MyCity » Ambulanta -> Arhiva Ambulante » Provjera

Provjera

Napisano na dan: 23.2.2015
1

Provjera
Sledeća strana Pagination

Idi na vrh

Poslao: 23 Feb 2015 18:23
Idi na vrh
offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Pozdrav forumasi,
Htio bih da provjerim moj laptop da slucajno nema koji virus

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Banjo (administrator) on BANJO-PC on 23-02-2015 18:19:52
Running from C:\Users\Banjo\Desktop
Loaded Profiles: Banjo (Available profiles: Banjo)
Platform: Microsoft Windows 7 Professional (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
() C:\Program Files\HSDPA USB MODEM\USB Modem.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6310984 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-02-23] (AVAST Software)
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff275d-384c-11e4-a39a-78acc05c1280} - F:\AutoRun.exe
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff276c-384c-11e4-a39a-78acc05c1280} - H:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\..\Interfaces\{CE86A9F7-2FB6-41A6-B373-BF24DE2811E1}: [NameServer] 213.133.3.5 213.133.3.10
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Link mogu videti samo ulogovani korisnici]

FireFox:
========
FF ProfilePath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
FF Homepage: [Link mogu videti samo ulogovani korisnici]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\8gubbzjz.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-23]

Chrome:
=======
CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici]
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR Profile: C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]
CHR Extension: (YouTube) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google Search) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Sheets) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Avast Online Security) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Gmail) - C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-02-23] (Avast Software)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [203848 2013-02-19] (Realtek Semiconductor)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [484352 2014-12-07] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-02-23] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2015-02-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-02-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-02-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-02-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-02-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2015-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-02-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-02-23] ()
R3 qcusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [97408 2007-10-16] (Mobile Connector)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-02-23] (Avast Software)
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 BTMUSB; System32\Drivers\btmusb.sys [X]
S3 cpuz136; \??\C:\Users\Banjo\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 gHidPnp; System32\Drivers\gHidPnp.Sys [X]
S3 gMouUsb; system32\DRIVERS\gMouUsb.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 18:19 - 2015-02-23 18:20 - 00013811 _____ () C:\Users\Banjo\Desktop\FRST.txt
2015-02-23 18:19 - 2015-02-23 18:19 - 00000000 ____D () C:\FRST
2015-02-23 18:17 - 2015-02-23 18:19 - 01126912 _____ (Farbar) C:\Users\Banjo\Desktop\FRST.exe
2015-02-23 18:11 - 2015-02-23 18:11 - 00000000 ____D () C:\Windows\ERUNT
2015-02-23 18:08 - 2015-02-23 18:08 - 00000197 _____ () C:\Windows\system32\2015-02-23-17-08-32.046-AvastVBoxSVC.exe-2928.log
2015-02-23 18:04 - 2015-02-23 18:04 - 00001233 _____ () C:\Windows\unins000.dat
2015-02-23 18:04 - 2015-02-23 18:03 - 01180529 _____ () C:\Windows\unins000.exe
2015-02-23 17:49 - 2015-02-23 17:49 - 00000247 _____ () C:\Windows\system32\2015-02-23-16-49-45.035-aswFe.exe-3136.log
2015-02-23 17:40 - 2015-02-23 17:49 - 00000247 _____ () C:\Windows\system32\2015-02-23-16-40-41.079-aswFe.exe-1144.log
2015-02-23 17:40 - 2015-02-23 17:40 - 00000197 _____ () C:\Windows\system32\2015-02-23-16-40-38.028-AvastVBoxSVC.exe-1344.log
2015-02-23 17:35 - 2015-02-23 17:35 - 00002075 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk
2015-02-23 17:35 - 2015-02-23 17:35 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\AVAST Software
2015-02-23 17:35 - 2015-02-23 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-23 17:34 - 2015-02-23 17:33 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-23 17:34 - 2015-02-23 17:33 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-02-23 17:34 - 2015-02-23 17:33 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-23 17:33 - 2015-02-23 17:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-23 17:32 - 2015-02-23 17:32 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-23 17:31 - 2015-02-23 17:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-23 17:01 - 2015-02-23 17:07 - 05040384 _____ (AVAST Software) C:\Users\Banjo\Downloads\avastclear.exe
2015-02-23 14:36 - 2015-02-23 14:36 - 00000197 _____ () C:\Windows\system32\2015-02-23-13-36-33.013-AvastVBoxSVC.exe-2488.log
2015-02-22 01:13 - 2015-02-22 01:13 - 00000197 _____ () C:\Windows\system32\2015-02-22-00-13-26.011-AvastVBoxSVC.exe-2384.log
2015-02-21 00:27 - 2015-02-21 00:37 - 09052192 _____ (Cheat Engine ) C:\Users\Banjo\Downloads\CheatEngine64.exe
2015-02-19 21:52 - 2015-02-19 21:59 - 05325208 _____ (Piriform Ltd) C:\Users\Banjo\Downloads\ccsetup502.exe
2015-02-19 16:16 - 2015-02-19 16:16 - 00000197 _____ () C:\Windows\system32\2015-02-19-15-16-41.091-AvastVBoxSVC.exe-2352.log
2015-02-18 21:44 - 2015-02-18 21:44 - 00000197 _____ () C:\Windows\system32\2015-02-18-20-44-09.046-AvastVBoxSVC.exe-2312.log
2015-02-17 15:09 - 2015-02-17 15:09 - 00000197 _____ () C:\Windows\system32\2015-02-17-14-09-16.041-AvastVBoxSVC.exe-2252.log
2015-02-16 22:22 - 2015-02-16 22:22 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-02-12 16:15 - 2015-02-12 16:15 - 00000197 _____ () C:\Windows\system32\2015-02-12-15-15-03.082-AvastVBoxSVC.exe-2368.log
2015-02-11 11:27 - 2015-02-11 11:27 - 00000197 _____ () C:\Windows\system32\2015-02-11-10-27-25.057-AvastVBoxSVC.exe-2328.log
2015-02-11 11:03 - 2015-02-11 11:03 - 00000197 _____ () C:\Windows\system32\2015-02-11-10-03-20.043-AvastVBoxSVC.exe-3036.log
2015-02-10 12:52 - 2015-02-10 12:52 - 00000197 _____ () C:\Windows\system32\2015-02-10-11-52-13.096-AvastVBoxSVC.exe-2392.log
2015-02-09 10:18 - 2015-02-09 10:18 - 00000197 _____ () C:\Windows\system32\2015-02-09-09-18-46.033-AvastVBoxSVC.exe-3312.log
2015-02-08 20:44 - 2015-02-08 20:44 - 00000000 ____D () C:\Users\Banjo\Desktop\New folder
2015-02-08 20:35 - 2015-02-08 20:36 - 00000197 _____ () C:\Windows\system32\2015-02-08-19-35-55.078-AvastVBoxSVC.exe-2604.log
2015-02-08 19:11 - 2015-02-08 20:14 - 00000000 ____D () C:\Users\Banjo\Desktop\Kaca
2015-02-08 18:07 - 2015-02-08 18:07 - 00000197 _____ () C:\Windows\system32\2015-02-08-17-07-33.089-AvastVBoxSVC.exe-2668.log
2015-02-06 17:26 - 2015-02-06 17:26 - 00000197 _____ () C:\Windows\system32\2015-02-06-16-26-46.039-AvastVBoxSVC.exe-2628.log
2015-02-06 11:59 - 2015-02-06 11:59 - 00000197 _____ () C:\Windows\system32\2015-02-06-10-59-17.048-AvastVBoxSVC.exe-2604.log
2015-02-05 11:15 - 2015-02-05 11:15 - 00000197 _____ () C:\Windows\system32\2015-02-05-10-15-07.024-AvastVBoxSVC.exe-3604.log
2015-02-03 10:33 - 2015-02-03 10:33 - 00000197 _____ () C:\Windows\system32\2015-02-03-09-33-18.079-AvastVBoxSVC.exe-2216.log
2015-02-02 20:31 - 2015-02-02 20:31 - 00000197 _____ () C:\Windows\system32\2015-02-02-19-31-44.099-AvastVBoxSVC.exe-2212.log
2015-02-02 20:24 - 2015-02-02 20:24 - 00000197 _____ () C:\Windows\system32\2015-02-02-19-24-51.013-AvastVBoxSVC.exe-2752.log
2015-02-02 20:06 - 2015-02-02 20:07 - 00000000 ____D () C:\Users\Banjo\AppData\Local\Ahead
2015-02-02 20:04 - 2015-02-02 20:07 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\Ahead
2015-02-02 20:04 - 2015-02-02 20:04 - 00000000 ____D () C:\ProgramData\Ahead
2015-02-02 19:48 - 2015-02-02 19:48 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-02-02 19:48 - 2015-02-02 19:48 - 00000000 ____D () C:\ProgramData\Baidu
2015-02-02 19:47 - 2015-02-08 20:07 - 00000000 ____D () C:\Program Files\FreeTime
2015-02-02 19:47 - 2015-02-02 19:47 - 00000197 _____ () C:\Windows\system32\2015-02-02-18-47-44.032-AvastVBoxSVC.exe-2424.log
2015-02-01 20:52 - 2015-02-01 20:52 - 00000197 _____ () C:\Windows\system32\2015-02-01-19-52-37.007-AvastVBoxSVC.exe-3384.log
2015-02-01 18:49 - 2015-02-01 18:49 - 00000979 _____ () C:\Users\Banjo\Desktop\HSDPA USB MODEM.lnk
2015-02-01 18:49 - 2015-02-01 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HSDPA USB MODEM
2015-02-01 18:49 - 2015-02-01 18:49 - 00000000 ____D () C:\Program Files\HSDPA USB MODEM
2015-02-01 18:24 - 2015-02-01 18:24 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-02-01 18:24 - 2015-02-01 18:24 - 00001908 _____ () C:\Windows\diagerr.xml
2015-02-01 15:18 - 2015-02-01 15:18 - 00000197 _____ () C:\Windows\system32\2015-02-01-14-18-08.012-AvastVBoxSVC.exe-2688.log
2015-02-01 13:59 - 2015-02-01 13:59 - 00000197 _____ () C:\Windows\system32\2015-02-01-12-59-17.043-AvastVBoxSVC.exe-3668.log
2015-02-01 12:32 - 2015-02-01 12:32 - 00000247 _____ () C:\Windows\system32\2015-02-01-11-32-05.017-aswFe.exe-4368.log
2015-02-01 12:20 - 2015-02-01 12:20 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-27 15:25 - 2015-01-27 15:26 - 00000000 ____D () C:\Users\Banjo\Documents\GTA Vice City User Files
2015-01-27 14:43 - 2015-01-27 15:18 - 00000000 ____D () C:\Users\Banjo\Desktop\TESTOVI ZA POLAGANJE VOZACKOG
2015-01-27 14:43 - 2015-01-27 14:43 - 00000990 _____ () C:\Users\Banjo\Desktop\Counter-Strike 1.6.lnk
2015-01-27 14:43 - 2015-01-27 14:43 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2015-01-27 14:43 - 2015-01-27 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2015-01-27 14:41 - 2015-01-27 14:43 - 00000000 ____D () C:\Program Files\Counter-Strike 1.6
2015-01-26 23:54 - 2015-01-27 01:31 - 00000000 ____D () C:\Users\Banjo\Downloads\Counter Strike 1.6
2015-01-26 22:41 - 2015-01-26 22:41 - 00000923 _____ () C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2015-01-26 22:22 - 2015-01-26 22:22 - 00000000 ____D () C:\ProgramData\APN
2015-01-25 21:04 - 2015-01-25 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 21:01 - 2015-02-23 18:06 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 21:01 - 2015-02-23 17:06 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 19:40 - 2015-02-13 21:14 - 00000000 ____D () C:\Users\Banjo\Desktop\Ouija (2014)
2015-01-25 19:30 - 2015-02-04 16:14 - 00000000 ____D () C:\Users\Banjo\Desktop\Bogo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 18:13 - 2009-07-14 05:34 - 00012656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 18:13 - 2009-07-14 05:34 - 00012656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 18:12 - 2015-01-14 16:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 18:09 - 2014-01-25 14:37 - 02010290 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 18:06 - 2014-12-07 01:32 - 00002434 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user.job
2015-02-23 18:06 - 2014-12-07 01:32 - 00002434 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00005172 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00004482 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00004146 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00002098 _____ () C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00000982 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-23 18:06 - 2014-12-07 01:31 - 00000636 _____ () C:\Windows\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b.job
2015-02-23 18:06 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 18:05 - 2015-01-14 17:21 - 00004076 _____ () C:\Windows\setupact.log
2015-02-23 18:05 - 2015-01-14 17:20 - 00864894 _____ () C:\Windows\PFRO.log
2015-02-23 17:02 - 2014-01-25 14:41 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 16:02 - 2014-11-18 19:07 - 00000000 ____D () C:\Users\Banjo\Desktop\Igrice & Programi
2015-02-23 01:36 - 2014-12-07 01:31 - 00000986 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-22 10:54 - 2009-07-14 05:53 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-19 22:00 - 2015-01-14 16:47 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 22:22 - 2015-01-14 16:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-16 22:22 - 2015-01-14 16:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-13 21:10 - 2014-01-25 16:07 - 00000000 ____D () C:\Users\Banjo\Desktop\FILMOVI
2015-02-08 18:13 - 2014-09-12 23:05 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\uTorrent
2015-02-01 19:35 - 2014-01-25 15:15 - 00000000 ____D () C:\Windows\system32\SupportAppCB
2015-02-01 19:35 - 2014-01-25 14:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-01 18:24 - 2015-01-14 17:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 15:25 - 2014-01-31 08:18 - 00000000 ____D () C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 15:18 - 2014-10-21 19:10 - 00000000 ____D () C:\Users\Banjo\Desktop\MUZIKA
2015-01-25 21:04 - 2014-07-13 22:49 - 00000000 ____D () C:\Program Files\Google
2015-01-25 21:04 - 2014-07-13 20:52 - 00000000 ____D () C:\Users\Banjo\AppData\Local\Google
2015-01-25 20:57 - 2014-01-25 14:36 - 00001373 _____ () C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

==================== Files in the root of some directories =======

2014-11-01 11:19 - 2014-11-01 11:26 - 0000411 _____ () C:\Users\Banjo\AppData\Roaming\LiveSupport.exe_log.txt
2014-12-07 01:31 - 2014-12-07 01:31 - 1520608 _____ (HDPlus-3.1TotalV05.12) C:\Users\Banjo\AppData\Roaming\OGAM.exe
2014-01-25 20:37 - 2014-01-25 20:37 - 0138056 _____ () C:\Users\Banjo\AppData\Roaming\PnkBstrK.sys
2014-11-01 11:19 - 2014-11-01 11:48 - 0000086 _____ () C:\Users\Banjo\AppData\Roaming\regsvr32.exe_log.txt
2015-01-15 00:53 - 2015-01-15 00:53 - 0024701 _____ () C:\Users\Banjo\AppData\Roaming\UserTile.png
2014-12-07 01:31 - 2014-12-07 01:31 - 2004448 _____ (HDPlus-3.1TotalV05.12) C:\Users\Banjo\AppData\Roaming\ZOPTBW.exe
2014-03-02 17:10 - 2014-06-09 12:30 - 0004608 _____ () C:\Users\Banjo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Banjo\AppData\Local\Temp\mgwz.dll
C:\Users\Banjo\AppData\Local\Temp\ochelper.exe
C:\Users\Banjo\AppData\Local\Temp\utt3F08.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 17:35

==================== End Of Log ============================


[Link mogu videti samo ulogovani korisnici]

Unaprijed Hvala Ziveli Ziveli



Poslao: 24 Feb 2015 17:45
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

WindowsMangerProtect20.0.0.1277




Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff275d-384c-11e4-a39a-78acc05c1280} - F:\AutoRun.exe
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff276c-384c-11e4-a39a-78acc05c1280} - H:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1417.....8FYF074EJX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=.....EJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1417.....8FYF074EJX
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\8gubbzjz.default\extensions\faststartff@gmail.com
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [484352 2014-12-07] (Fuyu LIMITED) [File not signed]
Task: {12AF6B7A-1D2E-4353-BEDF-E30CEA0F03A6} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-2.exe <==== ATTENTION
Task: {2E69C7BE-04A0-4069-8846-6DB0FC9DF3BB} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-11.exe <==== ATTENTION
Task: {32A4134A-779F-4F06-9FC2-12908611A793} - System32\Tasks\{9238B136-BB21-40F1-A869-25817DB1FB5A} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {3E8343BE-9E7A-4ED1-B57A-CA187B46E261} - System32\Tasks\{4226B387-8A0F-49A0-9F56-754B95A04A21} => pcalua.exe -a C:\SWSetdsafsdfdsup\SP49542\Setup.exe -d C:\SWSetdsafsdfdsup\SP49542
Task: {B1219653-2846-4D06-92FB-00C16CC07DF3} - System32\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b => C:\Program Files\TotalPlusHD-3.1V05.12\4b668761-96e2-450d-8bc3-266a3f247e4b.exe <==== ATTENTION
Task: {C142C021-930B-474A-848E-26F581FD4B4A} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-4.exe <==== ATTENTION
Task: {CE2B6206-B2D6-4843-A042-9B78300C5BC4} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D0364C91-7AF2-4D23-AAA8-65D3450A2303} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D5616850-1599-4C40-A51E-A9E8B397080E} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E39AB245-4C69-4236-A382-AD9521E89A1C} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: {E897229E-2652-4711-85E9-865D467B1BFA} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: {EB79A4CE-7038-439E-A4A4-B2E26FDC26DE} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-1.job => C:\Program Files\TotalPlusHD-3.1V05.12\TotalPlusHD-3.1V05.12-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-7.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b.job => C:\Program Files\TotalPlusHD-3.1V05.12\4b668761-96e2-450d-8bc3-266a3f247e4b.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Users\Banjo\AppData\Roaming\ZOPTBW.exe
C:\ProgramData\WindowsMangerProtect
C:\Program Files\globalUpdate
C:\Users\Banjo\AppData\Roaming\OGAM.exe
C:\Program Files\TotalPlusHD-3.1V05.12
C:\Program Files\MyPC Backup
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt



Poslao: 24 Feb 2015 18:24
Idi na vrh
offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2015 01
Ran by Banjo at 2015-02-24 17:56:19 Run:1
Running from C:\Users\Banjo\Desktop
Loaded Profiles: Banjo (Available profiles: Banjo)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff275d-384c-11e4-a39a-78acc05c1280} - F:\AutoRun.exe
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\...\MountPoints2: {e2ff276c-384c-11e4-a39a-78acc05c1280} - H:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-2945771310-202216555-3696022800-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&pid=377&r=2014/11/01&hid=15617337041010751777&lg=EN&cc=RS&unqvl=65
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Link mogu videti samo ulogovani korisnici]
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\8gubbzjz.default\extensions\faststartff@gmail.com
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [484352 2014-12-07] (Fuyu LIMITED) [File not signed]
Task: {12AF6B7A-1D2E-4353-BEDF-E30CEA0F03A6} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-2.exe <==== ATTENTION
Task: {2E69C7BE-04A0-4069-8846-6DB0FC9DF3BB} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-11.exe <==== ATTENTION
Task: {32A4134A-779F-4F06-9FC2-12908611A793} - System32\Tasks\{9238B136-BB21-40F1-A869-25817DB1FB5A} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {3E8343BE-9E7A-4ED1-B57A-CA187B46E261} - System32\Tasks\{4226B387-8A0F-49A0-9F56-754B95A04A21} => pcalua.exe -a C:\SWSetdsafsdfdsup\SP49542\Setup.exe -d C:\SWSetdsafsdfdsup\SP49542
Task: {B1219653-2846-4D06-92FB-00C16CC07DF3} - System32\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b => C:\Program Files\TotalPlusHD-3.1V05.12\4b668761-96e2-450d-8bc3-266a3f247e4b.exe <==== ATTENTION
Task: {C142C021-930B-474A-848E-26F581FD4B4A} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-4.exe <==== ATTENTION
Task: {CE2B6206-B2D6-4843-A042-9B78300C5BC4} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D0364C91-7AF2-4D23-AAA8-65D3450A2303} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D5616850-1599-4C40-A51E-A9E8B397080E} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E39AB245-4C69-4236-A382-AD9521E89A1C} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: {E897229E-2652-4711-85E9-865D467B1BFA} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: {EB79A4CE-7038-439E-A4A4-B2E26FDC26DE} - System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3 => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-1.job => C:\Program Files\TotalPlusHD-3.1V05.12\TotalPlusHD-3.1V05.12-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-7.job => C:\Program Files\TotalPlusHD-3.1V05.12\0f642111-f191-4567-ba69-d1744f9be5d2-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b.job => C:\Program Files\TotalPlusHD-3.1V05.12\4b668761-96e2-450d-8bc3-266a3f247e4b.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Users\Banjo\AppData\Roaming\ZOPTBW.exe
C:\ProgramData\WindowsMangerProtect
C:\Program Files\globalUpdate
C:\Users\Banjo\AppData\Roaming\OGAM.exe
C:\Program Files\TotalPlusHD-3.1V05.12
C:\Program Files\MyPC Backup
EmptyTemp:
*****************

"HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ff275d-384c-11e4-a39a-78acc05c1280}" => Key deleted successfully.
HKCR\CLSID\{e2ff275d-384c-11e4-a39a-78acc05c1280} => Key not found.
"HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ff276c-384c-11e4-a39a-78acc05c1280}" => Key deleted successfully.
HKCR\CLSID\{e2ff276c-384c-11e4-a39a-78acc05c1280} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-2945771310-202216555-3696022800-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully.
WindowsMangerProtect => Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12AF6B7A-1D2E-4353-BEDF-E30CEA0F03A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12AF6B7A-1D2E-4353-BEDF-E30CEA0F03A6}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E69C7BE-04A0-4069-8846-6DB0FC9DF3BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E69C7BE-04A0-4069-8846-6DB0FC9DF3BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32A4134A-779F-4F06-9FC2-12908611A793}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A4134A-779F-4F06-9FC2-12908611A793}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9238B136-BB21-40F1-A869-25817DB1FB5A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9238B136-BB21-40F1-A869-25817DB1FB5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E8343BE-9E7A-4ED1-B57A-CA187B46E261}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E8343BE-9E7A-4ED1-B57A-CA187B46E261}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4226B387-8A0F-49A0-9F56-754B95A04A21} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4226B387-8A0F-49A0-9F56-754B95A04A21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1219653-2846-4D06-92FB-00C16CC07DF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1219653-2846-4D06-92FB-00C16CC07DF3}" => Key deleted successfully.
C:\Windows\System32\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4b668761-96e2-450d-8bc3-266a3f247e4b" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C142C021-930B-474A-848E-26F581FD4B4A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C142C021-930B-474A-848E-26F581FD4B4A}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2B6206-B2D6-4843-A042-9B78300C5BC4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2B6206-B2D6-4843-A042-9B78300C5BC4}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0364C91-7AF2-4D23-AAA8-65D3450A2303}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0364C91-7AF2-4D23-AAA8-65D3450A2303}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5616850-1599-4C40-A51E-A9E8B397080E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5616850-1599-4C40-A51E-A9E8B397080E}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E39AB245-4C69-4236-A382-AD9521E89A1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E39AB245-4C69-4236-A382-AD9521E89A1C}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E897229E-2652-4711-85E9-865D467B1BFA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E897229E-2652-4711-85E9-865D467B1BFA}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB79A4CE-7038-439E-A4A4-B2E26FDC26DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB79A4CE-7038-439E-A4A4-B2E26FDC26DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0f642111-f191-4567-ba69-d1744f9be5d2-3" => Key deleted successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-1.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-11.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-2.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-3.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-4.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-5_user.job => Moved successfully.
C:\Windows\Tasks\0f642111-f191-4567-ba69-d1744f9be5d2-7.job => Moved successfully.
C:\Windows\Tasks\4b668761-96e2-450d-8bc3-266a3f247e4b.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\Users\Banjo\AppData\Roaming\ZOPTBW.exe => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
"C:\Program Files\globalUpdate" => File/Directory not found.
C:\Users\Banjo\AppData\Roaming\OGAM.exe => Moved successfully.
"C:\Program Files\TotalPlusHD-3.1V05.12" => File/Directory not found.
"C:\Program Files\MyPC Backup" => File/Directory not found.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:56:38 ====


[Link mogu videti samo ulogovani korisnici]

Poslao: 24 Feb 2015 21:39
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

Poslao: 24 Feb 2015 23:34
Idi na vrh
offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Banjo on Tue 02/24/2015 at 23:28:56.33.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Banjo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2/24/2015 23:29:40 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\UnsignedThemesSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\HSDPA USB MODEM\USB Modem.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\vssvc.exe
C:\Users\Banjo\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k SDRSVC

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsrv.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice.exe
R2 - [RtVOsdService] - RtVOsdService Installer - c:\program files\realtek\rtvosd\rtvosdservice.exe
R2 - [UnsignedThemes] - Unsigned Themes - c:\windows\unsignedthemessvc.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amd_sata] - amd_sata - C:\Windows\system32\Drivers\amd_sata.sys
R0 - [amd_xata] - amd_xata - C:\Windows\system32\Drivers\amd_xata.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [AtiPcie] - AMD PCI Express (3GIO) Filter - C:\Windows\system32\Drivers\AtiPcie.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-02-23 17:43:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ativpsrm.bin
2015-02-23 17:04:53 5E89CCEFA790A4318966F49C038EA586 1180529 ----a-w- C:\Windows\unins000.exe
2015-02-23 17:04:53 0D43C5304BED9C84A9F6D1C453654A20 1233 ----a-w- C:\Windows\unins000.dat
2015-02-23 16:33:56 CB00A6ADEBF09A782BF0159A594EB8BF 43152 ----a-w- C:\Windows\avastSS.scr
2015-02-01 17:24:34 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagwrn.xml
2015-02-01 17:24:34 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagerr.xml
====== C:\Users\Banjo\AppData\Local\Temp ====
2015-02-24 17:03:15 C184C29CA97F5307056A32A03C46D0F0 6245888 ----a-w- C:\Users\Banjo\AppData\Local\Temp\AutoDetectUtilApp.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2015-02-23 16:34:08 8E1565ECF357447BC04737619CF010C4 291352 ----a-w- C:\Windows\System32\aswBoot.exe
2015-02-16 21:22:25 252536AC43206F69B785CD0FDE96D813 5070512 ----a-w- C:\Windows\System32\FlashPlayerInstaller.exe
====== C:\Windows\system32\drivers =====
2015-02-23 16:34:50 EE89A22FB9FEC2CCC8A58C3C5D3AAA73 91496 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-02-23 16:34:49 1624D5AD126B8AFE2B2E85E5B8364EB6 423784 ----a-w- C:\Windows\System32\drivers\aswsp.sys
2015-02-23 16:34:49 0E9DC85996E79F3E4F3AEEA44B65468A 206248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-02-23 16:34:48 E452BCDA6AB8EB5A1F7DF7CF06BA92E9 70384 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-02-23 16:34:48 C0E092CBE5644AE4B3C6CD7C5396DF86 24184 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-02-23 16:34:48 BCD184FF4CE25F1006A213C029671FEF 81768 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-02-23 16:34:48 8474B5D0A5AC05AF046DC4EA69FA44DE 49944 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-02-23 16:34:45 E73CBE3420ECFA8FF7D0467E170E335D 787800 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-02-23 16:34:41 32B1B4D92ED72EC649A1CEB47F97F898 26136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
====== C:\Windows\Tasks ======
2015-02-23 16:34:58 E64040270B85912A5E530EFF99DC3D94 4182 ----a-w- C:\Windows\system32\Tasks\avast! Emergency Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-02-23 17:42:46 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-02-23 17:41:14 -------- d-----w- C:\Program Files\ATI
2015-02-02 18:47:46 -------- d-----w- C:\Program Files\FreeTime
2015-02-01 17:49:05 -------- d-----w- C:\Program Files\HSDPA USB MODEM
2015-01-27 13:41:16 -------- d-----w- C:\Program Files\Counter-Strike 1.6
======= C: =====
====== C:\Users\Banjo\AppData\Roaming ======
2015-02-23 17:44:05 -------- d-----w- C:\Users\Banjo\AppData\Roaming\ATI
2015-02-23 17:44:05 -------- d-----w- C:\Users\Banjo\AppData\Local\ATI
2015-02-23 17:37:54 -------- d-----w- C:\Users\Banjo\AppData\Local\WindowsApplication1
2015-02-02 19:06:45 -------- d-----w- C:\Users\Banjo\AppData\Local\Ahead
2015-02-02 19:04:58 -------- d-----w- C:\Users\Banjo\AppData\Roaming\Ahead
2015-01-27 13:43:06 -------- d-----w- C:\Users\Banjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
====== C:\Users\Banjo ======
2015-02-24 17:02:00 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Banjo\Desktop\AdwCleaner.exe
2015-02-23 17:44:05 -------- d-----w- C:\ProgramData\ATI
2015-02-23 17:42:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-02-23 17:17:55 B87E1E2B84C4EEE3656A0DED4C0B1C43 1127424 ----a-w- C:\Users\Banjo\Desktop\FRST.exe
2015-02-02 19:04:45 -------- d-----w- C:\ProgramData\Ahead
2015-02-02 18:48:34 -------- d-----w- C:\Users\Public\Documents\Baidu
2015-02-02 18:48:34 -------- d-----w- C:\ProgramData\Baidu
2015-02-01 17:49:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HSDPA USB MODEM
2015-01-27 13:43:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

====== C: exe-files ==
2015-02-24 18:25:49 C5FD49B0561203A17BBF947738CB124A 41186896 ----a-w- C:\Program Files\Google\Update\Install\{59DD5687-BFB5-4E29-8A23-D487A9BD4514}\40.0.2214.115_chrome_installer.exe
2015-02-24 18:25:48 C5FD49B0561203A17BBF947738CB124A 41186896 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_chrome_installer.exe
2015-02-24 17:05:01 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-02-24 17:05:01 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-02-24 17:05:01 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-02-24 17:05:01 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-02-24 17:04:57 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-02-24 17:04:56 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-02-24 17:04:56 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-02-24 17:04:56 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-02-24 17:04:52 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\Install\{34F3F759-148C-4A21-B238-19DED3A51762}\GoogleUpdateSetup.exe
2015-02-24 17:04:52 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
2015-02-24 17:03:15 C184C29CA97F5307056A32A03C46D0F0 6245888 ----a-w- C:\Users\Banjo\AppData\Local\Temp\AutoDetectUtilApp.exe
2015-02-24 17:02:00 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Banjo\Desktop\AdwCleaner.exe
2015-02-23 17:33:49 C686023C6B6F9E607C8BFC97E2D5D965 1545207 ----a-w- C:\Users\Banjo\Desktop\Igrice & Programi\Programi\DDUv120-Guru3D.com].exe
2015-02-23 17:17:55 BAD89F8B52E701DD223684F5B63C06BB 1126912 ----a-w- C:\Users\Banjo\Desktop\FRST-OlderVersion\FRST.exe
2015-02-23 17:17:55 B87E1E2B84C4EEE3656A0DED4C0B1C43 1127424 ----a-w- C:\Users\Banjo\Desktop\FRST.exe
2015-02-23 17:04:53 5E89CCEFA790A4318966F49C038EA586 1180529 ----a-w- C:\Windows\unins000.exe
2015-02-23 16:34:08 8E1565ECF357447BC04737619CF010C4 291352 ----a-w- C:\Windows\System32\aswBoot.exe
2015-02-23 16:01:57 D24A2D2FB7D67DEF4DBE06C3304A2BE2 5040384 ----a-w- C:\Users\Banjo\Desktop\Igrice & Programi\Programi\avastclear.exe
2015-02-20 23:27:37 58E286356ED95579127915341D05544A 9052192 ----a-w- C:\Users\Banjo\Desktop\Igrice & Programi\Programi\CheatEngine64.exe
2015-02-19 20:52:26 45D44A7710432FB898BED8EE8CBA10B8 5325208 ----a-w- C:\Users\Banjo\Desktop\Igrice & Programi\Programi\ccsetup502.exe
=== C: other files ==
2015-02-24 17:54:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Banjo\AppData\Local\Temp\gmp-gmpopenh264.zip
2015-02-23 16:34:50 EE89A22FB9FEC2CCC8A58C3C5D3AAA73 91496 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-02-23 16:34:49 1624D5AD126B8AFE2B2E85E5B8364EB6 423784 ----a-w- C:\Windows\System32\drivers\aswsp.sys
2015-02-23 16:34:49 0E9DC85996E79F3E4F3AEEA44B65468A 206248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-02-23 16:34:48 E452BCDA6AB8EB5A1F7DF7CF06BA92E9 70384 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-02-23 16:34:48 C0E092CBE5644AE4B3C6CD7C5396DF86 24184 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-02-23 16:34:48 BCD184FF4CE25F1006A213C029671FEF 81768 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-02-23 16:34:48 8474B5D0A5AC05AF046DC4EA69FA44DE 49944 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-02-23 16:34:45 E73CBE3420ECFA8FF7D0467E170E335D 787800 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-02-23 16:34:41 32B1B4D92ED72EC649A1CEB47F97F898 26136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s"
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"AMD AVT"="Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AMD AVT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AMD AVT"
"hkey"="HKLM"
"command"="Cmd.exe /c start \"AMD Accelerated Video Transcoding device initialization\" /min \"C:\\Program Files\\AMD AVT\\bin\\kdbsync.exe\" aml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BTMTrayAgent"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\Program Files\\Motorola\\Bluetooth\\btmshell.dll\",TrayApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TornTv Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TornTv Downloader"
"hkey"="HKCU"
"command"="C:\\Users\\Banjo\\AppData\\Roaming\\TornTV.com\\Torntv Downloader.exe /c=startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UIExec]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UIExec"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Join Air\\UIExec.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Banjo\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Banjo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TornTvDownloader.lnk]
"path"="C:\\Users\\Banjo\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TornTvDownloader.lnk"
"backup"="C:\\Windows\\pss\\TornTvDownloader.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Banjo\\AppData\\Roaming\\TornTV.com\\TornTV Downloader.exe /c=startup"
"item"="TornTvDownloader"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/16/2015 22:22]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [01/25/2015 21:01]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
user_pref("browser.startup.homepage", "www.google.co.uk");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/23/2015 17:34]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/23/2015 17:33]

ClipMonkey - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Banjo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
Google Slides - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
ClipMonkey - Banjo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh
ClipMonkey - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 02/24/2015 at 23:32:19.00 ======================

Poslao: 25 Feb 2015 00:11
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

jhodopgnkbcmfgggehanaepcofglnboh;chr
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

Poslao: 25 Feb 2015 16:50
Idi na vrh
offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Banjo on Wed 02/25/2015 at 16:17:30.33.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Banjo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-02-24-223219.log 27106 bytes

==== Empty Folders Check ======================

C:\Program Files\FreeTime deleted successfully
C:\Users\Banjo\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{107845E0-155A-495C-87BB-2E95B8F8722} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1435992F-89C3-4523-8ED6-D5BF4860723A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{157878C7-3AE1-472D-B14E-D4F3A3FF68B4} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{165CA213-FADB-498F-AD89-5270DD35AB62} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{175BAD96-A1E9-4096-A69A-1514773C3642} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1807477C-1799-4393-8B55-90B33BBD72B8} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{198034BB-ED8D-4F40-BAFD-CB2F4B39A2D7} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B6BD287-F453-4459-B65E-9E17F6220FC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B6F7B64-F652-4D77-9EFC-A5BD4BC3377B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B727E09-8049-4A34-9263-C92BA891782E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B7611C9-2108-4F74-BE85-E5B047EBF1D4} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BEF3453-542F-40ED-A33D-4D987523E66F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C9F556C-F592-40DF-BBDD-A37455AB298} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EA7496F-70D5-4308-A72E-F07BC7C14FD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{217CA805-29AC-436F-8C13-41106D836599} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22BE891D-2802-414E-9ED3-7FC020EB3D59} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{245804C-6412-49BE-B452-943FE687E95C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2862014E-FFC2-4F2C-A7F0-337891295031} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29ADC78F-2CBA-4E1D-BEF8-753B9D746F10} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B300741-2B23-4974-9DEE-4BB9EDA9BD36} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BB700F5-6E87-4973-A925-D9DB27A4FD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E1012F1-38BD-4DEE-B944-AD3F4EB6B1B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EA69DFF-3FD6-443D-9289-3A99975D1F99} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F65E5E7-141E-4F89-AB89-2B889AF092B0} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D925D2-83AD-438F-AC6E-E8C14F4DE4} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{347829ED-53B1-46E8-B579-AF40B9FA2129} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3506610F-4AD5-4EE3-BE2A-B868A146A06A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35B7BC81-7CE7-4833-9539-2878A7D778D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{366539EA-8C51-4CF9-B5DE-98EFDA8467F5} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38AA3EA6-80E7-4C2F-8927-67E5B0D9F64C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{393A9985-2AFA-4320-8043-4918A6F6A78C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39F0CE36-7132-4FAB-8C72-9DCE37A86FEE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A05107E-8E32-404C-813A-4937A5B8C6A6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B161FAE-F780-43FE-9052-33B352443AD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C851BE5-2A4B-4793-B234-89D26F3AB03D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d5c7f15-9a5a-4a41-b7bd-95070c658e32} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D8740B8-BE71-44D4-8AA-3B753CDD5736} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43BDEDC-69E7-46B0-9065-61EB639870E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{442326D0-7E08-4B84-B84C-DCF2777B10F0} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45476650-CEB3-4254-B3B5-3B24BB1361D7} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46412E59-3BE-46FB-A8ED-DEC169218C89} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46A3A4AF-670D-4E38-B6A8-1226E58B84F9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4713ED45-18-4BC4-B41E-14D540C96D19} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4866589B-5BD1-4D64-A8EC-FA385D98F0AF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48F08F93-89BB-4BAC-B691-51B27E9A4AF3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B33D551-C20C-475D-90EE-ABAB6437CE5E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B66468D-B8C2-4A95-86F0-1BA064521871} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B91B03D-702E-473E-A99D-E63513F8559} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BB59E6B-B7B9-4872-A7D1-22C33F1D87} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C064326-F29C-4FD0-96A-48C6C0D93945} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F0BC21B-C24B-49B7-9336-ACFE5FD5F4EF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{505791C4-98FF-4BA5-85AD-3B6E40D03C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5079DF7C-F55A-4278-9AA6-5DE47011F12D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{512E176B-2A31-484D-AF1A-A4E796F2567} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5141CB79-D848-4E9E-98CB-E36D2E54DAA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5180BDBD-5ACC-47F9-B219-74A3DCA9966D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52947AD8-5D9A-4EB4-9DF3-7EEAF639BEE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53105E5D-6847-4380-88BB-D343CD6E7C23} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5460CE6E-A263-41D9-A160-D49CB31C181E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54C156F1-12B5-4501-906A-7F76149A4F6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{585DED9C-53B9-434D-879A-C965D1491FD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5960BF73-7A65-4A89-B513-F37BE946FC1D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A070FD9-A691-4BB7-B639-9623CDA73C20} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B76A36C-3E0D-490F-8D94-398DD18B1865} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C27DAD0-19A3-46FA-8B74-181E3693C41D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C361818-6C75-4FF0-B2D2-A4DB92DCCA93} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E2C7A61-D7E9-4C1A-97F5-A42F2EE8AF69} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F230E08-1BF8-41C0-ABD-347C9C3A8060} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FA4FC9F-C450-4B20-B9CB-10102B6F95BB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{606C816-1D5B-462A-81E0-C6DF98349CD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60922C5F-41F-4637-BBB9-DBB9E2ED85C3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{609EE5EA-DA3F-441D-BA66-B0D864C6F9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6138A18C-D613-48DB-81E4-A9A98677DF2} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6261116E-869F-4FAA-82E0-9AC88D91727} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626F8BBE-122A-4852-A4F0-D214717A6DD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67CEFFB1-27F9-4010-9C9D-B62ABA1835B5} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68CEE57C-2EB0-4A30-A831-98353C2C5079} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69031538-DA88-4A6B-9ED4-B8F241C4662} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69CD53E3-8BFE-4372-BB12-ED82ADB47C8} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69EB3DB8-3456-4613-8B14-E814329DBBE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A239820-C4E5-4AF4-944F-DDD77CD32ECF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B8129A0-7583-4565-BC38-5E29964D463C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CB08CFA-7A26-4BCE-9B9F-FB7A8D7B3DD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D2F59F3-B24D-44DE-8ADF-15EBB5E3C6ED} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E6FC783-39AA-4E7D-BCAF-19AA8AE51B79} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ED7E0E9-EA76-4E9E-8EBE-CC14A329B72} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EF80E9B-A99C-45FB-888C-2DE4959396} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F6007FD-7067-47E7-9367-5BF5B55559} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71804B1-B295-4A64-9486-EEA53CC2FF3E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{719C7483-2012-4FDE-9157-4B9951DFDC3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71EA7D7C-C76-4A4C-9560-C8A6F1E6F9E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7331EEDB-E0CD-410C-951E-7A55B7C4997B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73EABB10-E789-4BE4-81E1-E534036CE92} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75D6349-BB6A-4886-804A-EAA3B567F8B8} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76D7B345-71A9-422B-AA20-CA7CE9345D7C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7714E1E3-101C-44E6-B782-E81CE3A7BDE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A1EEDB-4606-48D4-A998-97ABC4B911AB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78B55-2AA2-4C64-985B-DF7DB233704F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78C35A69-3FE5-4AF1-993-B79FEF5B418D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A55A01F-3DDF-47E9-BA74-E04F45B27B69} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A816C87-F9E0-41D9-9974-9A664A7479D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ABE2E20-1142-403B-8712-497F76E3D644} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7BD255D-3BB6-471A-B416-8CBBB6E748B1} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EC0AE0C-C195-464A-B5B7-F011568CE923} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F13EB90-D34D-42CE-B7AC-DDB1B18A4DF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805662FB-84EC-4E5A-9C3F-7CB36F901D56} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{830CB759-FF57-4686-B3F-364192C75497} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83108BD0-4078-4409-AD40-FB24905FBC2} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{840ACE31-DCAA-4398-82D5-699154118245} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85995557-EF25-4591-BD87-764152B436F1} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86F9F147-E02E-4EBA-911D-EE5C3172E2DC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A2090FA-6FD9-455A-A05F-4F63F2AB2CA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B6865D1-3C6D-4A5C-8D2-364E5E792B3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D353889-1A3D-46AB-A535-A723C9358656} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D60AD03-96FA-4225-8341-C5D43F9682AA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9001E095-F366-4F29-AE19-4D79755FFDF6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{907F4DE9-74CA-4293-AA3D-80117E65503E} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{913E5FE8-2BE2-4712-8313-F252CE2D7DB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{920FEDE7-1E5B-41BD-AF8D-6B81A065F1D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9276EDFD-1E3D-47C7-A69F-2572F437E1D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92FB397D-1036-4D2C-9A7E-C075A92AECF3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F38EEF-7D80-4432-B77C-8E9225E6E6CA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9760A63C-9A1A-4481-A427-DEFCE3568CC1} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97AB7A4-DE84-4802-9AD9-F093CE5B0F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FE20CF-FE1A-439E-93B8-F34036996A10} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{990677AE-1F77-4469-9F31-11395D4231BA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C01945A-7858-4E7F-A8A5-C94DE76236DC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F32F03F-8C6F-435B-B12F-1F9491465897} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FBC021C-A73F-401A-9346-8654ABA6EE3B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A064247B-F749-43AD-8B7F-F9DA48F2D3C3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0A33547-1CFE-4DC0-946E-3AC75C65B7C0} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0C8F031-917-4DCD-8598-593D2AC4477A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2587ADC-9E0B-44E1-8467-948B676957B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A272A081-69FD-42E4-985B-E85F4597BA7B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A49F12ED-FB69-461C-B564-B46065B6D1F9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6AB35AC-D95F-41DB-A4E5-87AD8384B56} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7b1bb2a-db73-4c48-8c46-995b50f10d6c} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A875CB82-6A78-4A49-A53B-FD9A1945593C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9B5A297-E3B0-4A3B-8971-4D70335B49F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA5CF03C-4ED0-41AE-8762-199560FFEEEF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AACBB0E6-5058-4746-82F3-8A51D52795DA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACD91799-6643-4264-B4A1-48C0E1FD5D9B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02943F5-52D8-4E21-B193-36C3D98D64A6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02E9E11-B05A-4B1B-A23E-51AFE7CF87ED} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1D09D45-868A-479A-9D20-4AE622E94AD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B22907A8-C122-496E-BBFF-A0F13235599} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2730BAA-8D79-41D2-B8E2-B0DFED65CA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B28663F0-A197-461E-951C-12D877371B33} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2F3DCF5-E930-4B55-8C57-51565276EBA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B434C886-D4B9-4771-B011-79656418242F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B449890E-1A19-4A3C-9996-E2C0C74AFF39} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B887580A-909-4731-84EF-9CD3D9241E2C} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9880CDC-5CFD-455D-9BF0-675ADA97E18} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9B438F3-D67D-4F07-8FD1-815DC7D83077} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9DC88C0-DB2B-49F7-A648-6961383C04F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB1E95B4-B785-4CBE-9A69-D7F92FDD5552} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB201C46-8CEE-4220-BBF2-B2A182EBFB58} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC27B48F-623D-419C-ABAF-C1DBD9FFB379} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCB8C481-5CFD-4591-AE76-931CE371288F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD306B3E-65C1-4B00-B1D0-B8E5E882BFD8} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFFF44E2-92B5-46B9-A613-A18A9518201A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0C1F841-1147-4332-A99-14B1AFD87568} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C12E9D04-FDFC-456F-95BC-902FE73B5} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1723E5E-FA34-433B-AFBB-DFDD9F89CAC9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3578358-1854-49B0-8E55-B1283E658A23} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C36A92BF-D847-4043-B0CF-D3C83B1E49AE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4EAF962-DE3B-4CE5-B1F3-A558DEE1B2CE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB19E5DF-86B-48E7-89FB-24747B21EEC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBC7B977-2018-4BF1-A38E-A380C674E97} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC779274-B197-4D7F-AE88-A97CC9BE973} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEAD9198-400-4755-B21-16848C935B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF766E29-AB14-4FA7-AC3B-28A1813F1D76} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFF295FF-4CCF-4C73-AF5E-BEF0ED165AC9} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4777811-7CD6-4217-AAA4-9E6911CCAA5} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5171819-C1EE-4BF8-83B5-E64292792B45} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9420441-E1CB-4014-A896-C7F74E542DB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAE0AFDB-AE9C-4665-AD57-941EDC40D711} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC4E336-5E8F-4E3A-A283-CF2941427E65} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E11C9D27-39EA-4E3B-A39-A445FB6B92FD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1EDE0B-3A85-48E5-A925-79862412FCA7} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2739DA-62EE-4395-9919-D0922B06ABE} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2B24533-DD33-4C89-B28D-E984695D15BB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E36DDC5D-CB8E-4838-9D80-59C24FE5A49} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3A9FD26-C87F-4ACD-8AAB-265597D14F3} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4106406-784D-4E51-9CFF-E828EDA1A57A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E53B8F8D-C853-44B6-A4D8-B44A6E1A7711} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7314DA4-4CAD-4271-B922-5999CD80682B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E76F06D9-58F8-47AA-A3AF-7A835A1D9EA} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E84E3A48-42C9-48F0-8FA5-0729646E6CB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9EA7296-CEA4-4087-997A-58283ABD3255} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB2FF11-FA99-457A-B7A-542B4D2E327} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED52844A-67F1-43CF-B17E-89D33D9E8EAD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE11E5E-BFE3-4A8A-A9D0-C61656D8456} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEAAAF15-CFFF-4095-A5AE-90E46D46594} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEFEA177-D181-4DC9-9425-B4C6E433C14F} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF582BB6-8CEA-4733-AF89-F0B04CCAD9EF} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0160BD8-44B9-450F-B3F9-D064BBFD445A} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0770D8F-F47E-4674-AE59-D062A386D510} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0929248-61D1-48AB-91D-DBC36B965D8B} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F215AE71-CC95-4944-A6F4-3321C0E2BBD} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3BB785E-C93B-4997-A0A3-C427D446A9A6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3C5942B-9715-4F67-AAAB-5BE0FF82C4F2} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3D6AD25-974E-4E27-B011-78E05AC7F8BC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4B29207-E2C4-4AF0-9E52-DE8F97A6E26} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F55397D8-7D91-40D0-AB63-C1D762775256} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6E281FE-AFE-4596-AC61-62253B464BC} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F772F1F4-39BD-4693-B2DB-DCE962E8196} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7E3EEF6-F5D-4907-9BBA-AAADD9292935} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9DB01C-24BA-4028-969-706B5611F72} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9E127FD-A99F-4EB6-8B52-13ED3A335BF6} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBB956A5-A08E-47B3-88F0-1373B6597D81} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBE99A40-2B70-4474-8E3B-293E452655} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBEC842C-8719-4C54-B954-3F8F99F8AEB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC34B56D-B34A-43F4-ABC9-CFE9F8E3D9D} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCE665CC-C1E9-433F-B264-6D69B6A12FB} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD89665B-75EC-4216-BDB-90C5465C5F4} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE353B07-C9F-4A64-8534-5A21F5DA76D0} deleted successfully
HKEY_USERS\S-1-5-21-2945771310-202216555-3696022800-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE53E862-B20A-45DC-A550-6331E391853E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d5c7f15-9a5a-4a41-b7bd-95070c658e32} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7b1bb2a-db73-4c48-8c46-995b50f10d6c} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\FreeTime not found
C:\Program Files\Temp deleted
C:\PROGRA~2\BSD deleted
C:\PROGRA~2\Baidu deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\User deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
user_pref("browser.startup.homepage", "www.google.co.uk");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/23/2015 17:34]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\6iol3vw6.default
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Banjo\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Banjo\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Banjo\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/23/2015 17:33]

Google Slides - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Banjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TornTv Downloader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Banjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Banjo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=8 81701 bytes)

==== Empty Temp Folders ======================

C:\Users\Banjo\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Banjo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Banjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Wed 02/25/2015 at 16:36:21.64 ======================

Poslao: 25 Feb 2015 18:02
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje sistema?



Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Poslao: 25 Feb 2015 21:05
Idi na vrh
offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Stanje sistema je odlicno
Laptop koristim samo za gledanje filmova,slusanje muzike,za rad i internet

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
[Link mogu videti samo ulogovani korisnici]

Database version:
main: v2015.02.25.06
rootkit: v2015.02.25.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Banjo :: BANJO-PC [administrator]

2/25/2015 20:24:20
mbar-log-2015-02-25 (20-24-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 328082
Time elapsed: 17 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Banjo\Desktop\Igrice & Programi\Programi\Nero 7.10.1.0 By M3ZKAL\Nero 7.10.1.0 Keygen.exe (RiskWare.Tool.CK) -> Delete on reboot. [941624fe593116200dd96f0831d19a66]

Physical Sectors Detected: 0
(No malicious items detected)

(end)


[Link mogu videti samo ulogovani korisnici]

Poslao: 25 Feb 2015 22:18
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi onda bilo to.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

MyCity » Ambulanta -> Arhiva Ambulante » Provjera

Ko je trenutno na forumu
 

Ukupno su 982 korisnika na forumu :: 162 registrovanih, 13 sakrivenih i 807 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, AleksandarV, Alojzije, amstel, aramis s, ArchaBasha, Aristotle2002, Armadillo, as2025, Asteker, atmel, AudioTehnica, babaroga, Banovo Brdo, blue, bojan_t, bojank, Bojke549, Boris.A, Boris90, bukefal, C-Gun, Carl Gustaf, cavatina, Chainsaw, chichabg, Cicumile, Comisa, cuvarkuca, cyprus, debeli, dejan1972, Dekanovic, deLacy, Denaya, Desmond, Dioniss, Django777, DJUNTA, Dokon Pop, draganca, dragisa dragisa, Drugard72, dukikan, dulleo, Dusko_Dugousko, Dzigy, Dzoni2412, Džekson, Fliper, gasha, Gheljda, Goxy1, Hans Gajger, havoc995, Heavy Jerk, HogarStrashni, HrcAk47, invictuss, Jan, Jaz, Joja, kaisarevic1, Kajzer Soze, kalens021, Kalu128338, kapela, karevski, Kazablankasrb, Kibice, Kichma, KizJ, kolateralnasteta, Konda, Kruger, kuntakinte, Kupresko polje, lakson001, lord sir giga, luka35, Magistar78, Malik, Marko Marković, marko.markovic, marsi, mercedesamg, miki69, Milan A. Nikolic, mile33, milenko crazy north, milutin134, mist-mist, Mitogna, Mitraljeta, Mićko, moldway, morava_01, Muki 123, Nadla, Naj-Turs, narandzasti, nebojsag, nick79, NislijaBre, nixos, Njubara, Nmr, nobutado, nuke92, Ognjen D., OgnjenMitric, operniki, Papadubi, Parker, pisac12, Plavi Jadran, Posmatrac77OKB, Prašinar, proljece, raketaš, rodoljub, sales, Samo gledam, sasa76, Sass Drake, sevenino, Sevetar, Sharpshooter, Siti2, Sky diver 29, Solunac na steroidima, sova72, Steeeefan, stefan95, Stoilkovic, tanakadzo, Tandrkalo, tmanda323, tomo2, Topaz9, Toper, trutcina, v0idmp3, VBoss, veljkovicdani, vensla, vlada035, Vlada76, vladak57, vladulns, vojnik švejk, Volkhov-M, VP6919, vzd1389, Zanzibar, zdrebac, Zec, zil10, Zjmc, Zoran Rapajić, zzeljko, zziko