Malveru sa ruskog sajta

2

Malveru sa ruskog sajta

offline
  • SNooPy
  • informatika
  • Pridružio: 20 Apr 2009
  • Poruke: 310
  • Gde živiš: u fantaziji :)

Sad ne mogu da pristupim Google Chrome-u

evo loga

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by SnooPy (administrator) on TANJA (30-09-2015 21:16:32)
Running from C:\Users\SnooPy\Desktop
Loaded Profiles: SnooPy (Available Profiles: SnooPy)
Platform: Microsoft Windows 10 Pro (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.922.11070.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Bonus.SSR.FR11] => C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [933640 2012-01-19] (ABBYY.)
HKLM\...\Run: [ITSecMng] => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3528392 2015-08-19] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-14] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [Lync] => D:\Program Files\Microsoft Office\Office15\lync.exe [24111688 2015-08-12] (Microsoft Corporation)
HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\S-1-5-21-4212904740-3236283883-1755456372-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-14] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{02ead1aa-43f4-4fa2-b5bb-a7f38a818bda}: [NameServer] 194.106.162.10,194.106.162.3

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4212904740-3236283883-1755456372-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-14] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-25] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation)
FF SearchPlugin: C:\Users\SnooPy\AppData\Roaming\Mozilla\Firefox\Profiles\1yj3qbcf.default\searchplugins\google-avast.xml [2015-09-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-14]

Chrome:
=======
CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn9
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-30]
CHR Extension: (Avast SafePrice) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-30]
CHR Extension: (Avast Online Security) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-30]
CHR Extension: (Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilamgbdaebkbpkkmfmmfbnaamkhijdek [2015-09-30]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-30]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgafmdegfkhfdfkmllfefmcmcjllec [2015-09-30]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnooffjhclkocplopffdbcdghmiffhji [2015-09-30]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-14]
CHR HKLM\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-14] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290208 2015-07-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283552 2015-07-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [141968 2012-09-27] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-08-19] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files\FinalWire\AIDA64 Extreme\kerneld.x32 [33616 2015-03-23] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81728 2015-09-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-14] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [113592 2015-09-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-14] (AVAST Software)
S3 BazisVirtualCDBus; C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [121176 2015-06-03] (Sysprogs OU)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-06-16] (BlueStack Systems)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [193536 2015-07-10] (Microsoft Corporation)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [13224 2006-10-20] (Chicony)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35904 2015-06-26] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [55104 2012-07-18] (Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek )
R3 RtkBtFilter2; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [58112 2015-06-01] (Realtek Microelectronics)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3215360 2015-07-10] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-08-19] (Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [50280 2015-07-29] (Toshiba Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [22104 2015-05-25] (SplitmediaLabs Limited)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-30 20:49 - 2015-09-30 20:49 - 00016148 _____ C:\WINDOWS\system32\TANJA_SnooPy_HistoryPrediction.bin
2015-09-30 19:10 - 2015-09-30 21:16 - 00016647 _____ C:\Users\SnooPy\Desktop\FRST.txt
2015-09-30 16:29 - 2015-09-30 15:57 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-30 16:00 - 2015-09-30 16:31 - 00039378 _____ C:\zoek-results.log
2015-09-30 15:59 - 2015-09-30 15:59 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder (4)
2015-09-30 15:58 - 2015-09-30 15:59 - 04181362 _____ C:\Users\SnooPy\Downloads\zoek.zip
2015-09-30 15:57 - 2015-09-30 16:23 - 00000000 ____D C:\zoek_backup
2015-09-30 15:56 - 2015-09-30 15:56 - 01309184 _____ C:\Users\SnooPy\Desktop\zoek.exe
2015-09-29 23:43 - 2015-09-29 23:44 - 01696256 _____ (Farbar) C:\Users\SnooPy\Downloads\FRST (1).exe
2015-09-29 23:19 - 2015-09-29 23:19 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\SnooPy\Downloads\SpyHunter-Installer.exe
2015-09-29 22:30 - 2015-09-30 19:18 - 00031699 _____ C:\Users\SnooPy\Desktop\Addition.txt
2015-09-29 22:25 - 2015-09-29 22:32 - 00039097 _____ C:\Users\SnooPy\Downloads\Addition.txt
2015-09-29 22:22 - 2015-09-30 21:16 - 00000000 ____D C:\FRST
2015-09-29 22:22 - 2015-09-29 22:32 - 00042553 _____ C:\Users\SnooPy\Downloads\FRST.txt
2015-09-29 22:15 - 2015-09-29 22:16 - 01696256 _____ (Farbar) C:\Users\SnooPy\Desktop\FRST.exe
2015-09-29 21:51 - 2015-09-30 20:33 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-29 21:50 - 2015-09-29 21:50 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-29 21:50 - 2015-09-29 21:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-29 21:50 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-29 21:50 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-29 21:50 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-29 21:46 - 2015-09-29 21:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\SnooPy\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-29 21:38 - 2015-09-29 21:38 - 01670656 _____ C:\Users\SnooPy\Downloads\adwcleaner_5.009.exe
2015-09-29 21:36 - 2015-09-29 21:36 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (3).torrent
2015-09-29 21:36 - 2015-09-29 21:36 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (2).torrent
2015-09-29 21:36 - 2015-09-29 21:36 - 00002361 _____ C:\Users\SnooPy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk
2015-09-29 21:35 - 2015-09-29 21:35 - 00016065 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF (1).torrent
2015-09-29 21:34 - 2015-09-29 21:34 - 00016066 _____ C:\Users\SnooPy\Downloads\BCC89AE839A2497BEDA3EC7221D75106D67CBFAF.torrent
2015-09-29 21:34 - 2015-09-29 21:34 - 00000000 ____D C:\Users\SnooPy\Downloads\Flash SlideShow Maker Professional
2015-09-29 21:34 - 2015-09-29 21:34 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Вoйти в Интeрнет
2015-09-29 21:31 - 2015-09-29 21:35 - 06111234 _____ C:\Users\SnooPy\Downloads\Alivemedia.Flash.Slideshow.Maker.v1.2.9.2-BEAN.rar
2015-09-29 21:30 - 2015-09-29 21:30 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Поиcк в Интeрнете
2015-09-29 21:28 - 2015-09-29 21:28 - 00000000 ____D C:\Users\SnooPy\Downloads\Macromedia Flash 8 Professional
2015-09-29 21:28 - 2015-09-29 21:28 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\MailProducts
2015-09-29 21:27 - 2015-09-29 21:27 - 00016141 _____ C:\Users\SnooPy\Downloads\torrent -mach3 r3042040 torrent.torrent
2015-09-29 21:12 - 2015-09-29 21:16 - 08670724 _____ C:\Users\SnooPy\Downloads\NextWap.Net-Mach3_Cnc_+_License.rar.rar
2015-09-29 20:56 - 2015-09-29 20:56 - 01466880 _____ C:\Users\SnooPy\Downloads\Atom Pack v1.5.exe
2015-09-22 21:35 - 2015-09-22 21:36 - 00745390 _____ C:\Users\SnooPy\Downloads\shoutcast-dsp-2-3-4-windows.exe
2015-09-22 09:59 - 2015-09-26 23:23 - 04254904 _____ C:\Users\SnooPy\Desktop\milica.rar
2015-09-22 00:13 - 2015-09-22 00:13 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder (3)
2015-09-21 20:26 - 2015-09-21 20:26 - 00001210 _____ C:\Users\SnooPy\Desktop\AIDA64 Extreme.lnk
2015-09-21 20:26 - 2015-09-21 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2015-09-21 20:25 - 2015-09-21 20:25 - 00000000 ____D C:\Program Files\FinalWire
2015-09-21 20:24 - 2015-09-21 20:25 - 15630512 _____ (FinalWire Ltd. ) C:\Users\SnooPy\Downloads\aida64extreme520.exe
2015-09-20 01:52 - 2015-09-20 01:52 - 00006812 _____ C:\Users\SnooPy\Downloads\jjj1 (1).rar
2015-09-20 01:42 - 2015-09-20 01:42 - 00006812 _____ C:\Users\SnooPy\Downloads\jjj1.rar
2015-09-20 00:41 - 2015-09-26 23:22 - 00000000 ____D C:\Users\SnooPy\Desktop\milica
2015-09-19 23:36 - 2015-09-19 23:36 - 00004308 _____ C:\Users\SnooPy\Downloads\dbz_abridg_f1414352292.zip
2015-09-18 20:15 - 2015-09-18 20:15 - 07368965 _____ C:\Users\SnooPy\Downloads\TL-WN722N_V1_140918.zip
2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Sun
2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Users\SnooPy\.oracle_jre_usage
2015-09-18 18:55 - 2015-09-18 18:55 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-18 18:54 - 2015-09-18 18:54 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-09-18 18:54 - 2015-09-18 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-18 18:50 - 2015-09-18 18:50 - 00584288 _____ (Oracle Corporation) C:\Users\SnooPy\Downloads\JavaSetup8u60.exe
2015-09-18 14:37 - 2015-09-18 14:37 - 00042557 _____ C:\Users\SnooPy\Downloads\New-folder-3.rar
2015-09-18 14:32 - 2015-09-18 14:32 - 00008089 _____ C:\Users\SnooPy\Downloads\Untitled-1.rar
2015-09-18 14:28 - 2015-09-18 14:28 - 00035693 _____ C:\Users\SnooPy\Downloads\digimon1.rar
2015-09-18 14:26 - 2015-09-18 14:26 - 00044594 _____ C:\Users\SnooPy\Downloads\New-folder-2.rar
2015-09-18 14:12 - 2015-09-18 14:12 - 00101758 _____ C:\Users\SnooPy\Downloads\Digimon_Logo.rar
2015-09-18 14:09 - 2015-09-18 14:09 - 02204363 _____ C:\Users\SnooPy\Downloads\partytime.zip
2015-09-18 13:04 - 2015-09-18 13:04 - 01496299 _____ C:\Users\SnooPy\Downloads\templatemo_350_soft_link.rar
2015-09-16 15:53 - 2015-09-16 15:53 - 00337155 _____ C:\Users\SnooPy\Downloads\nije-mogla-da-je-ostavi-bebin-plac-vratio-majku-u-zivot-clanak-1933957.htm
2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ___RD C:\Users\SnooPy\3D Objects
2015-09-16 02:06 - 2015-09-16 02:06 - 19731964 _____ C:\Users\SnooPy\Downloads\free_css_full_site.zip
2015-09-15 23:25 - 2015-09-15 23:25 - 00549898 _____ C:\Users\SnooPy\Downloads\image-slider-widget.1.1.29.zip
2015-09-15 20:00 - 2015-09-15 20:00 - 04258324 _____ C:\Users\SnooPy\Downloads\MILICA-SAJT.zip
2015-09-15 15:29 - 2015-09-15 15:29 - 00000132 _____ C:\Users\SnooPy\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-09-15 15:27 - 2015-09-15 15:29 - 00000000 ____D C:\Users\SnooPy\AppData\Local\paint.net
2015-09-15 15:27 - 2015-09-15 15:27 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-09-15 15:27 - 2015-09-15 15:27 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk
2015-09-15 15:27 - 2015-09-15 15:27 - 00000000 ____D C:\Program Files\paint.net
2015-09-15 15:26 - 2015-09-15 15:26 - 06557455 _____ C:\Users\SnooPy\Downloads\paint.net.4.0.6.install.zip
2015-09-14 20:31 - 2015-09-14 20:31 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\AVAST Software
2015-09-14 20:29 - 2015-09-14 20:29 - 00002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-14 20:29 - 2015-09-14 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-14 20:28 - 2015-09-14 20:28 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-14 20:28 - 2015-09-14 20:28 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-14 20:28 - 2015-09-14 20:28 - 00113592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-09-14 20:28 - 2015-09-14 20:28 - 00081728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-09-14 20:28 - 2015-09-14 20:28 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-14 20:28 - 2015-09-14 20:28 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-14 20:28 - 2015-09-14 20:28 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-14 20:28 - 2015-09-14 20:27 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-14 20:28 - 2015-09-14 20:27 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-14 20:27 - 2015-09-14 20:27 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-14 20:23 - 2015-09-14 20:23 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-14 20:20 - 2015-09-14 20:20 - 05481336 _____ (Avast Software s.r.o.) C:\Users\SnooPy\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-09-14 20:00 - 2015-09-14 20:00 - 00302161 _____ C:\Users\SnooPy\Downloads\267198_492103620_CBS.rar
2015-09-13 23:02 - 2015-09-13 23:05 - 00000430 _____ C:\Users\SnooPy\.swfinfo
2015-09-13 01:35 - 2015-09-13 01:38 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder (2)
2015-09-11 19:57 - 2015-09-11 19:57 - 01100672 _____ C:\Users\SnooPy\Downloads\Kristijan Golubović - Skok na Zoricu Markovic i društvo - FARMA 6.mp4
2015-09-09 22:52 - 2015-09-09 22:52 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-09-09 02:18 - 2015-09-02 02:31 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 02:18 - 2015-09-02 02:30 - 01134080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 02:18 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 02:18 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 02:18 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 02:18 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 02:18 - 2015-08-27 07:19 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 02:18 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 02:18 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 02:18 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 02:18 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 02:18 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 02:18 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 02:18 - 2015-08-27 07:11 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 02:18 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 02:18 - 2015-08-27 07:10 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 02:18 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 02:17 - 2015-09-02 04:04 - 00069208 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 02:17 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-06 22:26 - 2015-09-06 22:26 - 00000000 ____D C:\Users\SnooPy\Documents\Adobe
2015-09-06 22:22 - 2015-09-06 22:22 - 00000000 ____D C:\Users\SnooPy\AppData\Local\4kdownload.com
2015-09-06 12:00 - 2015-09-06 12:00 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Macromedia
2015-09-06 11:55 - 2015-09-06 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-09-06 11:55 - 2015-09-06 11:57 - 00000000 ____D C:\Program Files\Common Files\Macromedia
2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\WINDOWS\system32\QuickTime
2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\ProgramData\Macromedia
2015-09-06 11:55 - 2015-09-06 11:55 - 00000000 ____D C:\Program Files\Macromedia
2015-09-06 11:54 - 2015-09-06 11:54 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-06 11:54 - 2015-09-06 11:54 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-09-06 02:06 - 2015-09-06 02:06 - 00000000 ____D C:\Users\SnooPy\Documents\Anvsoft
2015-09-06 02:06 - 2015-09-06 02:06 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Anvsoft
2015-09-04 21:21 - 2015-09-04 21:21 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-09-04 21:21 - 2015-09-04 21:21 - 00000000 ____D C:\Users\Public\Documents\Adobe
2015-09-04 00:23 - 2015-09-04 00:23 - 00000000 ____D C:\Users\SnooPy\Documents\My Smilebox Creations
2015-09-02 13:17 - 2015-09-18 13:56 - 00000000 ____D C:\Users\SnooPy\Desktop\New folder
2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ___RD C:\Program Files\Skype
2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-01 00:38 - 2015-09-01 00:38 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-01 00:31 - 2015-09-18 15:21 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-01 00:31 - 2015-09-18 15:21 - 00000986 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-01 00:31 - 2015-09-01 01:57 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\TeamViewer
2015-09-01 00:30 - 2015-09-18 15:21 - 00000000 ____D C:\Program Files\TeamViewer
2015-08-31 15:51 - 2015-08-31 15:51 - 00000000 ____D C:\Program Files\DIFX
2015-08-31 15:50 - 2015-08-31 15:50 - 00000000 ____D C:\adb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-30 21:06 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-30 21:05 - 2015-07-19 16:04 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-30 20:28 - 2015-07-19 16:12 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-30 20:13 - 2015-08-21 22:42 - 00104448 ___SH C:\Users\SnooPy\Downloads\Thumbs.db
2015-09-30 20:13 - 2015-08-17 23:21 - 00762368 ___SH C:\Users\SnooPy\Desktop\Thumbs.db
2015-09-30 20:06 - 2015-07-19 16:12 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-30 20:05 - 2015-08-19 01:55 - 00017966 _____ C:\WINDOWS\PFRO.log
2015-09-30 20:05 - 2015-07-10 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-30 20:04 - 2015-07-10 08:59 - 01835008 ___SH C:\WINDOWS\system32\config\BBI
2015-09-30 16:23 - 2015-08-19 02:08 - 00000000 ____D C:\Users\SnooPy
2015-09-30 16:23 - 2013-08-22 10:17 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-09-30 14:01 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-29 22:39 - 2015-07-10 10:28 - 00000000 __RSD C:\WINDOWS\Media
2015-09-29 22:37 - 2015-07-19 18:28 - 00000000 ____D C:\Program Files\ABBYY FineReader 11
2015-09-29 22:23 - 2015-07-23 00:08 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-29 22:23 - 2015-07-23 00:08 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-29 22:22 - 2015-07-19 16:14 - 00002196 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-29 21:40 - 2015-07-21 09:58 - 00000000 ____D C:\AdwCleaner
2015-09-29 21:37 - 2015-07-19 17:24 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\uTorrent
2015-09-29 12:37 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-09-25 20:42 - 2015-07-29 01:08 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Skype
2015-09-23 02:25 - 2015-07-19 16:10 - 00000000 ___DO C:\Users\SnooPy\SkyDrive
2015-09-22 09:31 - 2015-07-10 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-18 18:57 - 2015-07-19 17:39 - 00000000 ____D C:\ProgramData\Oracle
2015-09-18 18:54 - 2015-08-13 20:04 - 00000000 ____D C:\Program Files\Java
2015-09-17 19:01 - 2015-07-28 21:36 - 00000000 ____D C:\Users\SnooPy\Documents\VSO Downloader
2015-09-17 18:23 - 2015-08-19 02:22 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-17 02:23 - 2015-07-10 11:53 - 00021926 _____ C:\WINDOWS\setupact.log
2015-09-15 18:12 - 2015-07-10 10:29 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-15 18:12 - 2015-07-10 10:29 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-15 17:05 - 2015-08-29 16:23 - 00000132 _____ C:\Users\SnooPy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-09-15 16:02 - 2015-08-18 15:08 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Windows Live
2015-09-15 00:51 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\rescache
2015-09-15 00:30 - 2015-07-10 12:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-09-15 00:30 - 2015-07-10 12:42 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\fr-FR
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\Com
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\IME
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Help
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-15 00:30 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-15 00:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\de-DE
2015-09-14 21:52 - 2015-08-21 22:15 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-09-14 20:21 - 2015-07-23 15:42 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-13 10:37 - 2015-07-19 16:12 - 00000000 ____D C:\Users\SnooPy\AppData\Local\Google
2015-09-12 11:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\it-IT
2015-09-12 04:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\pt-BR
2015-09-12 03:48 - 2015-07-10 11:53 - 03613248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-12 03:47 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-10 20:29 - 2015-08-18 12:48 - 00000000 ____D C:\Users\SnooPy\Desktop\FOLDERS
2015-09-10 19:43 - 2015-07-19 16:12 - 00000000 ____D C:\Program Files\Google
2015-09-10 19:38 - 2015-08-20 18:41 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-09-10 19:37 - 2015-08-21 23:19 - 00000000 ____D C:\Program Files\Flash Slideshow Maker Professional
2015-09-10 19:37 - 2015-07-19 17:33 - 00000000 ____D C:\Program Files\Adobe
2015-09-09 23:11 - 2015-07-19 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-09 23:11 - 2015-07-19 17:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 23:10 - 2015-07-22 09:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 22:58 - 2013-08-22 08:13 - 00000167 _____ C:\WINDOWS\win.ini
2015-09-09 22:49 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\restore
2015-09-09 00:40 - 2015-07-22 07:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-07 23:11 - 2015-07-19 19:52 - 00000000 ____D C:\ProgramData\Temp
2015-09-06 22:26 - 2015-07-19 16:07 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Adobe
2015-09-06 12:00 - 2015-07-19 16:11 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\Macromedia
2015-09-06 11:51 - 2015-07-19 16:07 - 00000000 ____D C:\Users\SnooPy\AppData\Local\VirtualStore
2015-09-06 03:12 - 2015-07-19 16:50 - 00000000 ____D C:\Users\SnooPy\AppData\Roaming\BSplayer
2015-09-05 23:58 - 2015-07-19 17:33 - 00000000 ____D C:\ProgramData\Adobe
2015-09-05 08:01 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-01 00:38 - 2015-07-29 01:08 - 00002630 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-01 00:38 - 2015-07-29 01:08 - 00000000 ____D C:\ProgramData\Skype
2015-08-31 15:51 - 2015-07-19 18:14 - 00011818 _____ C:\WINDOWS\DPINST.LOG

==================== Files in the root of some directories =======

2015-09-15 15:29 - 2015-09-15 15:29 - 0000132 _____ () C:\Users\SnooPy\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-08-29 16:23 - 2015-09-15 17:05 - 0000132 _____ () C:\Users\SnooPy\AppData\Roaming\Adobe PNG Format CS6 Prefs

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-25 11:48

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

online
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8452
  • Gde živiš: Novi Beograd

Odakle si sad pisao? Da li dobijas neku poruku prilikom pokretanja Chroma?

offline
  • SNooPy
  • informatika
  • Pridružio: 20 Apr 2009
  • Poruke: 310
  • Gde živiš: u fantaziji :)

Sad sam na ovom Edge... Ne dobijam nikakvu poruku, jednostavno nece da ga pokrene... Tri sekunde vrti I ne otvara. Sa Edge-a prilikom kucanja bilo gde (na forum, na fb) zamrzava na par sekundi

online
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8452
  • Gde živiš: Novi Beograd

Idemo svom snagom.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CHR Extension: (Avast SafePrice) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-30]
CHR HKLM\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - hxxps://clients2.google.com/service/update2/crx


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
-------
Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.


- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.




• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.


• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.




Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

-------
Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt
------
Preuzmi Junkware Removal Tool ( JRT ) i sacuvaj ga na desktop.

zatvori browser i ostale pokrenute programe;
Jel potrebno navesti napomenu za duzinu scana? Da postavim ovaj PG ili nema potrebe za tim?

Privremeno deaktiviraj zastitni softver (Uputstvo);

dvoklikom na ikonicu ( )pokreni program JRT;

Kod obavestenja "press any key" pritisnuti bilo koji taster i alat ce zapoceti skeniranje.
Napomena: u ovisnosti od sistemske specifikacije vreme skeniranja u nekim slucajevima moze da potraje.

Kada zavrsi otvorice se log sa izvestajem koji ce biti sacuvan na desktopu pod nazivom JRT.txt


Arrow Kopiraj sadrzaj tog loga u temu.

offline
  • SNooPy
  • informatika
  • Pridružio: 20 Apr 2009
  • Poruke: 310
  • Gde živiš: u fantaziji :)

Napisano: 30 Sep 2015 23:19

Evo, idem redom, najpre ovo prvo

Fix result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01
Ran by SnooPy (2015-09-30 23:12:05) Run:3
Running from C:\Users\SnooPy\Desktop
Loaded Profiles: SnooPy (Available Profiles: SnooPy)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CHR Extension: (Avast SafePrice) - C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-30]
CHR HKLM\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - hxxps://clients2.google.com/service/update2/crx
*****************

C:\Users\SnooPy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ilamgbdaebkbpkkmfmmfbnaamkhijdek" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ofdgafmdegfkhfdfkmllfefmcmcjllec" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pnooffjhclkocplopffdbcdghmiffhji" => key removed successfully.

==== End of Fixlog 23:12:06 ====

Dopuna: 30 Sep 2015 23:46

Evo loga i od malwarebyte-a. Nije nasao nista. Usput, ososobio se Google Chrome, nema vise onih gamadi u dodacima....

https://www.mycity.rs/must-login.png

Dopuna: 01 Okt 2015 0:01

Sad je sledece stanje. Otvara bez problema chrome, nema onih gamadi, ali mi kod svakog paljenja racunara opet vrti oko kursora, kao da ucitava nesto (i na pocetku i u toku rada u Google Chrome) i automatski mi otvara ovo da konfigurisem



Evo loga i od adw cleanera.

https://www.mycity.rs/must-login.png

Dopuna: 01 Okt 2015 0:11

Evo i zadnjeg loga

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Pro x86
Ran by SnooPy on Thu 10/01/2015 at 0:03:22.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\amigo.lnk
Successfully deleted: [File] C:\Users\SnooPy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\amigo.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Users\SnooPy\AppData\Roaming\mailproducts



~~~ Chrome


[C:\Users\SnooPy\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\SnooPy\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\SnooPy\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\SnooPy\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/01/2015 at 0:09:08.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dopuna: 02 Okt 2015 19:32

Treba li jos nesto da radim, da li je ovo sve? Racunar radi ok, mada opet, prilikom posete svakoj stranici, vrti krug oko kursora i kao da sporije ucitava...

online
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8452
  • Gde živiš: Novi Beograd

Zdravo, izvini na cekanju. Komp je cist. Mozes ukloniti programe koje smo koristili. Obicno to radimo preko posebnog programa, ali ne podrzava Win 10, pa ces morati rucno.

Za taj problem oko otvaranja Settings app. ti ne mogu pomoci, posto ne koristim Win 10, i nije vezano za malware. Vidim da kod Windowsa 10 postoji neka opcija resetovanja i vracanja na osnovna podesavanja pri cemu se cuvaju tvoji fajlovi, pa bas ukoliko ti smeta, mozes to probati, ali ces izgubiti instalirane programe, drajvere...

offline
  • SNooPy
  • informatika
  • Pridružio: 20 Apr 2009
  • Poruke: 310
  • Gde živiš: u fantaziji :)

Znam za to rucno uklanjanje, a evo sad cu sve ukloniti. A resen je problem sa Setting app, jednostavnim postavljanjem podrazumevanih programa, umesto ovih sto su obrisani... Hvala puno!

online
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8452
  • Gde živiš: Novi Beograd

Drago mi je da je i to sa Settings app reseno.

Pozdrav

Ko je trenutno na forumu
 

Ukupno su 746 korisnika na forumu :: 30 registrovanih, 3 sakrivenih i 713 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Sale, A.R.Chafee.Jr., Apok, babaroga, bojank, Djokislav, elenemste, goxin, helen1, HrcAk47, kayvan6079, kybonacci, Lieutenant, Lucije Kvint, Marko Marković, MB120mm, Milan A. Nikolic, Mlav, Najax, nemkea71, pein, Polemarchoi, stegonosa, Tas011, vasa.93, Vlada1389, vlahale, Werdum1, zlaya011