Provera

1

Provera

offline
  • Pridružio: 07 Feb 2015
  • Poruke: 12

mislim da je zarazen virusima pokusava da pokrene autorun sam od sebe i jako je spor komp

mycity.rs/must-login.png




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by HP (administrator) on HP-A7CE0100E4A4 on 07-02-2015 13:54:05
Running from C:\Documents and Settings\HP\Desktop
Loaded Profiles: HP (Available profiles: HP)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SoundMan.exe
(RealTek Semicoductor Corp.) C:\WINDOWS\alcwzrd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\Alcmtr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(SkypEmoticons) C:\Documents and Settings\HP\Application Data\SkypEmoticons\SE.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2006-07-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2006-05-04] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
HKLM\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\PROGRA~1\ELITEU~1\bar\1.bin\AppIntegrator.exe
HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\...\Run: [se] => C:\Documents and Settings\HP\Application Data\SkypEmoticons\SE.exe [5679008 2014-11-25] (SkypEmoticons)
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = sweet-page.com/web/?type=ds&ts=1416.....750&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = sweet-page.com/web/?type=ds&ts=1416.....750&q={searchTerms}
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 - (No Name) - {b287e6b2-868b-4ac1-acce-c69eb5fd29d1} - No File
SearchScopes: HKLM -> {a0892e19-6051-4ae6-9a5f-91542a166b2b} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^BBQ^man000^YYA^&ptb=3256EFDE-7372-4EB5-9E92-D7E56A176167&ind=2015012303&n=781aa5cf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.searchoholic.info/?l=1&q={searchTerms}&pid=2457&r=2015/01/02&hid=6944045236329602470&lg=EN&cc=RS&unqvl=72
SearchScopes: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> {a0892e19-6051-4ae6-9a5f-91542a166b2b} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^BBQ^man000^YYA^&ptb=3256EFDE-7372-4EB5-9E92-D7E56A176167&ind=2015012303&n=781aa5cf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.searchoholic.info/?l=1&q={searchTerms}&pid=2457&r=2015/01/02&hid=6944045236329602470&lg=EN&cc=RS&unqvl=72
Toolbar: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 91.102.231.241 91.102.231.242

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchoholic.info/?pid=2457&r=2015/01/02&hid=6944045236329602470&lg=EN&cc=RS&unqvl=72&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_93.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1645522239-1425521274-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\HP\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default\user.js
FF SearchPlugin: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-18]
FF Extension: No Name - C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Post to WordPress) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej [2014-12-02]
CHR Extension: (Free Visio Viewer) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-01-02]
CHR Extension: (SEO Global For Google Search) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2014-12-16]
CHR Extension: (Jobisjob Alerts) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf [2014-12-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-23] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [391472 2013-06-26] (Ralink Technology, Corp.)
S2 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S2 24c54e38; No ImagePath
S2 EliteUnzip_aaService; C:\PROGRA~1\ELITEU~1\bar\1.bin\aabarsvc.exe [X]
S2 IePluginServices; No ImagePath
S2 WindowsMangerProtect; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-18] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2015-01-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-18] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-01-23] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2015-01-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-18] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-18] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-18] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-18] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-18] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-18] ()
R2 bdfsfltr; C:\WINDOWS\system32\Drivers\bdfsfltr.sys [356368 2013-11-21] (BitDefender)
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5672032 2007-01-13] (Intel Corporation) [File not signed]
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1674056 2013-11-22] (Ralink Technology, Corp.)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [26336 2012-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 13:51 - 2015-02-07 13:53 - 00018652 _____ () C:\Documents and Settings\HP\Desktop\Addition.txt
2015-02-07 13:47 - 2015-02-07 13:55 - 00012214 _____ () C:\Documents and Settings\HP\Desktop\FRST.txt
2015-02-07 13:47 - 2015-02-07 13:54 - 00000000 ____D () C:\FRST
2015-02-07 13:07 - 2015-01-27 20:27 - 01044040 _____ (Mindspark) C:\Program Files\aaUninstall Elite Unzip.dll
2015-02-07 13:07 - 2015-01-27 20:27 - 00198016 _____ (Mindspark) C:\Program Files\aares.dll
2015-02-07 12:57 - 2015-02-07 12:57 - 01123328 _____ (Farbar) C:\Documents and Settings\HP\Desktop\FRST.exe
2015-02-05 08:50 - 2015-02-07 13:42 - 00003206 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-28 11:08 - 2015-01-28 11:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini012815-01.dmp
2015-01-28 10:55 - 2015-01-28 10:55 - 00000000 ____D () C:\Games
2015-01-28 10:55 - 2015-01-28 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\World of Tanks
2015-01-27 21:24 - 2015-01-27 21:24 - 00000000 ____D () C:\Documents and Settings\HP\Local Settings\Application Data\Mindspark_Interactive_Net
2015-01-24 08:31 - 2015-01-24 08:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-24 08:30 - 2015-01-24 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-01-23 10:02 - 2015-01-23 10:02 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-01-23 10:01 - 2015-01-23 10:01 - 00253640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2015-01-23 10:01 - 2015-01-23 10:01 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-01-23 10:01 - 2015-01-23 10:01 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2015-01-23 10:01 - 2015-01-18 09:23 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-23 09:52 - 2015-01-23 09:53 - 00000000 ____D () C:\Documents and Settings\HP\Application Data\InternetSpeedTracker_9t
2015-01-23 09:52 - 2015-01-23 09:52 - 00000000 ____D () C:\Documents and Settings\HP\Local Settings\Application Data\IAC
2015-01-23 09:51 - 2015-01-23 09:51 - 00000000 ____D () C:\Program Files\InternetSpeedTracker_9t
2015-01-18 09:26 - 2015-01-23 10:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-01-18 09:26 - 2015-01-18 09:26 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-01-18 09:26 - 2015-01-18 09:26 - 00000000 ____D () C:\Documents and Settings\HP\Application Data\AVAST Software
2015-01-18 09:25 - 2015-02-07 13:48 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-18 09:24 - 2015-01-18 09:26 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-18 09:24 - 2015-01-18 09:26 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-18 09:24 - 2015-01-18 09:25 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-18 09:24 - 2015-01-18 09:23 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-18 09:24 - 2015-01-18 09:23 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-18 09:24 - 2015-01-18 09:23 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-01-18 09:24 - 2015-01-18 09:23 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-18 09:24 - 2015-01-18 09:23 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-18 09:23 - 2015-01-18 09:23 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-14 11:54 - 2015-01-29 07:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 13:55 - 2014-06-21 09:29 - 00000000 ____D () C:\Documents and Settings\HP\Local Settings\Temp
2015-02-07 13:52 - 2014-11-10 22:04 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 13:51 - 2014-06-21 10:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-07 13:46 - 2014-06-21 09:23 - 01231957 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-07 13:42 - 2014-11-25 17:42 - 00000670 ____H () C:\WINDOWS\Tasks\SoftwareEnforcer-S-2976510679.job
2015-02-07 13:42 - 2014-11-10 22:04 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 13:42 - 2014-07-15 13:14 - 00000000 ____D () C:\Program Files\IObit
2015-02-07 13:42 - 2014-07-15 13:14 - 00000000 ____D () C:\Documents and Settings\HP\Application Data\IObit
2015-02-07 13:42 - 2014-06-21 09:40 - 00000402 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403339935.job
2015-02-07 13:42 - 2014-06-21 09:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-07 13:41 - 2014-06-21 09:29 - 00000178 ___SH () C:\Documents and Settings\HP\ntuser.ini
2015-02-07 13:14 - 2014-11-10 22:04 - 00000000 ____D () C:\Program Files\Google
2015-02-07 13:14 - 2014-11-10 22:04 - 00000000 ____D () C:\Documents and Settings\HP\Local Settings\Application Data\Google
2015-02-07 13:00 - 2014-07-15 13:18 - 00000000 ____D () C:\Documents and Settings\HP\My Documents\Преузимања
2015-02-07 09:15 - 2014-11-26 23:10 - 19083264 _____ () C:\WINDOWS\system32\config\software.iobit
2015-02-07 09:15 - 2014-11-26 23:10 - 00270336 _____ () C:\WINDOWS\system32\config\default.iobit
2015-02-07 09:15 - 2014-11-26 23:10 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-02-07 09:15 - 2014-11-26 23:10 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-02-07 09:15 - 2014-06-21 09:29 - 00000000 ____D () C:\Documents and Settings\HP
2015-02-07 09:15 - 2014-06-21 09:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-07 09:15 - 2014-06-21 09:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-07 08:45 - 2014-11-11 18:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-02-07 08:42 - 2001-08-23 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-06 21:39 - 2014-12-14 18:55 - 00081920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.VER
2015-02-06 13:12 - 2014-07-15 13:48 - 00000000 ____D () C:\Documents and Settings\HP\Application Data\Winamp
2015-02-05 17:52 - 2014-06-21 10:00 - 00767152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 17:52 - 2014-06-21 10:00 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-03 20:18 - 2014-06-21 09:38 - 00000000 ____D () C:\Program Files\Opera
2015-01-28 11:08 - 2014-11-11 17:51 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-28 10:57 - 2015-01-02 12:35 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-28 10:57 - 2014-06-21 09:22 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-01-24 08:33 - 2014-07-15 13:44 - 00000000 ____D () C:\Program Files\Java
2015-01-24 08:30 - 2014-11-10 19:43 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-01-24 08:30 - 2014-11-10 19:43 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-01-24 08:30 - 2014-11-10 19:43 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-01-24 08:30 - 2014-11-10 19:43 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-01-24 08:30 - 2014-11-10 19:43 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-01-23 17:35 - 2014-07-15 13:10 - 00000000 ____D () C:\Documents and Settings\HP\Application Data\uTorrent
2015-01-20 18:24 - 2014-06-21 09:24 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-01-18 19:29 - 2014-11-10 22:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-01-18 19:15 - 2014-06-21 09:40 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-18 19:15 - 2014-06-21 09:40 - 00000000 ____D () C:\Documents and Settings\HP\Start Menu\Programs\WinRAR
2015-01-18 19:15 - 2014-06-21 09:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-01-18 09:22 - 2014-11-10 22:02 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-18 09:22 - 2014-06-21 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-01-14 16:22 - 2014-07-15 13:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 14:32 - 2014-11-10 15:27 - 00000000 ____D () C:\Documents and Settings\HP\Desktop\slike

==================== Files in the root of some directories =======

2015-02-07 13:07 - 2015-01-27 20:27 - 0198016 _____ (Mindspark) C:\Program Files\aares.dll
2015-02-07 13:07 - 2015-01-27 20:27 - 1044040 _____ (Mindspark) C:\Program Files\aaUninstall Elite Unzip.dll
2014-06-21 09:39 - 2008-03-09 06:25 - 0000236 _____ () C:\Program Files\Common Files\dx.reg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================







mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav,

Ostani sa mnom do kraja dok ti ne kazem da je sistem cist i dok ne uklonimo sve nase alate.

Prvo sto trebas da uradis jeste da iz Start > Control Panel > Add or Remove programs da pronadjes i deinstaliras (uninstall) sledece programe:

- CheapMe
- Fun2Save
- Happy2Save
- Internet Speed Tracker Internet Explorer Toolbar
- PremiumEnhancer
- SkypEmoticons
- WindowsMangerProtect20.0.0.1270
- YoutubeAdBlocke



Ukoliko nesto odbije deinstalaciju preskoci ga i predji na sledeci. Probaj ponovo te sto su odbijali po restartu da deinstaliras.

U svakom slucaju, kada ono gore zavrsis sta budes mogao, odradi sledece:






1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);

Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.


------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 07 Feb 2015
  • Poruke: 12

Napisano: 07 Feb 2015 15:41

uspeo sam da obrisem samo skypemoticons i Internet Speed Tracker Internet Explorer Toolbar ovo ostalo nema u remove
mycity.rs/must-login.png



ComboFix 15-02-02.01 - HP 07.02.2015 15:23:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.705 [GMT 1:00]
Running from: c:\documents and settings\HP\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\17289220952139895396
c:\documents and settings\All Users\Application Data\17289220952139895396\4ff6e7b3db4d05d4605e3459efab5da6.ini
c:\documents and settings\All Users\Application Data\17289220952139895396\cd5b15e575e1c3d0605e3459efab5da6.ini
c:\documents and settings\All Users\Application Data\CheapMe
c:\documents and settings\All Users\Application Data\CheapMe\KJ2T8zvxcyUTv1.dat
c:\documents and settings\All Users\Application Data\CheapMe\KJ2T8zvxcyUTv1.tlb
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej\226\background.html
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej\226\content.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej\226\lsdb.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej\226\manifest.json
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej\226\sIDiGe.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe\124\background.html
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe\124\content.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe\124\lsdb.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe\124\manifest.json
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe\124\sn3HNMt.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\160\background.html
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\160\content.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\160\J.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\160\lsdb.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\160\manifest.json
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\162\background.html
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\162\content.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\162\e.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\162\lsdb.js
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\162\manifest.json
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blgnpjchilldinhddajlbjnmpkbpmidh_0.localstorage
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhmhfcfbheceghfbfjgkjnlhooadpnej_0.localstorage
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igiofjhpmpihnifddepnpngfjhkfenbp_0.localstorage
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_imgfjjdelgoiojjccjgljfofnlmnjgch_0.localstorage
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mcpmofnlkemfkhgngcdppgbhncoflmpe_0.localstorage
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojgmigafbpedhdilmemphfklkbghlphi_0.localstorage
c:\documents and settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plmlpbcjkpppncefeoongifnpinjmegf_0.localstorage
.
.
((((((((((((((((((((((((( Files Created from 2015-01-07 to 2015-02-07 )))))))))))))))))))))))))))))))
.
.
2015-02-07 12:47 . 2015-02-07 13:00 -------- d-----w- C:\FRST
2015-02-07 12:07 . 2015-01-27 19:27 198016 ----a-w- c:\program files\aares.dll
2015-02-07 12:07 . 2015-01-27 19:27 1044040 ----a-w- c:\program files\aaUninstall Elite Unzip.dll
2015-01-28 09:55 . 2015-01-30 16:34 -------- d-----w- c:\windows\Logs
2015-01-28 09:55 . 2015-01-28 09:55 -------- d-----w- C:\Games
2015-01-27 20:24 . 2015-01-27 20:24 -------- d-----w- c:\documents and settings\HP\Local Settings\Application Data\Mindspark_Interactive_Net
2015-01-24 07:31 . 2015-01-24 07:31 -------- d-----w- c:\program files\Common Files\Java
2015-01-24 07:30 . 2015-01-24 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Oracle
2015-01-23 09:01 . 2015-01-23 09:01 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-01-23 09:01 . 2015-01-23 09:01 253640 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2015-01-23 09:01 . 2015-01-18 08:23 291352 ----a-w- c:\windows\system32\aswBoot.exe
2015-01-23 09:01 . 2015-01-23 09:01 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2015-01-23 08:52 . 2015-01-23 08:52 -------- d-----w- c:\documents and settings\HP\Local Settings\Application Data\IAC
2015-01-23 08:52 . 2015-01-23 08:53 -------- d-----w- c:\documents and settings\HP\Application Data\InternetSpeedTracker_9t
2015-01-23 08:51 . 2015-01-23 08:51 -------- d-----w- c:\program files\InternetSpeedTracker_9t
2015-01-18 08:26 . 2015-01-18 08:26 -------- d-----w- c:\documents and settings\HP\Application Data\AVAST Software
2015-01-18 08:26 . 2015-01-18 08:26 -------- d-----w- c:\windows\jumpshot.com
2015-01-18 08:24 . 2015-01-18 08:23 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-01-18 08:24 . 2015-01-18 08:23 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-01-18 08:24 . 2015-01-18 08:26 73480 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-01-18 08:24 . 2015-01-18 08:25 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-01-18 08:24 . 2015-01-18 08:23 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-01-18 08:24 . 2015-01-18 08:23 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-01-18 08:24 . 2015-01-18 08:23 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-01-18 08:24 . 2015-01-18 08:26 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-01-18 08:23 . 2015-01-18 08:23 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-06 20:39 . 2014-12-14 17:55 81920 ----a-w- c:\windows\ALCFDRTM.VER
2015-02-05 16:52 . 2014-06-21 09:00 767152 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 16:52 . 2014-06-21 09:00 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 07:30 . 2014-11-10 18:43 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-01-24 07:30 . 2014-11-10 18:43 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-12-14 17:55 . 2014-12-14 17:55 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2014-11-11 16:49 . 2014-11-11 16:49 319488 ----a-w- c:\windows\HideWin.exe
2008-03-09 05:25 . 2014-06-21 08:39 236 ----a-w- c:\program files\Common Files\dx.reg
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-18 08:23 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-23 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2014-7-15 15661872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ralink\\Common\\RaMediaServer.exe"=
"c:\\Program Files\\Ralink\\Common\\RaUI.exe"=
"c:\\Documents and Settings\\HP\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [23.1.2015 10:01 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [23.1.2015 10:01 253640]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [18.1.2015 9:24 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [18.1.2015 9:24 206248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [23.1.2015 10:01 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [18.1.2015 9:24 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [18.1.2015 9:24 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [18.1.2015 9:24 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [18.1.2015 9:24 73480]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [23.1.2015 10:01 104416]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [15.7.2014 13:05 26336]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [11.11.2014 11:53 4799760]
S2 24c54e38;DeltaFix; [x]
S2 EliteUnzip_aaService;Elite UnzipService;c:\progra~1\ELITEU~1\bar\1.bin\aabarsvc.exe --> c:\progra~1\ELITEU~1\bar\1.bin\aabarsvc.exe [?]
S2 IePluginServices;IePlugin Services; [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [11.11.2014 18:24 2630432]
S2 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [15.7.2014 13:05 1863680]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.4.2014 19:21 315008]
S2 WindowsMangerProtect;WindowsMangerProtect Service; [x]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [18.7.2014 17:04 11440]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - APPMGMT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-18 18:25 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-21 16:52]
.
2015-02-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-18 08:23]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-10 21:04]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-10 21:04]
.
2015-02-07 c:\windows\Tasks\Opera scheduled Autoupdate 1403339935.job
- c:\program files\Opera\launcher.exe [2014-06-21 09:23]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 91.102.231.241 91.102.231.242
FF - ProfilePath - c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchoholic.info/?pid=2457&r=2015/01/02&hid=6944045236329602470&lg=EN&cc=RS&unqvl=72&l=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Elite Unzip AppIntegrator 32-bit - c:\progra~1\ELITEU~1\bar\1.bin\AppIntegrator.exe
AddRemove-{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38} - c:\progra~1\DeltaFix\DeltaFix.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2015-02-07 15:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_93_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_93_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-02-07 15:34:17
ComboFix-quarantined-files.txt 2015-02-07 14:34
.
Pre-Run: 22.506.708.992 bytes free
Post-Run: 23.449.841.664 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7411D72A063C481A5AB7A990F34312F9
8F558EB6672622401DA993E1E865C861




mycity.rs/must-login.png

Dopuna: 07 Feb 2015 17:34

izbrisao mi se adobe flash player kako da instaliram novi?

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Slobodno instaliraj adobe azuriranje.

Preuzmi smeenk-ov zoek () sa ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

FilesRCM;
c:\program files\aares.dll;f
c:\program files\aaUninstall Elite Unzip.dll;f
Uninstall-List;
c:\progra~1\ELITEU~1;fs
Reboot;
24c54e38;s
EliteUnzip_aaService;s
IePluginServices;s
WindowsMangerProtect;s
EmptyFoldersCheck;Delete
AutoClean;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 07 Feb 2015
  • Poruke: 12

Napisano: 08 Feb 2015 17:57

Zoek.exe v5.0.0.0 Updated 07-February-2015
Tool run by HP on ned 08.02.2015 at 17:00:39,64.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\HP\My Documents\??????????\zoek(1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8.2.2015 17:03:08 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\DeltaFix deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully
C:\Documents and Settings\HP\Application Data\Google deleted successfully
C:\Documents and Settings\HP\Application Data\Lavasoft deleted successfully
C:\Documents and Settings\HP\Local Settings\Application Data\Adobe deleted successfully
C:\Documents and Settings\HP\Local Settings\Application Data\GHISLER deleted successfully

Dopuna: 08 Feb 2015 17:58

cim pokusam da uradim ono sto si napisao izbaci mi da on i dalje radi i samo stisnem ok

Dopuna: 08 Feb 2015 18:00

i nije mi zatrazio restart a cim izadjem iz programa non stop otvara

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Ne vredi mi nezavrseni izvestaj. Moras sacekati da alat kompletno zavrsi sa radom. Tek onda iskopiraj sadrzaj loga.

offline
  • Pridružio: 07 Feb 2015
  • Poruke: 12

--- Create System Restore Point 19:06:52,42
--- Checking Input 19:07:06,89
--- AU AppData Check 19:07:35,79
--- Remove From Windows Installer 19:07:47,73
--- Empty Folders Check 19:13:57,67
--- Registry HKLM Software Check 19:13:57,79
dokle treba da cekam ?malo je komplikovan ovaj program sta jos treba da zavrsi da bi ono mogao da odradim ?

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Ne znam sta si zabrljao (ovo sto si zadnje postovao je deo nekog drugog loga koji mi ne treba).



- Restartuj racunar;
- Po ovom uputstvu ponovo pokreni zoek i kada zavrsi svoj rad iskopiraj sadrzaj C:\zoek-results.log.
http://www.mycity.rs/Ambulanta/Provera-61.html#p1737509




Nema sta da budes nestrpljiv ili da ti je komplikovan. Radi onako kako pise, ostalo je na meni.

offline
  • Pridružio: 07 Feb 2015
  • Poruke: 12

Napisano: 08 Feb 2015 20:37

tek sad mi je bio prazan prozor jer do sad kad sam ulazio pocne sam da skenira nesto i zato mi je pisalo da radi nesto,to je bio problem ako ti neznas sta on radi ja jos manje Very Happy.imam problem i sa hand clock neda mi da ga uninstal

Dopuna: 08 Feb 2015 20:38

Zoek.exe v5.0.0.0 Updated 07-February-2015
Tool run by HP on ned 08.02.2015 at 20:32:16,53.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\HP\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 20:34:35,12 =====

--- Create Environment Variables 20:34:40,03
--- Checking Input 20:35:28,34
--- AU AppData Check 20:36:09,48
--- Remove From Windows Installer 20:36:17,65
jel sad dobro ?

Dopuna: 08 Feb 2015 21:16

Zoek.exe v5.0.0.0 Updated 07-February-2015
Tool run by HP on ned 08.02.2015 at 19:04:51,09.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\HP\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8.2.2015 19:06:57 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\VideoLAN deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully
C:\Documents and Settings\HP\Application Data\Opera Software deleted successfully
C:\Documents and Settings\HP\Local Settings\Application Data\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{a0892e19-6051-4ae6-9a5f-91542a166b2b} deleted successfully
HKEY_USERS\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_USERS\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{C762D7BA-10CE-49AE-AA4A-9151E17CCF12} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\24c54e38 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\24c54e38 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MaintainerSvc1.65.3138243 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MaintainerSvc1.65.3138243 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Clock Hand deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Clock Hand deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Clock Hand deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Clock Hand deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Clock Hand deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Clock Hand deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Clock Hand deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Clock Hand deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default

---- Lines Clock Hand removed from prefs.js ----
user_pref("extensions.Clock Hand.asul", "1423410889400");
user_pref("extensions.Clock Hand.aul", "1423332520604");
user_pref("extensions.Clock Hand.irl", true);
user_pref("extensions.Clock Hand.is", "isgiwhRS");
user_pref("extensions.Clock Hand.ug", "5D834CF5-88BC-473C-A0AA-C54585D9347D");
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "http://websearch.searchoholic.info/?pid=2457&r=2015/01/02&hid=6944045236329602470&lg=EN&cc=RS&unqvl=72&l=1&q="
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
---- Lines quick_start removed from prefs.js ----
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- Lines extensions.5X1yVrzOxGgQ9g3f removed from prefs.js ----
user_pref("extensions.5X1yVrzOxGgQ9g3f.epoch", "1422091005");
---- Lines extensions.8bPJ3bB42afsD8tW removed from prefs.js ----
user_pref("extensions.8bPJ3bB42afsD8tW.epoch", "1421596153");
---- Lines extensions.JkMXwOlCj6ODnNso removed from prefs.js ----
user_pref("extensions.JkMXwOlCj6ODnNso.epoch", "1422091007");
---- Lines extensions.L4RbwjgHzd1blN4E removed from prefs.js ----
user_pref("extensions.L4RbwjgHzd1blN4E.epoch", "1421691948");
---- Lines extensions.NmMBB6How4NgPxMS removed from prefs.js ----
user_pref("extensions.NmMBB6How4NgPxMS.epoch", "1417105852");
---- Lines extensions.q6jVNKhYy90rJzS7 removed from prefs.js ----
user_pref("extensions.q6jVNKhYy90rJzS7.epoch", "1421655549");
---- FireFox user.js and prefs.js backups ----

user_08.02.2015_1954_.backup
prefs_08.02.2015_1954_.backup

==== Deleting Files \ Folders ======================

c:\progra~1\ELITEU~1 not found
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found
"c:\program files\aares.dll" not found
"c:\program files\aaUninstall Elite Unzip.dll" not found
C:\DOCUME~1\ALLUSE~1\APPLIC~1\dagbfijbbikeadjncfpllkikdbcaankd deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\jepiajcpheddpikaffomhaloplobifeb deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\0c3a7392-abfa-41f5-95a9-5e339ac76b7b deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\efefa6da8f8a1264 deleted
C:\Program Files\ComPlus Applications deleted
C:\Program Files\YoutubeAdBlocke deleted
C:\Program Files\Vaudix deleted
C:\Documents and Settings\HP\Application Data\RHEng deleted
C:\Documents and Settings\HP\Application Data\EZDownloader deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\IePluginServices deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trusted Publisher deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fun2Save deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ProductData deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsMangerProtect deleted
C:\Documents and Settings\HP\Local Settings\Application Data\IAC deleted
C:\Documents and Settings\HP\Local Settings\Application Data\CrashRpt deleted
C:\WINDOWS\System32\drivers\{0bb5bb01-951b-4223-8fcb-b066d3518b73}t.sys deleted
C:\WINDOWS\system32\GroupPolicy\Adm deleted
"C:\Program Files\Clock Hand\updateClockHand.exe" deleted
"C:\Program Files\Clock Hand\bin\0bb5bb01951b42238fcbb066d3518b73.dll" deleted
"C:\Program Files\Clock Hand\bin\7za.exe" deleted
"C:\Program Files\Clock Hand\bin\ClockHand.BrowserAdapter.exe" deleted
"C:\Program Files\Clock Hand\bin\ClockHand.expext.exe" deleted
"C:\Program Files\Clock Hand\bin\ClockHand.expextdll.dll" deleted
"C:\Program Files\Clock Hand\bin\ClockHand.PurBrowse.exe" deleted
"C:\Program Files\Clock Hand\bin\utilClockHand.exe" deleted
"C:\Program Files\Clock Hand" not deleted
"C:\Program Files\Clock Hand\bin" not deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2015-02-07 14:17:50 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2015-02-07 14:17:50 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2015-02-07 14:17:50 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2015-02-07 14:17:50 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2015-02-07 14:17:50 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
2015-02-05 07:50:11 6C130DC72CF96AC9567D8D5371883407 30682 ----a-w- C:\WINDOWS\SchedLgU.Txt
2015-01-18 08:23:57 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\WINDOWS\avastSS.scr
====== C:\DOCUME~1\HP\LOCALS~1\Temp ====
====== Java Cache =====
2015-01-24 07:25:40 B655967AB8192B49DB5A45CE26E99C7C 19601 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\20\3aec2454-1aa63996
2015-01-24 07:38:00 B655967AB8192B49DB5A45CE26E99C7C 19601 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\20\3aec2454-76d9c3b1
2015-01-24 07:38:26 C9C74F5AC8F07A6CEEAA38B9F82699FC 430 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\21\793411d5-ca5bce9e915ddf684ddc2315b6665e37fcd2c2624588dacd6dc260d40ecf7c7b-6.0.lap
2015-01-24 18:28:13 3CD7B72E00C940FF76A4E77EA5194BCA 430 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23\3f5f9757-2bdc79ec439020872c03bc9f8268f4146586c17c2e5f6495f3d020f91bb0a1fc-6.0.lap
2015-01-24 07:25:39 E7646581E1A82AB277DD5118C6A35DD4 95 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\25\4f9d9e19-8dbceaca976997ca500d2783562c53b1d61ab9a8cdaac41cde1a23662dbf0475-6.0.lap
2015-01-26 06:29:34 460D3D07B35606318F1F6E0546C3EE86 430 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\30\6c40579e-1213e486462bf8eb03652cdc6dcd92503930c029b168cba719b324537ca7d56a-6.0.lap
2015-01-24 18:27:15 B655967AB8192B49DB5A45CE26E99C7C 19601 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\33\3cf2ed21-1a53ddb2
2015-01-26 06:32:35 4528051FD23BE9605E30D2C3388C3C19 37 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\34\59208322-c48870f5c826931b116a36af5f92d179dbd0b225e63b3f2058caa1638cc8023e-6.0.lap
2015-01-24 07:37:57 9C00CDD1A85F54BA3522B1DD02C69911 37 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\44\7f75872c-26887e334497032fb8d514829a96c22df9a2558b69302cb7f939a1db965a3fdf-6.0.lap
2015-01-26 06:30:45 1A76133E7EC1752FA839FBAEA5AD684B 95 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\49\72908b1-e04d54c7e232978b32fee9bf9288b7c6584fe87d586db472ebb77458c5346e08-6.0.lap
2015-01-24 18:26:54 9645EA62BF6536478988C1C7C5617FE6 37 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\18cb534-ba7eb260dfe76bbfe64755d65f35f2859c635ecdf2b64ed7d3f74b6493a0d569-6.0.lap
2015-01-24 18:27:15 F0DF78B6F1AEC690BC4E89C4CA5FAA96 95 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8\4dc2f5c8-eb0d15ea4e6384b63a10a8c0d6f21d163e437297fbc01675aa84832e246b967d-6.0.lap
====== C:\WINDOWS\system32 =====
2015-02-08 17:57:14 33A836DB750D2095CC95DD9DC39639FC 91088 ----a-w- C:\WINDOWS\System32\FNTCACHE.DAT
====== C:\WINDOWS\system32\drivers =====
2015-02-07 20:00:08 1992E0D143B09653AB0F9C5E04B0FD65 16128 ----a-w- C:\WINDOWS\System32\drivers\MODEMCSA.sys
2015-02-07 18:49:54 6FFB351C9C9BB88E91785F4CD7396D31 23840 ----a-w- C:\WINDOWS\System32\drivers\HWiNFO32.SYS
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-02-07 18:07:47 -------- d-----w- C:\Program Files\Clock Hand
2015-01-24 07:31:31 -------- d-----w- C:\Program Files\Common Files\Java
======= C: =====
2015-02-07 14:21:25 FA579938B0733B87066546AFE951082C 211 ----a-w- C:\Boot.bak
2015-02-07 14:21:22 94E5450C43E4CF78E1D3AD4816966909 260272 --sha-r- C:\cmldr
====== C:\Documents and Settings\HP\Application Data ======
2015-01-27 20:24:03 -------- d-----w- C:\Documents and Settings\HP\Local Settings\Application Data\Mindspark_Interactive_Net
2015-01-23 08:52:54 -------- d-----w- C:\Documents and Settings\HP\Application Data\InternetSpeedTracker_9t
====== C:\Documents and Settings\HP ======
2015-02-08 17:32:36 -------- d--h--r- C:\Documents and Settings\HP\Recent
2015-02-07 20:29:56 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\Cookies
2015-02-07 20:03:29 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies
2015-02-07 18:18:00 -------- d-----r- C:\Documents and Settings\LocalService\Favorites
2015-02-07 18:13:24 -------- d-sh--w- C:\Documents and Settings\LocalService\Cookies

====== C: exe-files ==
2015-02-08 18:58:24 E5945C194FF82EEBDCC0E6C05EEF9890 105712 ----a-w- C:\Program Files\Clock Hand\bin\ClockHand.BrowserAdapter.exe
2015-02-08 18:58:24 430B2C53735C27ED20EEB8E434E7D77D 123120 ----a-w- C:\Program Files\Clock Hand\bin\ClockHand.BrowserAdapter64.exe
2015-02-08 17:14:08 28CA7D1BB9FBFCA2B529D885E61491D8 933664 ----a-w- C:\Documents and Settings\HP\Application Data\IObit\IObit Uninstaller\PPUninstallertemp.exe
2015-02-07 20:30:02 10C915F39C291AF809CE76E9F2F2D659 41213008 ----a-w- C:\Program Files\Google\Update\Install\{1296889F-BA23-4222-A7A0-8A392BB450EF}\40.0.2214.111_chrome_installer.exe
2015-02-07 20:29:48 E8B7FD67DA14A7BE57A5CB80E3139E60 309704 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe
2015-02-07 20:29:32 4C401FCC6D0C95E1A5D989E403E18F2F 1072072 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe
2015-02-07 20:28:12 107A176FF25E2BA8016A92C301844839 532312 ----a-w- C:\Program Files\Google\Update\Install\{333CEA75-2EBB-4ECB-A8F3-B9CF12E17B0C}\GoogleToolbarInstaller_updater_signed.exe
2015-02-07 20:28:12 107A176FF25E2BA8016A92C301844839 532312 ----a-w- C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.5111.1712\GoogleToolbarInstaller_updater_signed.exe
2015-02-07 20:25:27 10C915F39C291AF809CE76E9F2F2D659 41213008 ----a-w- C:\Program Files\Google\Update\Install\{A8FCF20A-AAB9-4000-A773-7284498BD3A0}\40.0.2214.111_chrome_installer.exe
2015-02-07 20:21:42 10C915F39C291AF809CE76E9F2F2D659 41213008 ----a-w- C:\Program Files\Google\Update\Install\{205D0E97-ECEB-4561-B97C-4D249535A662}\40.0.2214.111_chrome_installer.exe
2015-02-07 20:21:40 10C915F39C291AF809CE76E9F2F2D659 41213008 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.111\40.0.2214.111_chrome_installer.exe
2015-02-07 20:20:40 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-02-07 20:20:40 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-02-07 20:20:40 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-02-07 20:20:39 954CED7655BDA485A766960CC757CB73 880208 ----a-w- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-02-07 20:20:35 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-02-07 20:20:35 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-02-07 20:20:35 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-02-07 20:20:35 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-02-07 18:48:47 449751F4C1ECAE6E649BFF6C5AAA6E52 10604648 ----a-w- C:\Documents and Settings\All Users\Application Data\IObit\ASCDownloader\ASC8\Driver Booster.exe
2015-02-07 18:48:38 419BEE93691065EDFD0B9DA56EC17E70 1009952 ----a-w- C:\Program Files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\SPNativeMessage.exe
2015-02-07 18:48:36 32933A97E58B63C399FF9EF9E751C123 1366816 ----a-w- C:\Program Files\IObit\Surfing Protection\SPUpdate.exe
2015-02-07 18:48:35 AB61AA00EB531A3FA9D4C926D15E9EEF 1440032 ----a-w- C:\Program Files\IObit\Surfing Protection\PluginInstall.exe
2015-02-07 18:48:35 8EC37EE818B9ABEBAE4655E9FB7AA132 1195808 ----a-w- C:\Program Files\IObit\Surfing Protection\unins000.exe
2015-02-07 18:17:53 3189D8F447ADF670D22048890FFD441F 101616 ----a-w- C:\Program Files\Clock Hand\bin\ClockHand.expext.exe
2015-02-07 16:22:45 A30351F539D71D6199BD2295CC234E96 531424 ----a-w- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
2015-02-07 16:20:20 E8B7FD67DA14A7BE57A5CB80E3139E60 309704 ----a-w- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
2015-02-07 16:20:20 2276C2E1172F2DEEEA861DE006630725 401488 ----a-w- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_64.exe
2015-02-07 16:20:19 4BEAF576CB43358C4DB9F45AC7C09CDB 194032 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe
2015-02-07 16:20:19 4B78E9AE06F7C310E30EE2FA5B7EBC3C 1721296 ----a-w- C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe
2015-02-07 16:20:19 1F2AFAB903C0D48480561F3BBD4539C2 739640 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe
2015-02-07 16:20:04 2040B57C08F7A97E4E44ACB324647CF2 6110688 ----atw- C:\Program Files\Google\Update\Install\{37C31830-5AC7-4CA0-9562-E1276FF499FC}\googletoolbarinstaller_full_signed.exe
2015-02-07 16:20:03 2040B57C08F7A97E4E44ACB324647CF2 6110688 ----atw- C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_full_signed.exe
2015-02-07 14:21:21 A38C1A7D8D8F4428CD8E96F3F2B6E046 580608 ----a-w- C:\cmdcons\autofmt.exe
2015-02-07 14:21:21 23043C91A0F9DFB4B9E9F87B680863B4 588800 ----a-w- C:\cmdcons\autochk.exe
2015-02-07 14:17:50 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2015-02-07 14:17:50 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2015-02-07 14:17:50 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2015-02-07 14:17:50 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2015-02-07 14:17:50 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
2015-02-07 12:46:23 D950F6C1C056BD7CE1BF461CFA3137EB 776992 ----a-w- C:\Documents and Settings\HP\Application Data\IObit\IObit Uninstaller\UninstallDisplaytemp.exe
2015-02-07 12:46:22 83B208F0FC5015586E23AFD04ECD72C5 1824032 ----a-w- C:\Documents and Settings\HP\Application Data\IObit\IObit Uninstaller\UninstallPromotetemp.exe
2015-02-07 12:46:20 5D2AF40D165791C24C28DB24D1AE086E 588576 ----a-w- C:\Documents and Settings\HP\Application Data\IObit\IObit Uninstaller\Install_PintoStartMenutemp.exe
=== C: other files ==
2015-02-08 18:58:52 03147AF7EAD57207F8533927ECAC6DB3 2461 ----a-w- C:\Program Files\Clock Hand\nhhfhndnffkcemhlnkoldboggfnjglnd.crx
2015-02-08 18:58:16 0E3E615C962E31327159DAAFB026D716 94340 ----a-w- C:\Program Files\Clock Hand\bin\ClockHand.expext.zip
2015-02-08 18:28:52 098A1E64941026B56F0AFA1AAB411808 6404 ----a-w- C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default\extensions\{0bb5bb01-951b-4223-8fcb-b066d3518b73}.xpi
2015-02-08 18:01:48 7B948E3657BEA62E437BC46CA6EF6012 12112 ----a-w- C:\WINDOWS\LastGood\system32\DRIVERS\aswNdis.sys
2015-02-08 10:37:00 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Temp\avastBCLTMP\{e2e2dd38-d088-4134-82b7-f2ba38496583}.zip
2015-02-08 10:31:08 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Temp\avastBCLTMP\plmlpbcjkpppncefeoongifnpinjmegf.zip
2015-02-08 10:31:08 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Temp\avastBCLTMP\ojgmigafbpedhdilmemphfklkbghlphi.zip
2015-02-08 10:31:08 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Temp\avastBCLTMP\mcpmofnlkemfkhgngcdppgbhncoflmpe.zip
2015-02-08 10:31:08 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Temp\avastBCLTMP\hhmhfcfbheceghfbfjgkjnlhooadpnej.zip
2015-02-08 10:31:08 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Documents and Settings\HP\Local Settings\Application Data\Temp\avastBCLTMP\fopdddcinljmpmioaklghcalngfhbaen.zip
2015-02-07 20:00:08 1992E0D143B09653AB0F9C5E04B0FD65 16128 -c--a-w- C:\WINDOWS\system32\dllcache\modemcsa.sys
2015-02-07 20:00:08 1992E0D143B09653AB0F9C5E04B0FD65 16128 ----a-w- C:\WINDOWS\system32\drivers\MODEMCSA.sys
2015-02-07 18:49:54 6FFB351C9C9BB88E91785F4CD7396D31 23840 ----a-w- C:\WINDOWS\system32\drivers\HWiNFO32.SYS

==== Firefox Start and Search pages ======================

ProfilePath: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=");

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default
- Undetermined - {0bb5bb01-951b-4223-8fcb-b066d3518b73}
- Clock Hand 1.0.1 - %ProfilePath%\extensions\{0bb5bb01-951b-4223-8fcb-b066d3518b73}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
A4FDD66D0DBF2CADF5B7D2F8187E24D1 - C:\Documents and Settings\HP\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{C762D7BA-10CE-49AE-AA4A-9151E17CCF12}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C762D7BA-10CE-49AE-AA4A-9151E17CCF12}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{E586D87E-B762-4AC4-9302-94CE8FA287ED} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully
HKEY_USERS\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully
HKEY_USERS\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f3dc1cf-3023-4906-9b17-c022e853c2d8} deleted successfully
HKEY_USERS\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2f3dc1cf-3023-4906-9b17-c022e853c2d8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2f3dc1cf-3023-4906-9b17-c022e853c2d8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f3dc1cf-3023-4906-9b17-c022e853c2d8} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully

==== Uninstall List x86 ======================

µTorrent [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
BrickBuilder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-2976510679]
CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
CheapMe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}]
Clock Hand [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Clock Hand]
CPUID CPU-Z 1.69.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPUID CPU-Z_is1]
Creative Modem Blaster V.92 DI5733-1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Agere Systems Soft Modem]
DirectX10 RC2 Pre Fix 3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectX10 for Windows XP - Win2000, 2003,..._is1]
ffdshow [rev 1201] [2007-05-26] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ffdshow_is1]
Fun2Save [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}]
Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Happy2Save [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}]
Internet Speed Tracker Internet Explorer Toolbar [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InternetSpeedTracker_9tbar Uninstall Internet Explorer]
Java 8 Update 31 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218031F0}]
K-Lite Codec Pack 10.5.5 Full [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1]
Microsoft .NET Framework 2.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01007]
Mozilla Firefox 35.0.1 (x86 sr) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 35.0.1 (x86 sr)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
Ralink RT2870 Wireless LAN Card [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
Skype™ 6.18 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}]
Surfing Protection [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IObit Surfing Protection_is1]
TeamViewer 9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer 9]
Total Commander (Remove or Repair) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Totalcmd]
Unity Web Player [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
Vaudix [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{681002C6-5019-81A2-7871-A43754F71E56}]
WebFldrs XP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}]
Winamp [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp]
Windows Internet Explorer 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ie8]
WindowsMangerProtect20.0.0.1270 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
WinRAR 5.20 (32-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
YoutubeAdBlocke [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}]

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Ma znam ja sta si ti radio, to sam samo bio ljubazan. Mr. Green
Kliktao si nestrpljivo i nisi sacekao da alat zavrsi i kaze ti "zavrsio sam" i "restartovacu sistem." Malo mu se oduzio scan i tak'


Anyway, on je dobar posao odradio. Idemo neke ostatke da potucemo ...






Otvori Notepad i kopiraj sljedeći tekst:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f
reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}" /f
reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}" /f
reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InternetSpeedTracker_9tbar Uninstall Internet Explorer" /f
reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect" /f
reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" /f

for %%g in (

"C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\yrxa3n3t.default\extensions\{0bb5bb01-951b-4223-8fcb-b066d3518b73}.xpi"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\Program Files\Clock Hand"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Infekcija Uspesno Uklonjena ! !

pause
del %0


Snimi ga na Desktop pod imenom fix.bat
Obrati pažnju na ekstenziju .bat
Ovako treba da izgleda ikonica:

Pokreni fix.bat i kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u. Ako se u Notepad-u ne pojavi nikakav tekst to znači da je sve prošlo kako treba i potrebno je samo da to napomeneš sta ti je fix ispisao.

Ukoliko ti se Notepad ne otvori, otvori ručno fajl log.txt i postavi njegov sadržaj na forum.

Ko je trenutno na forumu
 

Ukupno su 599 korisnika na forumu :: 16 registrovanih, 3 sakrivenih i 580 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, cenejac111, goxin, Insan, Megapurpletv, miodrag, nuke92, Oluj2.1, Oscar2, pavlo, ruseskij, sakota79, Sale.S, vlvl, zodiac94