17] (Egis Technology Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-05] (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll [2012-06-17] (Egis Technology Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-14] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-05] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-14] (Google Inc.)
Toolbar: HKU\S-1-5-21-2847302535-1913910683-647611769-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [not found]
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\yahooprotected@gmail.com [not found]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2015-10-28] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-28]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (Google Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-28]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-25] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-25] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 QQRepair900; "C:\Windows\GJFix\QQRepair900" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
R1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsDefenseBT64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 20:19 - 2016-03-17 20:19 - 00016796 _____ C:\Users\Lenovo\Desktop\AdwCleaner[C1].txt
2016-03-17 20:15 - 2016-03-17 20:15 - 00000000 ____D C:\ProgramData\TXQMPC
2016-03-17 16:14 - 2016-03-17 20:20 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-17 16:14 - 2016-03-17 16:15 - 00029585 _____ C:\Users\Lenovo\Downloads\Addition.txt
2016-03-17 16:14 - 2016-03-17 16:14 - 01527296 _____ C:\Users\Lenovo\Desktop\AdwCleaner.exe
2016-03-17 16:13 - 2016-03-17 20:25 - 00013305 _____ C:\Users\Lenovo\Downloads\FRST.txt
2016-03-17 16:12 - 2016-03-17 20:25 - 00000000 ____D C:\FRST
2016-03-17 16:12 - 2016-03-17 16:12 - 02374144 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2016-03-16 21:59 - 2016-03-16 21:59 - 00001759 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2016-03-16 21:59 - 2016-03-16 21:59 - 00001747 _____ C:\Users\Public\Desktop\Eraser.lnk
2016-03-16 21:59 - 2016-03-16 21:59 - 00000000 ____D C:\Program Files\Eraser
2016-03-16 21:58 - 2016-03-16 21:58 - 00772430 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-16 21:49 - 2016-03-16 21:50 - 08338384 _____ (The Eraser Project) C:\Users\Lenovo\Downloads\Eraser 6.2.0.2970.exe
2016-03-14 15:08 - 2016-03-14 15:08 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Macromedia
2016-03-14 15:07 - 2016-03-17 18:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-14 15:07 - 2016-03-14 15:07 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-14 15:07 - 2016-03-14 15:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-14 15:07 - 2016-03-14 15:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Google
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\ProgramData\Google
2016-03-14 15:07 - 2016-03-14 15:07 - 00000000 ____D C:\Program Files\Google
2016-03-14 15:06 - 2016-03-14 15:07 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2016-03-07 12:00 - 2016-03-07 12:06 - 00000000 ____D C:\Users\Lenovo\Desktop\mix trap
2016-02-28 20:02 - 2016-03-14 15:07 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Adobe
2016-02-28 20:02 - 2016-02-28 20:02 - 00001172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
2016-02-28 20:02 - 2016-02-28 20:02 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
2016-02-28 20:01 - 2016-02-28 20:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-28 19:42 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-02-27 09:07 - 2016-02-27 09:07 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\talimama
2016-02-24 22:48 - 2016-02-24 22:59 - 06387488 _____ C:\Users\Lenovo\lean on loop.wav

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 20:24 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-17 20:24 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-17 20:22 - 2015-12-25 19:57 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\uTorrent
2016-03-17 20:17 - 2016-01-29 10:28 - 00000000 ____D C:\Users\Lenovo\AppData\LocalLow\uTorrent
2016-03-17 20:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-17 20:15 - 2015-12-25 19:59 - 00000000 ____D C:\searchplugins
2016-03-17 15:25 - 2015-10-28 20:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-17 15:25 - 2015-10-28 20:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-16 21:58 - 2009-07-14 06:13 - 00772430 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 21:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-16 21:19 - 2015-11-05 13:47 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Winamp
2016-03-16 21:19 - 2015-11-05 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-16 21:19 - 2015-10-28 21:05 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Downloaded Installations
2016-03-16 21:19 - 2015-10-28 20:10 - 00000000 ____D C:\Windows\Panther
2016-03-16 21:13 - 2015-10-28 20:58 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-16 21:13 - 2015-10-28 20:58 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-14 15:07 - 2015-10-28 20:58 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Google
2016-03-14 15:07 - 2015-10-28 20:58 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-10 12:13 - 2015-11-05 18:26 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Skype
2016-03-07 12:01 - 2015-12-04 20:37 - 00000000 ____D C:\Users\Lenovo\Desktop\strana
2016-02-28 16:24 - 2015-12-04 20:37 - 00000000 ____D C:\Users\Lenovo\Desktop\nasa
2016-02-27 22:22 - 2016-01-03 15:59 - 00000000 ____D C:\Users\Lenovo\Downloads\programi
2016-02-27 21:26 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-27 00:48 - 2015-12-18 10:24 - 00000000 ____D C:\Users\Lenovo\Desktop\ako treba
2016-02-24 22:48 - 2015-10-28 19:20 - 00000000 ____D C:\Users\Lenovo
2016-02-22 12:28 - 2015-11-05 14:01 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-01-31 13:24 - 2016-01-31 13:24 - 0005120 _____ () C:\Users\Lenovo\AppData\Roaming\GiftBag.db

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 23:04

==================== End of FRST.txt ============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe" /regrun
C:\Program Files (x86)\Tencent
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [No File]
C:\Program Files (x86)\Common Files\Tencent
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [not found]
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\yahooprotected@gmail.com [not found]
S2 QQRepair900; "C:\Windows\GJFix\QQRepair900" [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
R1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsDefenseBT64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
C:\searchplugins
C:\ProgramData\TXQMPC
Folder:C:\Windows\GJFix\
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 17 Mar 2016
  • Poruke: 8

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lenovo (2016-03-17 21:09:17) Run:1
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe" /regrun
C:\Program Files (x86)\Tencent
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [No File]
C:\Program Files (x86)\Common Files\Tencent
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [not found]
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\yahooprotected@gmail.com [not found]
S2 QQRepair900; "C:\Windows\GJFix\QQRepair900" [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
R1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsDefenseBT64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
C:\searchplugins
C:\ProgramData\TXQMPC
Folder:C:\Windows\GJFix\
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully
C:\Program Files (x86)\Tencent => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => key removed successfully
"C:\Program Files (x86)\Common Files\Tencent" => not found.
C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} => path removed successfully
C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\deskCutv2@gmail.com => path removed successfully
C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\05bjv17n.default\extensions\yahooprotected@gmail.com => path removed successfully
QQRepair900 => service removed successfully
SRepairDrv => service removed successfully
TSDefenseBt => Service stopped successfully.
TSDefenseBt => service removed successfully
tsnethlpx64 => service removed successfully
C:\searchplugins => moved successfully
C:\ProgramData\TXQMPC => moved successfully

========================= Folder:C:\Windows\GJFix\ ========================

not found.

====== End of Folder: ======

EmptyTemp: => 567.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:09:53 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Da li ima nekih problema?

offline
  • Pridružio: 17 Mar 2016
  • Poruke: 8

Ne sve je ok.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Odlicno.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 621 korisnika na forumu :: 16 registrovanih, 4 sakrivenih i 601 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel2, bojank, branko7, darios, djo97, dragoljub11987, Fog of War, ILGromovnik, Ilija Cvorovic, jaeger, kybonacci, mushroom, sakota79, scimitar19, Srki98, zlaya011