MyCity » Ambulanta -> Arhiva Ambulante » Reklame iskaču kao lude

Reklame iskaču kao lude

Napisano na dan: 24.11.2014

Strana:
1
2
3

Reklame iskaču kao lude

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Mirabe Poslao: 24 Nov 2014 19:34 Idi na vrh
offline Mirabe Građanin Pridružio: 30 Dec 2008 Poruke: 193	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Od juče su počele da mi iskaču reklame i to nenormalno,znači jedna preko druge.Isto tako sami od sebe mi se nude razni programi da ih skinem.Pošto nas troje koristimo ovaj kompjuter,pretpostavljam da smo nakupili raznog smeća po internetu. Prilažem izveštaj: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01 Ran by mirjana (administrator) on MIRJANA-PC on 24-11-2014 19:17:42 Running from C:\Users\mirjana\Desktop\Downloads Loaded Profiles: mirjana & Nikola (Available profiles: mirjana & Nikola) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\SoftwareUpdater\Upd4terSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (BitTorrent Inc.) C:\Users\mirjana\AppData\Roaming\uTorrent\uTorrent.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Acresso Software Inc.) C:\Users\mirjana\AppData\Local\Temp\{84EB28DC-1744-4872-8219-7B04FC549523}\Sims3EP10Setup.exe (Acresso Software Inc.) C:\Users\mirjana\AppData\Local\Temp\{F73CE32D-B69A-4644-A7D3-3560C9ECB884}\ISBEW64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-17] (SUPERAntiSpyware) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [uTorrent] => C:\Users\mirjana\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\MountPoints2: {47ad14e4-b2b6-11e3-9ce7-806e6f6e6963} - F:\Run.exe HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\MountPoints2: {fa0a40e1-b292-11e3-ac22-74d4353a995d} - G:\setup.exe /autorun HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\...\Run: [se] => "C:\Users\Nikola\AppData\Roaming\SkypEmoticons\SE.exe" /minimized HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\...\MountPoints2: {fa0a40e1-b292-11e3-ac22-74d4353a995d} - G:\setup.exe /autorun AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL File Not Found GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/ HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1BB6D04D8246CF01 HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page = services.freshy.com/general/newhometab.php?.....&guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&i= HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = t.msn.com/ HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99853C4A827ACF01 HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = services.freshy.com/general/newhometab.php?.....&guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&i= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = mystartsearch.com/web/?type=ds&ts=1.....41D&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = mystartsearch.com/web/?type=ds&ts=1.....41D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = mystartsearch.com/web/?type=ds&ts=1.....41D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = mystartsearch.com/web/?type=ds&ts=1.....41D&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe mystartsearch.com/?type=sc&ts=14167.....XXZ340Q41D SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1001 -> {B707381A-E2F9-498D-AB1B-10B04E40D329} URL = trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN40283392861604427&UM=4 SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> DefaultScope {2667FCCE-DEB4-41D2-92CA-534E8292675D} URL = search.findwide.com/serp?guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> {2667FCCE-DEB4-41D2-92CA-534E8292675D} URL = search.findwide.com/serp?guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> {AD5E7C6E-576F-4A13-8FFA-639A61C76F99} URL = search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11147 SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS BHO: Senses -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Senses\Senses-bho64.dll () BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll () BHO: YoutubeAdBlocke -> {5cdd0664-1187-469b-874e-47946ea9c1cb} -> C:\Program Files (x86)\YoutubeAdBlocke\9LA3wavPCxZeRV.x64.dll () BHO: GoSave -> {a026fb29-63a6-45db-be6a-f7265e210080} -> C:\Program Files (x86)\GoSave\JcUFeJnFEs0rFw.x64.dll () BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File BHO-x32: Senses -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Senses\Senses-bho.dll () BHO-x32: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll () BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: SourceApp -> {9f7ab9c4-4da3-440e-ba84-95903165f129} -> C:\Program Files (x86)\SourceApp\SourceAppbho.dll No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1578651779-4044669291-1851725983-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> No Name - {6850E5FA-A5BC-4E5D-98BF-2F0105860AEA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1578651779-4044669291-1851725983-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF user.js: detected! => C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\user.js FF Extension: iWebar - C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\Extensions\ROUAILDE73397174@UXGZI17268980.com [2014-11-23] FF Extension: Senses - C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\Extensions\warnerroberts@hotmail.com [2014-11-23] FF Extension: PriceExpert - C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\Extensions\support@priceexpert.com.xpi [2014-11-08] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1416746688&from=smt&uid=ST2000DM001-1CH164_Z340Q41DXXXXZ340Q41D" CHR Profile: C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28] CHR Extension: (Browse Coupon) - C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2014-10-15] CHR Extension: (GoSave) - C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda [2014-10-15] CHR Extension: (Google Wallet) - C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-24] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-24] (Avira Operations GmbH & Co. KG) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-23] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-23] (globalUpdate) [File not signed] S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-11-23] (Cherished Technololgy LIMITED) R2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\Upd4terSrv.exe [123392 2014-11-21] () [File not signed] S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation) S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.) S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation) S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-23] (Disc Soft Ltd) S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-03-23] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-23] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-28] (Duplex Secure Ltd.) S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () R1 {2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64; C:\Windows\System32\drivers\{2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64.sys [48832 2014-11-22] (StdLib) R1 {610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64; C:\Windows\System32\drivers\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64.sys [48784 2014-11-22] (StdLib) U3 au1dotwf; C:\Windows\System32\Drivers\au1dotwf.sys [0 ] (Advanced Micro Devices) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-24 19:17 - 2014-11-24 19:17 - 00000000 ____D () C:\FRST 2014-11-24 16:03 - 2014-11-24 16:03 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\AMD 2014-11-24 16:00 - 2014-11-24 16:00 - 00002136 _____ () C:\Users\mirjana\Desktop\Minecraft.lnk 2014-11-24 16:00 - 2014-11-24 16:00 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2014-11-24 14:46 - 2014-11-24 16:21 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\.minecraft 2014-11-23 13:58 - 2014-11-23 13:58 - 00003164 _____ () C:\Windows\System32\Tasks\{EFDF3296-EFDD-4879-B57D-4921C43B60C5} 2014-11-23 13:56 - 2014-11-24 19:01 - 00006180 _____ () C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-6.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00005836 _____ () C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-7.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00005494 _____ () C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-11.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00004468 _____ () C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-4.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00003754 _____ () C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-1.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00003754 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-1.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00002764 _____ () C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5_user.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00002764 _____ () C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00002764 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5_user.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00002764 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00002420 _____ () C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-2.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00002420 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-2.job 2014-11-23 13:56 - 2014-11-24 14:29 - 00001338 _____ () C:\Windows\Tasks\AB.job 2014-11-23 13:56 - 2014-11-23 13:56 - 01539496 _____ () C:\Users\mirjana\AppData\Roaming\AB.exe 2014-11-23 13:56 - 2014-11-23 13:56 - 00009208 _____ () C:\Windows\System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-6 2014-11-23 13:56 - 2014-11-23 13:56 - 00008866 _____ () C:\Windows\System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-7 2014-11-23 13:56 - 2014-11-23 13:56 - 00008524 _____ () C:\Windows\System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-11 2014-11-23 13:56 - 2014-11-23 13:56 - 00007498 _____ () C:\Windows\System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-4 2014-11-23 13:56 - 2014-11-23 13:56 - 00006784 _____ () C:\Windows\System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-1 2014-11-23 13:56 - 2014-11-23 13:56 - 00006784 _____ () C:\Windows\System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-1 2014-11-23 13:56 - 2014-11-23 13:56 - 00005794 _____ () C:\Windows\System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5 2014-11-23 13:56 - 2014-11-23 13:56 - 00005794 _____ () C:\Windows\System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5 2014-11-23 13:56 - 2014-11-23 13:56 - 00005450 _____ () C:\Windows\System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-2 2014-11-23 13:56 - 2014-11-23 13:56 - 00005450 _____ () C:\Windows\System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-2 2014-11-23 13:56 - 2014-11-23 13:56 - 00004372 _____ () C:\Windows\System32\Tasks\AB 2014-11-23 13:56 - 2014-11-23 13:56 - 00000000 ____D () C:\Program Files (x86)\iWebar 2014-11-23 13:56 - 2014-11-23 13:56 - 00000000 ____D () C:\Program Files (x86)\45a2cf91-6499-4bbd-a461-df42dfc4c8c1 2014-11-23 13:55 - 2014-11-24 19:00 - 00005836 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-6.job 2014-11-23 13:55 - 2014-11-24 14:34 - 00004468 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-4.job 2014-11-23 13:55 - 2014-11-24 14:29 - 00005494 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-11.job 2014-11-23 13:55 - 2014-11-24 14:29 - 00005492 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-7.job 2014-11-23 13:55 - 2014-11-24 14:29 - 00004132 _____ () C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-3.job 2014-11-23 13:55 - 2014-11-24 14:29 - 00001344 _____ () C:\Windows\Tasks\ZRZYR.job 2014-11-23 13:55 - 2014-11-23 13:56 - 00000000 ____D () C:\Program Files (x86)\Senses 2014-11-23 13:55 - 2014-11-23 13:55 - 02030504 _____ () C:\Users\mirjana\AppData\Roaming\ZRZYR.exe 2014-11-23 13:55 - 2014-11-23 13:55 - 00008864 _____ () C:\Windows\System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-6 2014-11-23 13:55 - 2014-11-23 13:55 - 00008524 _____ () C:\Windows\System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-11 2014-11-23 13:55 - 2014-11-23 13:55 - 00008522 _____ () C:\Windows\System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-7 2014-11-23 13:55 - 2014-11-23 13:55 - 00007498 _____ () C:\Windows\System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-4 2014-11-23 13:55 - 2014-11-23 13:55 - 00007162 _____ () C:\Windows\System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-3 2014-11-23 13:55 - 2014-11-23 13:55 - 00004378 _____ () C:\Windows\System32\Tasks\ZRZYR 2014-11-23 13:55 - 2014-11-23 13:55 - 00000000 ____D () C:\Program Files (x86)\d0e20393-c4ce-435f-8fbe-e501162d4a5b 2014-11-23 13:51 - 2014-11-23 13:56 - 00000000 ____D () C:\Users\mirjana\Desktop\New folder 2014-11-23 13:51 - 2014-11-22 20:25 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64.sys 2014-11-23 13:47 - 2014-11-23 13:47 - 00003124 _____ () C:\Windows\System32\Tasks\{CE407C24-2FD9-4560-BD04-B72F234D6AE0} 2014-11-23 13:46 - 2014-11-23 13:46 - 00000000 ____D () C:\Users\mirjana\AppData\Local\globalUpdate 2014-11-23 13:46 - 2014-11-23 13:46 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-11-23 13:45 - 2014-11-23 13:59 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-11-23 13:45 - 2014-11-23 13:45 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-11-23 13:44 - 2014-11-23 13:57 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\mystartsearch 2014-11-23 13:44 - 2014-11-23 13:44 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper 2014-11-23 13:43 - 2014-11-23 13:48 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO 2014-11-23 13:43 - 2014-11-23 13:43 - 00000000 ____D () C:\Users\mirjana\AppData\Local\CrashRpt 2014-11-22 21:09 - 2014-11-22 10:24 - 00048832 _____ (StdLib) C:\Windows\system32\Drivers\{2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64.sys 2014-11-22 21:03 - 2014-11-22 21:04 - 00000000 ____D () C:\Program Files (x86)\SoftwareUpdater 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieUserList 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieSiteList 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieBrowserModeList 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 ____D () C:\Program Files (x86)\TNT2 2014-11-22 14:58 - 2014-11-22 14:58 - 00000848 _____ () C:\Users\mirjana\Desktop\Meridian Age of Invention.lnk 2014-11-22 14:58 - 2014-11-22 14:58 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meridian Age of Invention 2014-11-21 15:58 - 2014-11-21 15:58 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-11-19 12:40 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 12:40 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 12:40 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 12:40 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-14 17:05 - 2014-11-14 17:05 - 00000845 _____ () C:\Users\Public\Desktop\NBA 2K14.lnk 2014-11-13 06:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 06:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 06:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 06:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 06:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 06:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 06:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 06:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 06:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 06:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 06:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 06:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 06:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 06:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 06:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 06:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 06:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 06:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 06:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 06:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 06:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 06:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 06:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 06:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 06:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 06:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 06:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 06:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 06:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 06:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 06:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 06:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 06:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 06:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 06:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 06:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 06:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 06:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 06:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 06:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 06:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 06:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 06:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 06:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 06:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 06:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 06:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 06:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 06:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 06:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 06:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 06:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 06:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 06:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 06:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 06:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 06:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 06:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 06:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 06:18 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 06:18 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 06:18 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 06:18 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 06:18 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 06:18 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 06:18 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 06:18 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 06:18 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 06:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 06:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 06:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 06:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 06:16 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 06:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 06:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 06:14 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 06:14 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 06:14 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 06:14 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 06:14 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 06:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 06:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-10 19:34 - 2014-11-10 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 15:44 - 2014-11-10 15:44 - 00000907 _____ () C:\Users\mirjana\Desktop\Principi hronodijete.txt 2014-11-10 14:09 - 2014-11-12 18:16 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-11-10 14:09 - 2014-11-10 14:09 - 00001011 _____ () C:\Users\Nikola\Desktop\SpeedFan.lnk 2014-11-10 14:09 - 2014-11-10 14:09 - 00001011 _____ () C:\Users\mirjana\Desktop\SpeedFan.lnk 2014-11-10 14:09 - 2014-11-10 14:09 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo 2014-11-10 14:09 - 2014-11-10 14:09 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-11-10 14:09 - 2014-11-10 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-11-10 13:19 - 2014-11-10 13:19 - 00001179 _____ () C:\Users\mirjana\Desktop\AIDA64 Extreme.lnk 2014-11-10 13:19 - 2014-11-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2014-11-10 13:19 - 2014-11-10 13:19 - 00000000 ____D () C:\Program Files (x86)\FinalWire 2014-11-08 15:03 - 2014-11-08 15:03 - 00000000 ____D () C:\Users\mirjana\AppData\Local\JollyBear 2014-11-08 15:03 - 2014-11-08 15:03 - 00000000 ____D () C:\ProgramData\JollyBear 2014-11-08 14:56 - 2014-11-09 19:10 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Adobe 2014-10-29 10:33 - 2014-10-29 10:33 - 00003501 _____ () C:\Users\mirjana\Desktop\MTS_TwistedMexi_1463685_tmex-moveobjects.zip 2014-10-26 11:28 - 2014-10-26 11:28 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201410261128120925.log 2014-10-26 11:28 - 2014-10-26 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-10-26 11:28 - 2014-10-26 11:28 - 00000000 ____D () C:\ProgramData\ATI 2014-10-26 11:28 - 2014-10-26 11:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-10-26 11:24 - 2014-10-26 11:24 - 00000261 _____ () C:\Users\mirjana\cheats sims4.txt 2014-10-25 18:20 - 2014-10-25 18:20 - 16587909 _____ () C:\Users\mirjana\Desktop\1264964.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-24 19:17 - 2014-03-23 11:42 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\uTorrent 2014-11-24 19:16 - 2014-03-23 14:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-24 19:16 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-11-24 19:11 - 2014-03-23 21:28 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Skype 2014-11-24 18:59 - 2014-03-23 13:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-24 18:56 - 2014-03-23 17:50 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-11-24 18:56 - 2014-03-23 14:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-24 18:55 - 2014-03-23 11:49 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-24 18:55 - 2014-03-23 11:49 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-24 14:29 - 2014-10-15 13:07 - 00000462 ____H () C:\Windows\Tasks\SW-Booster-S-1530452449.job 2014-11-24 14:29 - 2014-03-23 14:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-24 12:18 - 2009-07-14 05:45 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-24 12:18 - 2009-07-14 05:45 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-24 12:15 - 2014-03-24 13:43 - 00690266 _____ () C:\Windows\system32\perfh00C.dat 2014-11-24 12:15 - 2014-03-24 13:43 - 00478818 _____ () C:\Windows\system32\perfh001.dat 2014-11-24 12:15 - 2014-03-24 13:43 - 00129844 _____ () C:\Windows\system32\perfc00C.dat 2014-11-24 12:15 - 2014-03-24 13:43 - 00094558 _____ () C:\Windows\system32\perfc001.dat 2014-11-24 12:15 - 2014-03-24 13:12 - 00696758 _____ () C:\Windows\system32\perfh007.dat 2014-11-24 12:15 - 2014-03-24 13:12 - 00148770 _____ () C:\Windows\system32\perfc007.dat 2014-11-24 12:15 - 2009-07-14 06:13 - 02992454 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-24 12:11 - 2014-03-23 13:54 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-11-24 12:10 - 2014-04-09 20:24 - 02208454 _____ () C:\Windows\PFRO.log 2014-11-24 12:10 - 2014-04-05 12:04 - 00214014 _____ () C:\Windows\setupact.log 2014-11-24 12:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-23 21:58 - 2014-03-23 19:12 - 02044736 _____ () C:\Windows\WindowsUpdate.log 2014-11-23 19:23 - 2014-07-22 08:57 - 00000000 ____D () C:\Users\Nikola\AppData\Local\Microsoft Games 2014-11-23 19:14 - 2014-03-23 13:20 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-11-23 17:44 - 2014-03-31 18:55 - 00000000 ____D () C:\Users\Nikola\AppData\Local\CrashDumps 2014-11-23 13:58 - 2014-03-30 15:38 - 00000000 ____D () C:\Users\mirjana\AppData\Local\CrashDumps 2014-11-23 13:57 - 2014-10-24 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\The Sims 4 2014-11-23 13:57 - 2014-03-23 14:30 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-23 13:57 - 2014-03-23 11:39 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-23 13:57 - 2014-03-23 11:39 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-23 13:57 - 2014-03-23 11:24 - 00001417 _____ () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-23 13:55 - 2014-03-25 00:27 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-11-23 13:48 - 2014-05-02 18:04 - 00000000 ____D () C:\ProgramData\TEMP 2014-11-22 22:50 - 2014-05-08 16:28 - 00000000 ____D () C:\Users\Nikola\AppData\Roaming\Skype 2014-11-22 21:09 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini 2014-11-22 21:04 - 2014-03-23 11:45 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-22 21:02 - 2014-03-27 10:28 - 00000000 ____D () C:\Users\Nikola 2014-11-22 21:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2014-11-22 14:58 - 2014-04-13 22:12 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\AlawarEntertainment 2014-11-22 14:50 - 2014-10-24 18:08 - 00000000 ____D () C:\Users\mirjana\Documents\Electronic Arts 2014-11-22 10:24 - 2014-06-21 18:31 - 00000000 ____D () C:\Program Files (x86)\Tropico 5 2014-11-22 10:22 - 2014-03-23 14:31 - 00000000 ____D () C:\ProgramData\Norton 2014-11-18 18:35 - 2014-03-23 16:10 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-11-17 16:42 - 2014-10-24 18:07 - 00001289 _____ () C:\Users\Public\Desktop\The Sims™ 4.lnk 2014-11-16 08:29 - 2009-07-14 06:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-15 22:51 - 2014-03-23 14:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 22:51 - 2014-03-23 14:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-15 16:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-14 22:22 - 2014-05-05 22:13 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-14 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA 2014-11-14 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-11-14 18:03 - 2014-04-21 09:42 - 00192075 _____ () C:\Windows\DirectX.log 2014-11-13 12:13 - 2009-07-14 05:45 - 00311760 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-13 06:22 - 2014-03-24 11:41 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-13 06:19 - 2014-03-24 11:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-12 18:59 - 2014-03-23 13:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 18:59 - 2014-03-23 13:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 18:59 - 2014-03-23 13:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 06:59 - 2014-03-23 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-06 09:51 - 2014-03-23 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-02 13:21 - 2014-09-24 23:53 - 00002852 _____ () C:\Users\mirjana\Desktop\tmex-moveobjects.zip 2014-11-01 04:11 - 2014-03-23 11:24 - 00000000 ____D () C:\Users\mirjana 2014-10-26 11:28 - 2014-03-23 14:22 - 00000000 ____D () C:\ProgramData\AMD 2014-10-26 11:28 - 2014-03-23 14:20 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-10-26 11:24 - 2014-08-15 15:16 - 00000000 ____D () C:\AMD 2014-10-25 13:07 - 2014-07-13 09:17 - 00000000 ____D () C:\Users\Nikola\AppData\Roaming\2K Sports Some content of TEMP: ==================== C:\Users\mirjana\AppData\Local\Temp\appshat_generic.exe C:\Users\mirjana\AppData\Local\Temp\AutoRun.exe C:\Users\mirjana\AppData\Local\Temp\AutoRunGUI.dll C:\Users\mirjana\AppData\Local\Temp\avgnt.exe C:\Users\mirjana\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\mirjana\AppData\Local\Temp\cabex.dll C:\Users\mirjana\AppData\Local\Temp\drm_dialogs.dll C:\Users\mirjana\AppData\Local\Temp\eauninstall.exe C:\Users\mirjana\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\mirjana\AppData\Local\Temp\OnlineWeatherSetup.exe C:\Users\mirjana\AppData\Local\Temp\Quarantine.exe C:\Users\mirjana\AppData\Local\Temp\sfamcc00001.dll C:\Users\mirjana\AppData\Local\Temp\sfamcc00002.dll C:\Users\mirjana\AppData\Local\Temp\sfamcc00003.dll C:\Users\mirjana\AppData\Local\Temp\sfareca00001.dll C:\Users\mirjana\AppData\Local\Temp\sfareca00002.dll C:\Users\mirjana\AppData\Local\Temp\sfareca00003.dll C:\Users\mirjana\AppData\Local\Temp\sfextra.dll C:\Users\mirjana\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe C:\Users\mirjana\AppData\Local\Temp\SkypeSetup.exe C:\Users\mirjana\AppData\Local\Temp\smt_mystartsearch.exe C:\Users\mirjana\AppData\Local\Temp\tmp7C50.exe C:\Users\mirjana\AppData\Local\Temp\tmp9899.exe C:\Users\mirjana\AppData\Local\Temp\tu17p84.exe C:\Users\mirjana\AppData\Local\Temp\unelevate.exe C:\Users\mirjana\AppData\Local\Temp\ytaiesmt.exe C:\Users\Nikola\AppData\Local\Temp\avgnt.exe C:\Users\Nikola\AppData\Local\Temp\SkypeSetup.exe C:\Users\Nikola\AppData\Local\Temp\sSetup-se.exe C:\Users\Nikola\AppData\Local\Temp\vcredist.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed Ne mogu da prikačim ovaj drugi fajl (zbog iskakanja reklama) pa sam i njega iskopirala: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01 Ran by mirjana at 2014-11-24 19:19:09 Running from C:\Users\mirjana\Desktop\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE) µTorrent (HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.) AIDA64 Extreme v4.70 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.70 - FinalWire Ltd.) AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.67.1076 - AB Team, d.o.o.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoSave (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: 2.3.0.1818 - ) <==== ATTENTION iWebar (HKLM-x32\...\iWebar) (Version: 1.35.9.29 - iWebar) <==== ATTENTION Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LOTR The Return of the King tm (HKLM-x32\...\{6E298B0A-558C-4138-0096-740677B382CD}) (Version: - ) Malwarebytes Anti-Malware verzija 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Meridian Age of Invention (HKLM-x32\...\Meridian Age of Invention) (Version: 1.00 - Alawar Entertainment) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - ) Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports) ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.) Rescue Team 4 (HKLM-x32\...\Rescue Team 4) (Version: 1.00 - Alawar Entertainment) Senses (HKLM-x32\...\Senses) (Version: 1.35.9.29 - Object Browser) <==== ATTENTION Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) SoftwareUpdater (HKLM-x32\...\SoftwareUpdater) (Version: - ) <==== ATTENTION SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SW-Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}) (Version: - Genuine P Software) <==== ATTENTION The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts) The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts) The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts) The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts) The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts) The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation) WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) YoutubeAdBlocke (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 2.2.0.1155 - ) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 24-11-2014 11:46:07 Scheduled Checkpoint 24-11-2014 17:25:22 Removed TheSims3EP11 24-11-2014 18:16:14 Removed TheSims3EP10 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {036343B9-4DE7-4F41-80F8-CF5C7D199A72} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5 => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-5.exe <==== ATTENTION Task: {0C1A63EB-9C01-423A-82DD-992C80527FDE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {19311330-0A82-46EB-99F9-C649C49DA34E} - System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-7 => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-7.exe <==== ATTENTION Task: {1D971E12-17E6-4A23-A363-B65713F9E4E8} - System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-11 => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-11.exe <==== ATTENTION Task: {24574219-E944-4636-8C84-902B8D4CBD7F} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-7 => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-7.exe <==== ATTENTION Task: {5C6F2582-69DC-4F24-9BDE-FA9F7354C613} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-4 => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-4.exe <==== ATTENTION Task: {60E4EC76-939C-4E41-B7E2-AD8511FB17D8} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5_user => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-5.exe <==== ATTENTION Task: {66352A52-1DA5-4659-B9C2-5E3E02D2F073} - System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-6 => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-6.exe <==== ATTENTION Task: {69DD4B89-C17F-4A9E-8235-E5D848CA14CD} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-2 => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-2.exe <==== ATTENTION Task: {72B3838E-8447-4DF1-B979-7FCEA282BD28} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-11 => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-11.exe <==== ATTENTION Task: {7CBB3570-1D7F-4653-B31B-BEB158735077} - System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION Task: {8183D4FA-5343-4F6F-96FF-16B351327E38} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-6 => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-6.exe <==== ATTENTION Task: {82FC34D7-CF35-41A1-AED2-944903440E6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated) Task: {8ADE0627-963D-4A25-8AFB-FB3848BC9A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.) Task: {8C0F63FF-986B-4FDA-B7C5-4B6E7265A11F} - System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5 => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-5.exe <==== ATTENTION Task: {8EBB2E52-F3C6-4DCD-A550-D516643B711B} - System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5_user => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-5.exe <==== ATTENTION Task: {997F15D2-81E1-48B6-8048-83D15E7811EA} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-1 => C:\Program Files (x86)\Senses\Senses-codedownloader.exe <==== ATTENTION Task: {9D9AE15F-FD15-46FB-9B36-6A98FB489830} - System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-2 => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-2.exe <==== ATTENTION Task: {B43879BD-ADE6-499B-9377-99719CB90D9D} - System32\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-3 => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-3.exe <==== ATTENTION Task: {B81190E0-A4C5-4850-91E1-94DB42191AA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.) Task: {D4FDF770-63DC-4034-884A-4CADA09C0F73} - System32\Tasks\AB => C:\Users\mirjana\AppData\Roaming\AB.exe [2014-11-23] () <==== ATTENTION Task: {E1585F22-FF9F-433C-9F99-4529DE2D0C9C} - System32\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-4 => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-4.exe <==== ATTENTION Task: {E388D7A5-6DA3-4436-AA80-0BB8FAA3BCF5} - System32\Tasks\ZRZYR => C:\Users\mirjana\AppData\Roaming\ZRZYR.exe [2014-11-23] () <==== ATTENTION Task: {E3C85347-45BA-4067-BA05-938A369B590E} - System32\Tasks\SW-Booster-S-1530452449 => c:\programdata\freeworldapp\sw-booster\SW-Booster.exe <==== ATTENTION Task: {FD77D810-37AF-4561-A7D3-6FCD15F21994} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-1.job => C:\Program Files (x86)\Senses\Senses-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-11.job => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-11.exe <==== ATTENTION Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-2.job => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-2.exe <==== ATTENTION Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-3.job => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-3.exe <==== ATTENTION Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-4.job => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-4.exe <==== ATTENTION Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5.job => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-5.exe <==== ATTENTION Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5_user.job => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-5.exe <==== ATTENTION Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-6.job => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-6.exe <==== ATTENTION Task: C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-7.job => C:\Program Files (x86)\Senses\28080a71-d443-414a-93fd-4317e0ebb38b-7.exe <==== ATTENTION Task: C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-11.job => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-11.exe <==== ATTENTION Task: C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-2.job => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-2.exe <==== ATTENTION Task: C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-4.job => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-4.exe <==== ATTENTION Task: C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5.job => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-5.exe <==== ATTENTION Task: C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5_user.job => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-5.exe <==== ATTENTION Task: C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-6.job => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-6.exe <==== ATTENTION Task: C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-7.job => C:\Program Files (x86)\iWebar\3b3d435e-37a5-4518-8a78-9d63de706c8d-7.exe <==== ATTENTION Task: C:\Windows\Tasks\AB.job => C:\Users\mirjana\AppData\Roaming\AB.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SW-Booster-S-1530452449.job => c:\programdata\freeworldapp\sw-booster\SW-Booster.exe <==== ATTENTION Task: C:\Windows\Tasks\ZRZYR.job => C:\Users\mirjana\AppData\Roaming\ZRZYR.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-11-21 10:10 - 2014-11-21 10:10 - 00123392 _____ () C:\Program Files (x86)\SoftwareUpdater\Upd4terSrv.exe 2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2014-11-10 19:34 - 2014-11-10 19:34 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-11-12 18:59 - 2014-11-12 18:59 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1578651779-4044669291-1851725983-500 - Administrator - Disabled) Guest (S-1-5-21-1578651779-4044669291-1851725983-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1578651779-4044669291-1851725983-1006 - Limited - Enabled) mirjana (S-1-5-21-1578651779-4044669291-1851725983-1001 - Administrator - Enabled) => C:\Users\mirjana Nikola (S-1-5-21-1578651779-4044669291-1851725983-1005 - Administrator - Enabled) => C:\Users\Nikola ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/24/2014 00:12:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/23/2014 05:43:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0xe64 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/23/2014 01:58:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: jsdrv.exe, version: 1.37.0.1412, time stamp: 0x5470d17e Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86 Exception code: 0xc0000005 Fault offset: 0x0000d1c8 Faulting process id: 0x13bc Faulting application start time: 0xjsdrv.exe0 Faulting application path: jsdrv.exe1 Faulting module path: jsdrv.exe2 Report Id: jsdrv.exe3 Error: (11/23/2014 01:56:12 PM) (Source: MsiInstaller) (EventID: 11309) (User: mirjana-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it. Error: (11/23/2014 01:55:33 PM) (Source: MsiInstaller) (EventID: 11309) (User: mirjana-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it. Error: (11/23/2014 01:51:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/23/2014 01:46:12 PM) (Source: MsiInstaller) (EventID: 11309) (User: mirjana-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it. Error: (11/23/2014 01:46:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x1bfc Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/23/2014 01:44:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x318 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/23/2014 01:44:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x1918 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 System errors: ============= Error: (11/24/2014 02:20:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (11/24/2014 02:17:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service. Error: (11/24/2014 00:11:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: UsbCharger Error: (11/23/2014 01:59:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Update SourceApp service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (11/23/2014 01:59:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Util SourceApp service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (11/23/2014 01:50:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: UsbCharger Error: (11/23/2014 01:48:32 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/23/2014 01:43:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The YouTubeAcceleratorService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/23/2014 08:31:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: UsbCharger Error: (11/22/2014 09:17:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Update allgenius service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (11/24/2014 00:12:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/23/2014 05:43:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425e6401d0073594ec9efbC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllea46816d-732f-11e4-8fca-74d4353a995d Error: (11/23/2014 01:58:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: jsdrv.exe1.37.0.14125470d17eKERNELBASE.dll6.1.7601.1840953159a86c00000050000d1c813bc01d0071d2e37f282C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1412\jsdrv.exeC:\Windows\syswow64\KERNELBASE.dll6cc57737-7310-11e4-8fca-74d4353a995d Error: (11/23/2014 01:56:12 PM) (Source: MsiInstaller) (EventID: 11309) (User: mirjana-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/23/2014 01:55:33 PM) (Source: MsiInstaller) (EventID: 11309) (User: mirjana-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/23/2014 01:51:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/23/2014 01:46:12 PM) (Source: MsiInstaller) (EventID: 11309) (User: mirjana-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/23/2014 01:46:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee80000003000014251bfc01d0071b4cbcc3ceC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb17e84b7-730e-11e4-9bf3-74d4353a995d Error: (11/23/2014 01:44:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee800000030000142531801d0071b46900439C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8675a727-730e-11e4-9bf3-74d4353a995d Error: (11/23/2014 01:44:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425191801d0071b36c10067C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll825fc176-730e-11e4-9bf3-74d4353a995d ==================== Memory info =========================== Processor: AMD Athlon(tm) X4 740 Quad Core Processor Percentage of memory in use: 34% Total physical RAM: 8141.79 MB Available physical RAM: 5369.43 MB Total Pagefile: 16281.75 MB Available Pagefile: 12775.38 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:15.7 GB) NTFS Drive d: () (Fixed) (Total:976.56 GB) (Free:850.51 GB) NTFS Drive e: () (Fixed) (Total:788.8 GB) (Free:770.54 GB) NTFS Drive g: (rld-nba2k14) (CDROM) (Total:7.01 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FBABECFF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=788.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-15 13:07 ==================== End Of Log ============================ Ako nešto nisam uradila kako treba,recite mi! Pozdrav!

Profil

magna86 Poslao: 24 Nov 2014 20:05 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Mirabe , dobrodosla 'amo kod nas. Dobro, malo si pomesala strukturu izvestaja prilikom kopiranja na forum ali nema veze, razumemo se. Idemo na sledece korake. Pristupi preko Start > Conrol Panel, Programs and Features i odatle pokusaj da deinstaliras/uklonis sledeci zlonamerni program: GoSave iWebar SW-Sustainer 1.80 YoutubeAdBlocke Ukoliko nesto od ovoga odbije deinstalaciju, prosto preskoci. A potom ... ................................................................... Preuzmi smeenk-ov zoek () sa ovog linka i sačuvaj ga na Desktop. Raspakuj arhivu u neki folder (uputstvo), a zatim: zatvori browser i ostale pokrenute programe; privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ; dvoklikom pokreni zoek na ikonicu programa ; pričekaj da se alat startuje ... Klikni na More Options dugme i stikliraj polje ispred sledece opcije: Auto Clean Napomena: Stikliraj samo navedenu opciju, ostale opcije ne dirati ! ! Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku.

Profil

Mirabe Poslao: 24 Nov 2014 20:44 Idi na vrh
offline Mirabe Građanin Pridružio: 30 Dec 2008 Poruke: 193	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo izveštaja: Zoek.exe v5.0.0.0 Updated 24-11-2014 Tool run by mirjana on 24.11.2014 at 20:22:35,68. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\mirjana\Desktop\New Folder (2)\zoek.scr [Scan current user] [Checkboxes used] ==== System Restore Info ====================== 24.11.2014 20:23:51 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\HitmanPro deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\mirjana\AppData\Roaming\Malwarebytes deleted successfully C:\Users\mirjana\AppData\Roaming\rmi deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B707381A-E2F9-498D-AB1B-10B04E40D329} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{039ba60f-f956-4e74-ab81-1459ef7e9b72} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10453452-4A93-4E92-A149-76FE54F8CF3B} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10453452-4A93-4E92-A149-76FE54F8CF3B} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{117371F1-2E5C-46B0-8116-AF7F79632C} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11A063A0-B397-49EC-A832-ED8E8AA72841} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11A063A0-B397-49EC-A832-ED8E8AA72841} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{164D2B0F-61F8-4610-B0E1-9B6E43F17111} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AF7967F-E747-43F9-AAD9-B09A31C9D0C7} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AF7967F-E747-43F9-AAD9-B09A31C9D0C7} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29216AB5-8338-401C-A9CD-8E352F15EDD} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29216AB5-8338-401C-A9CD-8E352F15EDD} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3812681d-f2dd-4f25-8ce4-e963872122b1} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3994AFB4-6577-4BB9-95E6-532EBE9F38B7} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3994AFB4-6577-4BB9-95E6-532EBE9F38B7} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E41F2D7-EF9E-4F88-9264-E7CEE495CBD0} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4210CEE5-4AA2-4147-805B-95BD18FB50EC} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4210CEE5-4AA2-4147-805B-95BD18FB50EC} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42687A59-8A43-4218-A544-CCE363D37DD} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42687A59-8A43-4218-A544-CCE363D37DD} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42A2474D-22CD-4C6C-A9B1-3EE46BB64B9} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42A2474D-22CD-4C6C-A9B1-3EE46BB64B9} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44289DB5-2261-4DB6-A6C6-B9C4F3814D52} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44289DB5-2261-4DB6-A6C6-B9C4F3814D52} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C91ACC4-C847-4842-BFF1-9974A0E12567} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C91ACC4-C847-4842-BFF1-9974A0E12567} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CF65A65-4E-4BE5-BFE0-3B2264A3E56} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CF65A65-4E-4BE5-BFE0-3B2264A3E56} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50D5F4B0-8D69-4702-B47-3E4E89291F0} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50D5F4B0-8D69-4702-B47-3E4E89291F0} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5206688f-7646-4b06-8a17-64ee8a3e243b} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AFC8C5C-46F8-410D-BB65-BE2A3B25944} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CD49873-659B-4AB3-9593-4D3B8CF7B926} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D764832-4DE7-4C96-94FB-CD5F3634BB97} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D764832-4DE7-4C96-94FB-CD5F3634BB97} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DDDB739-AF67-4414-93E9-DCFF549125B0} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DDDB739-AF67-4414-93E9-DCFF549125B0} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63023C46-EB3E-4859-A82A-E047531073} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63023C46-EB3E-4859-A82A-E047531073} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DDA06F6-1B3F-470B-B6BE-EC9AED86DE98} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7258865-6A49-49EA-9286-C3102829F0D7} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73114113-5D76-4F51-8616-6EADA76097EA} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73114113-5D76-4F51-8616-6EADA76097EA} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{760cfd33-635b-41c3-b382-850e3d6ef3e0} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{799c3523-aacc-4bd8-a913-37195bb807a8} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E493863-FBBD-406F-A3B1-4D8E46A75140} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82D06A89-A483-4B07-B697-FF8341AFB42} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84403CC6-451D-46C9-9238-321AE4CCFFC} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84DCD3BC-2106-4B4A-951-31838BB24DC8} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84DCD3BC-2106-4B4A-951-31838BB24DC8} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D566797-AEC2-45E3-9EFB-8BB84C9B39A3} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E17BCE0-E170-4E81-87CF-49589BA74D8} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90113259-B205-4FD7-A4E5-7DE03AF7665F} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90113259-B205-4FD7-A4E5-7DE03AF7665F} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91FF7ADF-98F7-4C25-AA40-A69AC6F9B61A} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91FF7ADF-98F7-4C25-AA40-A69AC6F9B61A} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{926dc3b0-7192-42c9-8037-329165873a2b} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93E61DA6-7BAF-47DD-B576-8ED59B833FD4} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94677F80-7F97-4B47-B138-14C1822E485E} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96051050-7199-4EAC-BED3-7D29D3BFFC14} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC57F02-CDD4-4B60-ADD1-4D1E474D6615} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC57F02-CDD4-4B60-ADD1-4D1E474D6615} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5CB2BEA-CCAE-4A27-8893-A0579ADBB07A} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A821BDB3-6D37-4BCA-B547-D29A6A3394BA} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABAD81B8-3B51-4493-B9BE-DB2276238F8} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B62F9E4D-5D4E-4C54-BEB6-61C849AA1071} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B62F9E4D-5D4E-4C54-BEB6-61C849AA1071} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6D76A7B-961C-48C5-89DE-E06438AB2BCB} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b9746d39-cfcb-479e-877a-0961130cd4d3} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c088b0da-dba1-4ee9-bc2f-c21cfcb68b75} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0DBA8C1-65D8-43FC-BBB-66E7C24DA5EC} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0DBA8C1-65D8-43FC-BBB-66E7C24DA5EC} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C242E85D-12BD-459D-9D36-BB3B8C40517B} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C242E85D-12BD-459D-9D36-BB3B8C40517B} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C468331E-755A-442C-B7B7-4E23A03D2E6B} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C58A834B-EB6A-40E3-8121-8549AC8F88A} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C965D080-5D37-4F91-A785-CF28DE369D} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C965D080-5D37-4F91-A785-CF28DE369D} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB26D741-F835-4C00-A4F8-5B5AD07AB0B4} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB26D741-F835-4C00-A4F8-5B5AD07AB0B4} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFDF064E-AE72-40CF-A1A3-8DFDE7B3BD16} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFDF064E-AE72-40CF-A1A3-8DFDE7B3BD16} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1B7BD9B-183B-4CA2-96D1-F197E49690FC} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D474E4D3-3726-44AC-8CE7-1EF2C025F2EE} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D474E4D3-3726-44AC-8CE7-1EF2C025F2EE} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D943C0EB-97C-4F18-8582-BA3175C6A8C6} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9F16B4C-BD5D-4EDB-8AE5-D7A1745D1FDE} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A3840D-CD02-4679-92CD-BFD4BEB732C0} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3EE155F-E723-45C9-9C73-199131E0B039} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7C71176-B785-4A63-A1C3-A946C80EA72} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF6E2829-BBCC-4621-9E9-80FCF9D9A0F2} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF6E2829-BBCC-4621-9E9-80FCF9D9A0F2} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F16B57F6-9E6D-4716-BC13-C1A5D2328036} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{039ba60f-f956-4e74-ab81-1459ef7e9b72} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3812681d-f2dd-4f25-8ce4-e963872122b1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5206688f-7646-4b06-8a17-64ee8a3e243b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{760cfd33-635b-41c3-b382-850e3d6ef3e0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{799c3523-aacc-4bd8-a913-37195bb807a8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{926dc3b0-7192-42c9-8037-329165873a2b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b9746d39-cfcb-479e-877a-0961130cd4d3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c088b0da-dba1-4ee9-bc2f-c21cfcb68b75} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrvUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrvUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginServices deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginServices deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginServices deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\l05s47rw.default ---- FireFox user.js and prefs.js backups ---- user__2034_.backup prefs__2034_.backup ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016 ---- Lines aROUAILDE73397174UXGZI17268980com65123 removed from prefs.js ---- user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.InstallationThankYouPage", false); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.InstallationTime", 1416747363); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.ROUAILDE73397174@UXGZI17268980.comaROUAILDE73397174UXGZI17268980com65123_dbWasSet", user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.ROUAILDE73397174@UXGZI17268980.comaROUAILDE73397174UXGZI17268980com65123_dbWasSet_F user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.ROUAILDE73397174@UXGZI17268980.comasyncdb_dbWasSet", true); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.ROUAILDE73397174@UXGZI17268980.comasyncdb_dbWasSet_FF25_FIX", true); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.ROUAILDE73397174@UXGZI17268980.comasyncinternaldb_dbWasSet", true); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.ROUAILDE73397174@UXGZI17268980.comasyncinternaldb_dbWasSet_FF25_FIX", true); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.active", true); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.addressbar", "NA"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.addressbarenhanced", ""); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.asyncdb.was_copied", "true"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.asyncinternaldb.was_copied", "true"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.backgroundver", 1); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.certdomaininstaller", ""); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.changeprevious", false); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Eu user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.cookie.InstallationTime.value", "%221416747363%22"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Eur user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000171%22%2C%22sub_id%22%3A user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.cookie.uc.expiration", "Sun Dec 07 2014 14:01:41 GMT+0100 (Central Europe Standard user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.cookie.uc.value", "%22%5C%22RS%5C%22%22"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.description", "iWebar"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.domain", ""); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.enablesearch", false); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.homepage", ""); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.iframe", false); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Ce user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22BC4D16FF980047 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000171%22%2C%22sub_id%2 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Ce user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000171%22%2C%22sub user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22BC4D1 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Centra user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_appVer.value", "21"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (C user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A838651%2C user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_nextCheck.expiration", "Tue Nov 25 2014 00:25:55 GMT+0100 (Cen user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838651.expiration", "Sat Feb 21 2015 14:01:08 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838652.expiration", "Sun Feb 22 2015 20:20:17 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838653.expiration", "Sun Feb 22 2015 20:20:17 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838654.expiration", "Sat Feb 21 2015 14:01:08 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838655.expiration", "Sun Feb 22 2015 20:20:17 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838656.expiration", "Sat Feb 21 2015 14:01:08 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838656.value", "%22//Javascript%20Helper%20Functions% user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838657.expiration", "Sun Feb 22 2015 20:20:17 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838658.expiration", "Sun Feb 22 2015 20:20:17 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838659.expiration", "Sat Feb 21 2015 14:01:08 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838660.expiration", "Sun Feb 22 2015 20:20:17 GMT+010 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838660.value", "%22function%20startAskCom%28e%2Ct%2Cr user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Cen user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.__defualt_browser__.value", "%22ff%22"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europ user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%2 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 G user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00: user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledWithHash.value", "null"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_last_executable_request.expiration", "Tue Nov 25 201 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_last_executable_request.value", "%22http%3A//downloa user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:0 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.lastDailyReport", "1416849953632"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.lastUpdate", "1416849953631"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.manifesturl", ""); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.name", "iWebar"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.newtab", ""); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.opensearch", ""); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.pluginsurl", "http://js.newonlinedemoserv.com/plugin/apps/65123/plugins/na/ff/plugi user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.pluginsversion", 14); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.publisher", "iWebar"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.searchstatus", 0); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.setnewtab", false); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.thankyou", ""); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.updateinterval", 360); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.ver", 21); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.apps", "65123"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.bic", "149dcb0b74bd66d76bd43674261d95d9"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.cid", 65123); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.firstrun", false); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.hadappinstalled", true); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.installationdate", 1416747667); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.modetype", "production"); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.reportInstall", true); user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.statsDailyCounter", 4); ---- FireFox user.js and prefs.js backups ---- user__2034_.backup prefs__2034_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\45a2cf91-6499-4bbd-a461-df42dfc4c8c1\b52caf26-35ca-42f3-a7b4-9a045c49fab2.dll deleted C:\Program Files (x86)\45a2cf91-6499-4bbd-a461-df42dfc4c8c1\45a2cf91-6499-4bbd-a461-df42dfc4c8c1.dll deleted C:\Program Files (x86)\Adobe\8738e135-6247-40c1-ab2c-8afc8083eb5f.dll deleted C:\Program Files (x86)\Adobe\d0e20393-c4ce-435f-8fbe-e501162d4a5b.dll deleted C:\Users\mirjana\AppData\LocalLow\{6CDA7CCC-5095-1DA8-5C5E-A45AA0550737} deleted C:\Users\mirjana\AppData\Local\Packages\windows_ie_ac_001\AC\{6CDA7CCC-5095-1DA8-5C5E-A45AA0550737} deleted C:\PROGRA~2\SoftwareUpdater deleted C:\PROGRA~2\GoSave deleted C:\PROGRA~2\YoutubeAdBlocke deleted C:\PROGRA~2\TNT2 deleted C:\PROGRA~2\45a2cf91-6499-4bbd-a461-df42dfc4c8c1 deleted C:\PROGRA~2\d0e20393-c4ce-435f-8fbe-e501162d4a5b deleted C:\Users\mirjana\AppData\Roaming\PStrip.ini deleted C:\Users\mirjana\AppData\Roaming\AlawarEntertainment deleted C:\Users\mirjana\AppData\Roaming\mystartsearch deleted C:\PROGRA~3\IePluginServices deleted C:\PROGRA~3\GoSave deleted C:\PROGRA~3\YoutubeAdBlocke deleted C:\PROGRA~3\FreeWorldApp deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\WindowsMangerProtect deleted C:\Users\mirjana\AppData\Local\globalUpdate deleted C:\Users\mirjana\AppData\Local\Installer deleted C:\Users\mirjana\AppData\Local\CrashRpt deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-1.job deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-11.job deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-2.job deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-3.job deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-4.job deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5.job deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5_user.job deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-6.job deleted C:\Windows\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-7.job deleted C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-1.job deleted C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-11.job deleted C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-2.job deleted C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-4.job deleted C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5.job deleted C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5_user.job deleted C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-6.job deleted C:\Windows\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-7.job deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-1 deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-11 deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-2 deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-3 deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-4 deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5 deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-5_user deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-6 deleted C:\windows\SysNative\Tasks\28080a71-d443-414a-93fd-4317e0ebb38b-7 deleted C:\windows\SysNative\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-1 deleted C:\windows\SysNative\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-11 deleted C:\windows\SysNative\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-2 deleted C:\windows\SysNative\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-4 deleted C:\windows\SysNative\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5 deleted C:\windows\SysNative\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-5_user deleted C:\windows\SysNative\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-6 deleted C:\windows\SysNative\Tasks\3b3d435e-37a5-4518-8a78-9d63de706c8d-7 deleted C:\Users\Public\Documents\GOOBZO deleted C:\Users\Public\Documents\YTAHelper deleted C:\Windows\wininit.ini deleted C:\Windows\tasks\SW-Booster-S-1530452449.job deleted C:\windows\SysNative\tasks\SW-Booster-S-1530452449 deleted C:\windows\SysNative\drivers\{2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64.sys deleted C:\windows\SysNative\drivers\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64.sys deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\extensions\ROUAILDE73397174@UXGZI17268980.com deleted C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\extensions\warnerroberts@hotmail.com deleted "C:\Users\mirjana\AppData\Roaming\AB" deleted "C:\Windows\tasks\AB.job" deleted "C:\Windows\SysNative\tasks\AB" deleted "C:\Users\mirjana\AppData\Roaming\ZRZYR" deleted "C:\Windows\tasks\ZRZYR.job" deleted "C:\Windows\SysNative\tasks\ZRZYR" deleted "C:\PROGRA~3\91594efd14a3a7cb\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20141015140739" deleted "C:\PROGRA~3\91594efd14a3a7cb\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20141015140747" deleted "C:\PROGRA~3\91594efd14a3a7cb\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141015140716" deleted "C:\PROGRA~3\91594efd14a3a7cb\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141015140728" deleted "C:\PROGRA~3\91594efd14a3a7cb\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140723102241" deleted "C:\PROGRA~3\91594efd14a3a7cb\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140723102248" deleted "C:\PROGRA~3\91594efd14a3a7cb" deleted "C:\PROGRA~3\Package Cache" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\l05s47rw.default - Noia-4 temahanterare - %ProfilePath%\extensions\Noia4Options@ArisT2.xpi ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016 - Undetermined - warnerroberts@hotmail.com - Undetermined - ROUAILDE73397174@UXGZI17268980.com - PriceExpert - %ProfilePath%\extensions\support@priceexpert.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016 67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash 12B7772C549B1A9A7AC2C0062F1582FF - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll - Shockwave for Director / Shockwave for Director ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\mirjana\AppData\Local\Torch deleted Fake profile C:\Users\mirjana\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\mirjana\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\mirjana\AppData\Local\Chromatic Browser deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 17:22] Google Voice Search Hotword (Beta) - mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Browse Coupon - mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda ==== Chromium Fix ====================== C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_daemon-tools.en.softonic.com_0.localstorage deleted successfully C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1416746688&from=smt&uid=ST2000DM001-1CH164_Z340Q41DXXXXZ340Q41D&q={searchTerms}" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1416746688&from=smt&uid=ST2000DM001-1CH164_Z340Q41DXXXXZ340Q41D&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1416746688&from=smt&uid=ST2000DM001-1CH164_Z340Q41DXXXXZ340Q41D&q={searchTerms}" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1416746688&from=smt&uid=ST2000DM001-1CH164_Z340Q41DXXXXZ340Q41D&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9f7ab9c4-4da3-440e-ba84-95903165f129} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f7ab9c4-4da3-440e-ba84-95903165f129} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\2cf90bbc-5529-404c-8a94-0f6595060941 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mirjana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mirjana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18XADTUY will be deleted at reboot C:\Users\mirjana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHM4EGC8 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\mirjana\AppData\Local\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\Cache emptied successfully C:\Users\mirjana\AppData\Local\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=433 folders=139 70649884 bytes) ==== Empty Temp Folders ====================== C:\Users\mirjana\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\mirjana\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\mirjana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18XADTUY" not found "C:\Users\mirjana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHM4EGC8" not found "C:\Users\mirjana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZBKYFYG\brewhaha1-a.akamaihd.net" not found "C:\Users\mirjana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZBKYFYG\js.rating-widget.com" not found ==== EOF on 24.11.2014 at 20:41:47,98 ======================

Profil

magna86 Poslao: 24 Nov 2014 22:12 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U redu, uradili smo odlican posao. Vec sada bi trebala da osetis poboljsanje u radu sistema ali jos nas ceka posao. Idemo jos jednom da koristimo Zoek alat ali ovaj put preko njegove scripte. Potom mi postavi sveze FRST logove. Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop. Raspakuj arhivu u neki folder (uputstvo), a zatim: zatvori browser i ostale pokrenute programe; privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ; dvoklikom pokreni zoek na ikonicu programa ; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sledeći tekst: `Uninstall-List; EmptyCLSID; FFDefaults; warnerroberts@hotmail.com;ff ROUAILDE73397174@UXGZI17268980.com;ff support@priceexpert.com.xpi;ff CHRDefaults; fnfnbeppfinmnjnjhedifcfllpcfgeea;chr ignckfakfhfnipljejimadldlaklolda;chr Reboot;` Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku. . dvoklikom pokreni FRST program, kada se alat pokrene klikni Yes na disclaimer prozor; pričekati koji trenutak dok alat proverava postoji li novija verzija; klikni na dugme Scan; po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan; iskopiraj sadržaj FRST.txt izveštaja u poruku;

Profil

Mirabe Poslao: 25 Nov 2014 16:45 Idi na vrh
offline Mirabe Građanin Pridružio: 30 Dec 2008 Poruke: 193	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zoek.exe v5.0.0.0 Updated 24-11-2014 Tool run by mirjana on 25.11.2014 at 15:51:12,26. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\mirjana\Desktop\New Folder (2)\zoek.scr [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-11-24-194148.log 46048 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110611571143} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110611191115} deleted successfully HKEY_USERS\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110611511123} deleted successfully ==== FireFox Fix ====================== Deleted from C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\l05s47rw.default\prefs.js: Added to C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\l05s47rw.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\prefs.js: Added to C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\prefs.js: user_pref("browser.search.defaulturl", "http://websearch.searchfix.info/?pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS&l=1&q="); user_pref("browser.search.defaultenginename", "FindWide"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.search.order.1", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.useDBForOrder", true); Added to C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\l05s47rw.default ---- FireFox user.js and prefs.js backups ---- user__1553_.backup prefs__1553_.backup ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016 ---- Lines support@priceexpert.com.xpi removed from prefs.js ---- user_pref("extensions.bootstrappedAddons", "{\"support@priceexpert.com\":{\"version\":\"0.9.6.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\ ---- Lines support@priceexpert.com.xpi modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program ---- FireFox user.js and prefs.js backups ---- user__1553_.backup prefs__1553_.backup ProfilePath: C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default ---- Lines ROUAILDE73397174@UXGZI17268980.com modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program ---- FireFox user.js and prefs.js backups ---- user__1553_.backup prefs__1553_.backup ==== Deleting Files \ Folders ====================== C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\extensions\ROUAILDE73397174@UXGZI17268980.com deleted "C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\extensions\support@priceexpert.com.xpi" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\l05s47rw.default - Noia-4 temahanterare - %ProfilePath%\extensions\Noia4Options@ArisT2.xpi ProfilePath: C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default - YoutubeAdBlocke - %ProfilePath%\extensions\DN@B.org - GoSave - %ProfilePath%\extensions\Vb@T.org AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016 67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash 12B7772C549B1A9A7AC2C0062F1582FF - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll - Shockwave for Director / Shockwave for Director ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 17:22] Browse Coupon - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda priacEcchoap - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fncaneajodfiiclghafoihjgjmbgbngd Browse Coupon - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda priacEcchoap - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fncaneajodfiiclghafoihjgjmbgbngd Browse Coupon - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - Administrator\AppData\Local\Torch\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda priacEcchoap - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fncaneajodfiiclghafoihjgjmbgbngd Browse Coupon - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda priacEcchoap - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fncaneajodfiiclghafoihjgjmbgbngd Browse Coupon - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - Guest\AppData\Local\Torch\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Guest\AppData\Local\Torch\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda priacEcchoap - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fncaneajodfiiclghafoihjgjmbgbngd Browse Coupon - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda priacEcchoap - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fncaneajodfiiclghafoihjgjmbgbngd Browse Coupon - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Google Voice Search Hotword (Beta) - mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Google Wallet - mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Browse Coupon - Nikola\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Nikola\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda priacEcchoap - Nikola\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fncaneajodfiiclghafoihjgjmbgbngd Browse Coupon - Nikola\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Nikola\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Google Drive - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Voice Search Hotword (Beta) - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn YouTube - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Browse Coupon - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Google Wallet - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia priacEcchoap - Nikola\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fncaneajodfiiclghafoihjgjmbgbngd Browse Coupon - Nikola\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Nikola\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda Browse Coupon - Nikola\AppData\Local\Torch\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea GoSave - Nikola\AppData\Local\Torch\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda ==== Chromium Startpages ====================== C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://websearch.searchfix.info/?pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS", ==== Chromium Fix ====================== C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Nikola\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Nikola\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Nikola\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Nikola\AppData\Local\Torch\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea deleted successfully C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Nikola\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Nikola\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Nikola\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully C:\Users\Nikola\AppData\Local\Torch\User Data\Default\Extensions\ignckfakfhfnipljejimadldlaklolda deleted successfully ==== Reset Google Chrome ====================== C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Uninstall List x64 ====================== @BIOS [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}] ćTorrent [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] Adobe Flash Player 15 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin] Adobe Flash Player ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Reader XI (11.0.09) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}] Adobe Shockwave Player 12.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player] AIDA64 Extreme v4.70 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AIDA64 Extreme_is1] AMD Accelerated Video Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7CD07B2-565B-D770-0388-9C16A8FA5B1D}] AMD APP SDK Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}] AMD Catalyst Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{44A6C11C-D744-6B2C-D5A1-E32CB1DB0088}] AMD Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2956908-53A3-88FC-B795-B16508296FC4}] AMD Drag and Drop Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E74DBCA2-F0BC-929D-0504-87E97079EB4A}] AMD Fuel [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{65A9248D-196D-41AD-1C66-5C9A23454DAA}] AMD Media Foundation Decoders [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5941D535-34BF-BB6E-E52B-F464E4E955FF}] AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0A2E1907-D0DE-0D01-CA64-CB0AB0BFE539}] AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}] AutoGreen B12.1220.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}] AutoGreen B12.1220.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}] Avira [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A979044-2415-417E-83A6-BAD69D5DBBF5}] Avira [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{905d3ded-fe60-432c-b56e-7cd19f2899ac}] Avira [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e67154a7-9cc5-4167-b782-f3982bc6c70d}] Avira Free Antivirus [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira AntiVir Desktop] BS.Player FREE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayerf] CameraHelperMsi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}] Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{25A3B953-1423-3F15-640E-B620DD0F419A}] Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3BE2947-BB03-6079-60DD-41B388BBC74A}] Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77C135AC-6695-F444-75ED-14413408E51D}] Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5BE5386-0A43-32DD-9F2B-934B8CCCAC41}] ccc-utility64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C1F5F9B-649F-C65F-D65F-9EC0459C2304}] CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{64A47A55-1E5E-82F1-26A6-8157D34739A4}] CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{51307F85-BD05-1938-8440-E88FD13585CA}] CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{151AE945-AA23-3834-D5C7-C60832B71B15}] CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F3220B5E-9395-F557-8DB9-1E0F29D32026}] CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{755C6015-01B7-475D-448A-CE4D35E68F38}] CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F2AB797F-31A3-A376-736B-9E0533BAB530}] CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C70E8FBB-10F3-1DFF-E35F-6D62264D7A80}] CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86CF0325-7921-55A6-16B2-254E77C40FE4}] CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0ED9B46-5B37-616A-FDCC-3F713BC2972D}] CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4DC7C1AB-4389-B736-082D-1BFA6BC10293}] CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B89357B0-C12E-F21E-7E8D-CA13BFED19C7}] CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5C89D6B4-C8C4-08B9-4381-4E6C9BA3C094}] CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5565E164-9928-CEDD-5011-9EE073D797B9}] CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A974568-D4D5-EED2-1976-132C28211A82}] CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BBF2F0E-8891-0E74-83D3-0DBDB750EDC6}] CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A11D86BF-B950-759B-3DBF-1575B76BF974}] CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AA14530E-3EF6-92AB-B39F-DB96F852BBBC}] CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5AAF27C9-51C1-DEF1-230F-9F348E2DF885}] CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5947D004-A315-F50D-D24F-4C9D5B8413A5}] CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{877AB8B2-9D11-D640-7B11-730699E0C9A2}] CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ABAD2544-D794-E1B1-2763-55A9BB811D5A}] CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EC43C902-EF4F-0BF6-FA5F-897D2E450858}] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] DAEMON Tools Lite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite] erLT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Drive [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}] Google Earth Plug-in [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Java 7 Update 71 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF}] Logitech Webcam Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D40EB009-0499-459c-A8AF-C9C110766215}] LOTR The Return of the King tm [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6E298B0A-558C-4138-0096-740677B382CD}] LWS Facebook [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] LWS Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] LWS Help_main [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}] LWS Launcher [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] LWS Motion Detection [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}] LWS Pictures And Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}] LWS Twitter [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}] LWS Webcam Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}] LWS WLM Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}] LWS YouTube Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] Malwarebytes Anti-Malware verzija 2.0.2.1012 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Meridian Age of Invention [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Meridian Age of Invention] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15134cb0-b767-4960-a911-f2d16ae54797}] Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{a1909659-0a08-4554-8af1-2175904903a1}] Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}] Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}] Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{764384C5-BCA9-307C-9AAC-FD443662686A}] Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}] Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}] Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}] Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}] Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7f51bdb9-ee21-49ee-94d6-90afc321780e}] Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ce085a78-074e-4823-8dc1-8a721b94b76d}] Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}] Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}] Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}] Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}] Microsoft WSE 3.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}] Minecraft1.7.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Minecraft1.7.2] Mozilla Firefox 33.1 (x86 en-US) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 33.1 (x86 en-US)] Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] NBA 2K14 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}] neroxml [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}] ON_OFF Charge 2 B13.1028.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}] ON_OFF Charge 2 B13.1028.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}] OpenOffice 4.0.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}] Origin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Origin] Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] Rescue Team 4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Rescue Team 4] Senses [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Senses] Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}] SkypeT 6.21 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] SpeedFan (remove only) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedFan] SUPERAntiSpyware [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}] SW-Sustainer 1.80 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}] swMSM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] The Sims 4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48EBEBBF-B9F8-4520-A3CF-89A730721917}] The SimsT 3 Katy Perry's Sweet Treats [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B2506E3-9A3F-45B5-96BF-509CAD584650}] The SimsT 3 Late Night [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45057FCE-5784-48BE-8176-D9D00AF56C3C}] The SimsT 3 Master Suite Stuff [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08A25478-C5DD-4EA7-B168-3D687CA987FF}] The SimsT 3 Movie Stuff [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0087539-3C57-44E0-BEE7-D779D546CBE1}] The SimsT 3 Outdoor Living Stuff [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{117B6BF6-82C3-420C-B284-9247C8568E53}] The SimsT 3 Pets [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C12631C6-804D-4B32-B0DD-8A496462F106}] The SimsT 3 Seasons [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3DE92282-CB49-434F-81BF-94E5B380E889}] The SimsT 3 Showtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3BBFD444-5FAB-49F6-98B1-A1954E831399}] The SimsT 3 Supernatural [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}] The SimsT 3 University Life [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}] Windows Phone app for desktop [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F71448B-88EB-4357-9A98-8658D4C49C48}] WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=748 folders=232 73670917 bytes) ==== After Reboot ====================== ==== EOF on 25.11.2014 at 15:56:50,93 ====================== Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01 Ran by mirjana (administrator) on MIRJANA-PC on 25-11-2014 16:42:23 Running from C:\Users\mirjana\Desktop Loaded Profile: mirjana (Available profiles: mirjana & Nikola) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (BitTorrent Inc.) C:\Users\mirjana\AppData\Roaming\uTorrent\uTorrent.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-17] (SUPERAntiSpyware) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [uTorrent] => C:\Users\mirjana\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\MountPoints2: {47ad14e4-b2b6-11e3-9ce7-806e6f6e6963} - F:\Run.exe HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\MountPoints2: {fa0a40e1-b292-11e3-ac22-74d4353a995d} - G:\setup.exe /autorun AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/ HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1BB6D04D8246CF01 HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = mystartsearch.com/web/?type=ds&ts=14167.....340Q41D&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = mystartsearch.com/web/?type=ds&ts=14167.....340Q41D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = google.com/search?q={searchTerms} BHO: YoutubeAdBlocke -> {5cdd0664-1187-469b-874e-47946ea9c1cb} -> C:\Program Files (x86)\YoutubeAdBlocke\9LA3wavPCxZeRV.x64.dll No File BHO: GoSave -> {a026fb29-63a6-45db-be6a-f7265e210080} -> C:\Program Files (x86)\GoSave\JcUFeJnFEs0rFw.x64.dll No File BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1578651779-4044669291-1851725983-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016 FF NewTab: hxxp://www.google.com/ FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q= FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1578651779-4044669291-1851725983-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF user.js: detected! => C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\user.js FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28] CHR Extension: (Google Wallet) - C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-24] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-24] (Avira Operations GmbH & Co. KG) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation) S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.) S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation) S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-23] (Disc Soft Ltd) S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-03-23] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-23] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-28] (Duplex Secure Ltd.) S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () U3 azfvpzi8; C:\Windows\System32\Drivers\azfvpzi8.sys [0 ] (Advanced Micro Devices) S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 {2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64; system32\drivers\{2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64.sys [X] S1 {610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64; system32\drivers\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 16:42 - 2014-11-25 16:42 - 00016143 _____ () C:\Users\mirjana\Desktop\FRST.txt 2014-11-25 15:55 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-11-25 15:52 - 2014-11-24 20:41 - 00046048 _____ () C:\zoek-results2014-11-24-194148.log 2014-11-25 15:49 - 2014-11-25 15:49 - 04265850 _____ () C:\Users\mirjana\Desktop\zoek (2).rar 2014-11-25 15:49 - 2014-11-25 15:49 - 00000844 _____ () C:\Users\mirjana\Desktop\sken.txt 2014-11-25 14:27 - 2014-11-25 14:27 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-25 14:25 - 2014-11-25 14:26 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-24 20:47 - 2014-11-24 20:47 - 00000000 ____D () C:\Users\mirjana\Desktop\Delicious - Emilys New Beginning BETA 2014-11-24 20:23 - 2014-11-25 15:56 - 00039896 _____ () C:\zoek-results.log 2014-11-24 20:22 - 2014-11-25 15:54 - 00000000 ____D () C:\zoek_backup 2014-11-24 20:22 - 2014-11-24 20:22 - 00003192 _____ () C:\Windows\System32\Tasks\{4D76E4ED-542F-4AED-9BC6-A35C983ADF41} 2014-11-24 20:21 - 2014-11-24 20:21 - 00000000 ____D () C:\Users\mirjana\Desktop\New Folder (2) 2014-11-24 20:20 - 2014-11-24 20:20 - 04265850 _____ () C:\Users\mirjana\Desktop\zoek.rar 2014-11-24 20:20 - 2014-11-24 20:20 - 00000697 _____ () C:\Users\mirjana\Desktop\uputstvo.txt 2014-11-24 19:17 - 2014-11-25 16:42 - 00000000 ____D () C:\FRST 2014-11-24 19:17 - 2014-11-24 19:17 - 02118144 _____ (Farbar) C:\Users\mirjana\Desktop\FRST64.exe 2014-11-24 16:03 - 2014-11-24 16:03 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\AMD 2014-11-24 16:00 - 2014-11-24 16:00 - 00002136 _____ () C:\Users\mirjana\Desktop\Minecraft.lnk 2014-11-24 16:00 - 2014-11-24 16:00 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2014-11-24 14:46 - 2014-11-24 16:21 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\.minecraft 2014-11-23 13:58 - 2014-11-23 13:58 - 00003164 _____ () C:\Windows\System32\Tasks\{EFDF3296-EFDD-4879-B57D-4921C43B60C5} 2014-11-23 13:51 - 2014-11-23 13:56 - 00000000 ____D () C:\Users\mirjana\Desktop\New folder 2014-11-23 13:47 - 2014-11-23 13:47 - 00003124 _____ () C:\Windows\System32\Tasks\{CE407C24-2FD9-4560-BD04-B72F234D6AE0} 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieUserList 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieSiteList 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieBrowserModeList 2014-11-22 14:58 - 2014-11-22 14:58 - 00000848 _____ () C:\Users\mirjana\Desktop\Meridian Age of Invention.lnk 2014-11-22 14:58 - 2014-11-22 14:58 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meridian Age of Invention 2014-11-21 15:58 - 2014-11-21 15:58 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-11-19 12:40 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 12:40 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 12:40 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 12:40 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-14 17:05 - 2014-11-14 17:05 - 00000845 _____ () C:\Users\Public\Desktop\NBA 2K14.lnk 2014-11-13 06:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 06:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 06:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 06:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 06:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 06:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 06:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 06:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 06:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 06:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 06:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 06:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 06:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 06:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 06:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 06:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 06:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 06:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 06:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 06:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 06:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 06:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 06:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 06:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 06:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 06:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 06:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 06:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 06:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 06:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 06:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 06:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 06:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 06:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 06:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 06:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 06:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 06:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 06:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 06:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 06:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 06:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 06:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 06:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 06:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 06:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 06:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 06:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 06:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 06:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 06:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 06:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 06:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 06:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 06:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 06:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 06:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 06:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 06:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 06:18 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 06:18 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 06:18 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 06:18 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 06:18 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 06:18 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 06:18 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 06:18 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 06:18 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 06:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 06:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 06:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 06:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 06:16 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 06:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 06:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 06:14 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 06:14 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 06:14 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 06:14 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 06:14 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 06:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 06:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-10 19:34 - 2014-11-10 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 15:44 - 2014-11-10 15:44 - 00000907 _____ () C:\Users\mirjana\Desktop\Principi hronodijete.txt 2014-11-10 14:09 - 2014-11-12 18:16 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-11-10 14:09 - 2014-11-10 14:09 - 00001011 _____ () C:\Users\Nikola\Desktop\SpeedFan.lnk 2014-11-10 14:09 - 2014-11-10 14:09 - 00001011 _____ () C:\Users\mirjana\Desktop\SpeedFan.lnk 2014-11-10 14:09 - 2014-11-10 14:09 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo 2014-11-10 14:09 - 2014-11-10 14:09 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-11-10 14:09 - 2014-11-10 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-11-10 13:19 - 2014-11-10 13:19 - 00001179 _____ () C:\Users\mirjana\Desktop\AIDA64 Extreme.lnk 2014-11-10 13:19 - 2014-11-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2014-11-10 13:19 - 2014-11-10 13:19 - 00000000 ____D () C:\Program Files (x86)\FinalWire 2014-11-08 15:03 - 2014-11-08 15:03 - 00000000 ____D () C:\Users\mirjana\AppData\Local\JollyBear 2014-11-08 15:03 - 2014-11-08 15:03 - 00000000 ____D () C:\ProgramData\JollyBear 2014-11-08 14:56 - 2014-11-09 19:10 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Adobe 2014-10-29 10:33 - 2014-10-29 10:33 - 00003501 _____ () C:\Users\mirjana\Desktop\MTS_TwistedMexi_1463685_tmex-moveobjects.zip 2014-10-26 11:28 - 2014-10-26 11:28 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201410261128120925.log 2014-10-26 11:28 - 2014-10-26 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-10-26 11:28 - 2014-10-26 11:28 - 00000000 ____D () C:\ProgramData\ATI 2014-10-26 11:28 - 2014-10-26 11:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-10-26 11:24 - 2014-10-26 11:24 - 00000261 _____ () C:\Users\mirjana\cheats sims4.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 16:42 - 2014-03-23 21:28 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Skype 2014-11-25 16:42 - 2014-03-23 11:42 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\uTorrent 2014-11-25 16:03 - 2009-07-14 05:45 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-25 16:03 - 2009-07-14 05:45 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-25 16:00 - 2014-03-24 13:43 - 00690266 _____ () C:\Windows\system32\perfh00C.dat 2014-11-25 16:00 - 2014-03-24 13:43 - 00478818 _____ () C:\Windows\system32\perfh001.dat 2014-11-25 16:00 - 2014-03-24 13:43 - 00129844 _____ () C:\Windows\system32\perfc00C.dat 2014-11-25 16:00 - 2014-03-24 13:43 - 00094558 _____ () C:\Windows\system32\perfc001.dat 2014-11-25 16:00 - 2014-03-24 13:12 - 00696758 _____ () C:\Windows\system32\perfh007.dat 2014-11-25 16:00 - 2014-03-24 13:12 - 00148770 _____ () C:\Windows\system32\perfc007.dat 2014-11-25 16:00 - 2009-07-14 06:13 - 02992454 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-25 15:59 - 2014-03-23 13:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-25 15:56 - 2014-04-09 20:24 - 02210054 _____ () C:\Windows\PFRO.log 2014-11-25 15:56 - 2014-04-05 12:04 - 00214182 _____ () C:\Windows\setupact.log 2014-11-25 15:56 - 2014-03-23 14:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-25 15:56 - 2014-03-23 13:54 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-11-25 15:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-25 15:55 - 2014-03-23 19:12 - 02091922 _____ () C:\Windows\WindowsUpdate.log 2014-11-25 14:59 - 2014-03-31 18:55 - 00000000 ____D () C:\Users\Nikola\AppData\Local\CrashDumps 2014-11-25 14:56 - 2014-03-23 14:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-25 14:27 - 2014-03-23 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-25 14:26 - 2014-03-23 11:48 - 00000000 ____D () C:\ProgramData\Avira 2014-11-25 14:26 - 2014-03-23 11:48 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-24 21:04 - 2014-05-02 18:04 - 00000000 ____D () C:\ProgramData\TEMP 2014-11-24 20:41 - 2014-07-23 09:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-11-24 20:36 - 2014-07-23 09:22 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Comodo 2014-11-24 20:36 - 2014-03-23 14:29 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Google 2014-11-24 20:34 - 2014-03-25 00:27 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-11-24 20:34 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-11-24 20:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-11-24 19:16 - 2014-03-23 14:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-24 19:16 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-11-24 18:56 - 2014-03-23 17:50 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-11-24 18:55 - 2014-03-23 11:49 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-24 18:55 - 2014-03-23 11:49 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-23 19:23 - 2014-07-22 08:57 - 00000000 ____D () C:\Users\Nikola\AppData\Local\Microsoft Games 2014-11-23 19:14 - 2014-03-23 13:20 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-11-23 13:58 - 2014-03-30 15:38 - 00000000 ____D () C:\Users\mirjana\AppData\Local\CrashDumps 2014-11-23 13:57 - 2014-10-24 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\The Sims 4 2014-11-23 13:57 - 2014-03-23 14:30 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-23 13:57 - 2014-03-23 11:39 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-23 13:57 - 2014-03-23 11:39 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-23 13:57 - 2014-03-23 11:24 - 00001417 _____ () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-22 22:50 - 2014-05-08 16:28 - 00000000 ____D () C:\Users\Nikola\AppData\Roaming\Skype 2014-11-22 21:09 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini 2014-11-22 21:02 - 2014-03-27 10:28 - 00000000 ____D () C:\Users\Nikola 2014-11-22 21:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2014-11-22 14:50 - 2014-10-24 18:08 - 00000000 ____D () C:\Users\mirjana\Documents\Electronic Arts 2014-11-22 10:24 - 2014-06-21 18:31 - 00000000 ____D () C:\Program Files (x86)\Tropico 5 2014-11-22 10:22 - 2014-03-23 14:31 - 00000000 ____D () C:\ProgramData\Norton 2014-11-18 18:35 - 2014-03-23 16:10 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-11-17 16:42 - 2014-10-24 18:07 - 00001289 _____ () C:\Users\Public\Desktop\The Sims™ 4.lnk 2014-11-16 08:29 - 2009-07-14 06:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-15 22:51 - 2014-03-23 14:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 22:51 - 2014-03-23 14:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-15 16:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-14 22:22 - 2014-05-05 22:13 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-14 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA 2014-11-14 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-11-14 18:03 - 2014-04-21 09:42 - 00192075 _____ () C:\Windows\DirectX.log 2014-11-13 12:13 - 2009-07-14 05:45 - 00311760 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-13 06:22 - 2014-03-24 11:41 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-13 06:19 - 2014-03-24 11:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-12 18:59 - 2014-03-23 13:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 18:59 - 2014-03-23 13:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 18:59 - 2014-03-23 13:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 06:59 - 2014-03-23 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-06 09:51 - 2014-03-23 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-02 13:21 - 2014-09-24 23:53 - 00002852 _____ () C:\Users\mirjana\Desktop\tmex-moveobjects.zip 2014-11-01 04:11 - 2014-03-23 11:24 - 00000000 ____D () C:\Users\mirjana 2014-10-26 11:28 - 2014-03-23 14:22 - 00000000 ____D () C:\ProgramData\AMD 2014-10-26 11:28 - 2014-03-23 14:20 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-10-26 11:24 - 2014-08-15 15:16 - 00000000 ____D () C:\AMD Some content of TEMP: ==================== C:\Users\mirjana\AppData\Local\Temp\7za.exe C:\Users\mirjana\AppData\Local\Temp\avgnt.exe C:\Users\mirjana\AppData\Local\Temp\hijackthis.exe C:\Users\mirjana\AppData\Local\Temp\sed.exe C:\Users\mirjana\AppData\Local\Temp\shortcut.exe C:\Users\mirjana\AppData\Local\Temp\swxcacls.exe C:\Users\Nikola\AppData\Local\Temp\avgnt.exe C:\Users\Nikola\AppData\Local\Temp\SkypeSetup.exe C:\Users\Nikola\AppData\Local\Temp\sSetup-se.exe C:\Users\Nikola\AppData\Local\Temp\vcredist.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 16:22 ==================== End Of Log ============================

Profil

magna86 Poslao: 25 Nov 2014 23:01 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U redu, idemo dalje ... 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: Start REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f REG: reg delete HKLM\SOFTWARE\Google\Chrome /f REG: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f REG: reg delete "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}" /f REG: reg add "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows" /v AppInit_DLLs /t REG_SZ /d "" /f Folder: C:\Windows\System32\Tasks\{4D76E4ED-542F-4AED-9BC6-A35C983ADF41} CloseProcesses: HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=14167.....340Q41D&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=14167.....340Q41D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS Hosts: S1 {2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64; system32\drivers\{2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64.sys [X] S1 {610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64; system32\drivers\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64.sys [X] BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File BHO: YoutubeAdBlocke -> {5cdd0664-1187-469b-874e-47946ea9c1cb} -> C:\Program Files (x86)\YoutubeAdBlocke\9LA3wavPCxZeRV.x64.dll No File BHO: GoSave -> {a026fb29-63a6-45db-be6a-f7265e210080} -> C:\Program Files (x86)\GoSave\JcUFeJnFEs0rFw.x64.dll No File Toolbar: HKU\S-1-5-21-1578651779-4044669291-1851725983-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EmptyTemp: C:\PROGRA~2\SW-BOO~1 C:\Program Files (x86)\GoSave C:\Program Files (x86)\YoutubeAdBlocke C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\extensions\DN@B.org C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\extensions\Vb@T.org End 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a. . Potom, potrebno je da deinstaliras i kompletno uklonis Google Chrome browser. Kod deinstalacije obavezno izaberi Also delete your browsing data opciju. Smes da sacuvas bookmarks backup. Cilj je da u potpunosti uklonimo Chrome browser i njegove podatke jer je kompromitovan. Kada zavrsis deinstalaciju, restartuj racunar te sa officijalnog sajta preuzmi svezu verziju pa je instaliraj.

Profil

Mirabe Poslao: 26 Nov 2014 18:14 Idi na vrh
offline Mirabe Građanin Pridružio: 30 Dec 2008 Poruke: 193	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 26 Nov 2014 18:11 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01 Ran by mirjana at 2014-11-26 18:04:51 Run:1 Running from C:\Users\mirjana\Desktop Loaded Profiles: mirjana & Nikola (Available profiles: mirjana & Nikola) Boot Mode: Normal ============================================== Content of fixlist: *************** Start REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f REG: reg delete HKLM\SOFTWARE\Google\Chrome /f REG: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f REG: reg delete "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}" /f REG: reg add "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows" /v AppInit_DLLs /t REG_SZ /d "" /f Folder: C:\Windows\System32\Tasks\{4D76E4ED-542F-4AED-9BC6-A35C983ADF41} CloseProcesses: HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = mystartsearch.com/web/?type=ds&ts=14167.....340Q41D&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = mystartsearch.com/web/?type=ds&ts=14167.....340Q41D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS Hosts: S1 {2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64; system32\drivers\{2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64.sys [X] S1 {610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64; system32\drivers\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64.sys [X] BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File BHO: YoutubeAdBlocke -> {5cdd0664-1187-469b-874e-47946ea9c1cb} -> C:\Program Files (x86)\YoutubeAdBlocke\9LA3wavPCxZeRV.x64.dll No File BHO: GoSave -> {a026fb29-63a6-45db-be6a-f7265e210080} -> C:\Program Files (x86)\GoSave\JcUFeJnFEs0rFw.x64.dll No File Toolbar: HKU\S-1-5-21-1578651779-4044669291-1851725983-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EmptyTemp: C:\PROGRA~2\SW-BOO~1 C:\Program Files (x86)\GoSave C:\Program Files (x86)\YoutubeAdBlocke C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\extensions\DN@B.org C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\extensions\Vb@T.org End *************** ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google\Chrome /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows" /v AppInit_DLLs /t REG_SZ /d "" /f ========= The operation completed successfully. ========= End of Reg: ========= ========================= Folder: C:\Windows\System32\Tasks\{4D76E4ED-542F-4AED-9BC6-A35C983ADF41} ======================== The path is not a directory. Processes closed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found. "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not reset Hosts. {2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}Gw64 => Service deleted successfully. {610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw64 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully. "HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. "HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cdd0664-1187-469b-874e-47946ea9c1cb}" => Key deleted successfully. "HKCR\CLSID\{5cdd0664-1187-469b-874e-47946ea9c1cb}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a026fb29-63a6-45db-be6a-f7265e210080}" => Key deleted successfully. "HKCR\CLSID\{a026fb29-63a6-45db-be6a-f7265e210080}" => Key deleted successfully. HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key deleted successfully. "C:\PROGRA~2\SW-BOO~1" => File/Directory not found. "C:\Program Files (x86)\GoSave" => File/Directory not found. "C:\Program Files (x86)\YoutubeAdBlocke" => File/Directory not found. C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\extensions\DN@B.org => Moved successfully. C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\o1fnitda.default\extensions\Vb@T.org => Moved successfully. EmptyTemp: => Removed 409.7 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Dopuna: 26 Nov 2014 18:14 Ne mogu da deinstalram Google Chrome,neće,jednostavno ne reaguje kad kliknem na uninstall.

Profil

magna86 Poslao: 27 Nov 2014 19:00 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo Mirabe, Izvini sto ti ranije nisam odgovarao, nisam nasao vremena za forum. Reci mi, jesi li uspela da uradis deinstalaicju Chrome browsera? Probala si restart pa potom uninstall? U svakom slucaju, preuzmi svez Chrome browser setup i instaliraj aplikaciju. Potom mi dostavi svez FRST izvestaj da proverim da li je stanje ispravno.

Profil

Mirabe Poslao: 27 Nov 2014 20:51 Idi na vrh
offline Mirabe Građanin Pridružio: 30 Dec 2008 Poruke: 193	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uspela sam da ga obrišem,ne treba mi drugi,ionako koristim Firefoks,nemam pojma ko gaje uopšte skinuo. Evo i izveštaj: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01 Ran by mirjana (administrator) on MIRJANA-PC on 27-11-2014 20:47:47 Running from C:\Users\mirjana\Desktop Loaded Profiles: mirjana & Nikola (Available profiles: mirjana & Nikola) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (BitTorrent Inc.) C:\Users\mirjana\AppData\Roaming\uTorrent\uTorrent.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-17] (SUPERAntiSpyware) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [uTorrent] => C:\Users\mirjana\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-26] (BitTorrent Inc.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\...\MountPoints2: {fa0a40e1-b292-11e3-ac22-74d4353a995d} - G:\setup.exe /autorun HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\...\Run: [se] => "C:\Users\Nikola\AppData\Roaming\SkypEmoticons\SE.exe" /minimized HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\...\MountPoints2: {fa0a40e1-b292-11e3-ac22-74d4353a995d} - G:\setup.exe /autorun ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/ HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1BB6D04D8246CF01 HKU\S-1-5-21-1578651779-4044669291-1851725983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page = services.freshy.com/general/newhometab.php?.....1147&guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&i= HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = t.msn.com/ HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99853C4A827ACF01 HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = services.freshy.com/general/newhometab.php?.....1147&guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&i= SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> DefaultScope {2667FCCE-DEB4-41D2-92CA-534E8292675D} URL = search.findwide.com/serp?guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> {2667FCCE-DEB4-41D2-92CA-534E8292675D} URL = search.findwide.com/serp?guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> {AD5E7C6E-576F-4A13-8FFA-639A61C76F99} URL = search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11147 SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> No Name - {6850E5FA-A5BC-4E5D-98BF-2F0105860AEA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016 FF NewTab: hxxp://www.google.com/ FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q= FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1578651779-4044669291-1851725983-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF user.js: detected! => C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\user.js FF Extension: Avira Browser Safety - C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\Extensions\abs@avira.com [2014-11-25] FF Extension: MEGA EXTENSION - C:\Users\mirjana\AppData\Roaming\Mozilla\Firefox\Profiles\pki4np0x.default-1411661550016\Extensions\firefox@mega.co.nz.xpi [2014-11-26] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10] Chrome: ======= CHR Profile: C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28] CHR Extension: (Google Wallet) - C:\Users\mirjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-24] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-24] (Avira Operations GmbH & Co. KG) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation) S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.) S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation) S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-23] (Disc Soft Ltd) S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-03-23] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-23] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-28] (Duplex Secure Ltd.) S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () U3 aw979ou7; C:\Windows\System32\Drivers\aw979ou7.sys [0 ] (Advanced Micro Devices) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-27 20:47 - 2014-11-27 20:48 - 00017688 _____ () C:\Users\mirjana\Desktop\FRST.txt 2014-11-27 20:47 - 2014-11-27 20:47 - 00000000 ____D () C:\Users\mirjana\Desktop\FRST-OlderVersion 2014-11-26 19:58 - 2014-11-26 19:58 - 00000000 ____D () C:\Users\mirjana\Desktop\saves 2014-11-26 19:56 - 2014-11-26 19:56 - 00000000 ____D () C:\Users\mirjana\Desktop\Support 2014-11-26 19:56 - 2014-11-09 02:29 - 00000000 ____D () C:\Users\mirjana\Desktop\Game 2014-11-26 19:56 - 2014-11-09 02:29 - 00000000 ____D () C:\Users\mirjana\Desktop\Data 2014-11-26 19:28 - 2014-11-26 19:28 - 00000000 ____D () C:\Users\mirjana\Desktop\PROGRAMI 2014-11-26 19:24 - 2014-11-26 19:27 - 00000000 ____D () C:\Users\mirjana\Desktop\IGRICE 2014-11-26 14:52 - 2014-11-26 14:52 - 00000000 ____D () C:\Users\Nikola\AppData\Local\SKIDROW 2014-11-26 14:52 - 2014-11-26 14:52 - 00000000 ____D () C:\Users\Nikola\AppData\Local\Game Updater 2014-11-25 19:14 - 2014-11-25 19:14 - 00000000 ____D () C:\Users\mirjana\AppData\Local\SKIDROW 2014-11-25 19:14 - 2014-11-25 19:14 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Game Updater 2014-11-25 19:00 - 2014-11-25 19:00 - 00000924 _____ () C:\Users\Nikola\Desktop\Call of Duty - Ghosts.lnk 2014-11-25 18:39 - 2014-11-25 18:39 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Setup Integrity Check 2014-11-25 15:55 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-11-25 15:52 - 2014-11-24 20:41 - 00046048 _____ () C:\zoek-results2014-11-24-194148.log 2014-11-25 14:25 - 2014-11-25 18:13 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-24 20:23 - 2014-11-25 15:56 - 00039896 _____ () C:\zoek-results.log 2014-11-24 20:22 - 2014-11-25 15:54 - 00000000 ____D () C:\zoek_backup 2014-11-24 20:22 - 2014-11-24 20:22 - 00003192 _____ () C:\Windows\System32\Tasks\{4D76E4ED-542F-4AED-9BC6-A35C983ADF41} 2014-11-24 20:20 - 2014-11-24 20:20 - 00000697 _____ () C:\Users\mirjana\Desktop\uputstvo.txt 2014-11-24 19:17 - 2014-11-27 20:47 - 02117632 _____ (Farbar) C:\Users\mirjana\Desktop\FRST64.exe 2014-11-24 19:17 - 2014-11-27 20:47 - 00000000 ____D () C:\FRST 2014-11-24 16:03 - 2014-11-24 16:03 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\AMD 2014-11-24 16:00 - 2014-11-24 16:00 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2014-11-24 14:46 - 2014-11-24 16:21 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\.minecraft 2014-11-23 13:58 - 2014-11-23 13:58 - 00003164 _____ () C:\Windows\System32\Tasks\{EFDF3296-EFDD-4879-B57D-4921C43B60C5} 2014-11-23 13:47 - 2014-11-23 13:47 - 00003124 _____ () C:\Windows\System32\Tasks\{CE407C24-2FD9-4560-BD04-B72F234D6AE0} 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieUserList 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieSiteList 2014-11-22 21:02 - 2014-11-22 21:02 - 00000000 __SHD () C:\Users\Nikola\AppData\Local\EmieBrowserModeList 2014-11-22 14:58 - 2014-11-22 14:58 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meridian Age of Invention 2014-11-21 15:58 - 2014-11-21 15:58 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-11-19 12:40 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 12:40 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 12:40 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 12:40 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-13 06:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 06:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 06:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 06:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 06:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 06:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 06:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 06:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 06:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 06:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 06:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 06:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 06:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 06:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 06:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 06:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 06:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 06:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 06:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 06:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 06:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 06:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 06:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 06:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 06:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 06:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 06:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 06:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 06:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 06:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 06:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 06:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 06:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 06:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 06:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 06:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 06:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 06:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 06:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 06:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 06:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 06:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 06:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 06:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 06:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 06:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 06:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 06:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 06:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 06:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 06:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 06:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 06:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 06:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 06:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 06:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 06:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 06:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 06:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 06:18 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 06:18 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 06:18 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 06:18 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 06:18 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 06:18 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 06:18 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 06:18 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 06:18 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 06:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 06:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 06:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 06:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 06:16 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 06:16 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 06:16 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 06:16 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 06:16 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 06:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 06:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 06:14 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 06:14 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 06:14 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 06:14 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 06:14 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 06:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 06:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-10 19:34 - 2014-11-10 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 15:44 - 2014-11-10 15:44 - 00000907 _____ () C:\Users\mirjana\Desktop\Principi hronodijete.txt 2014-11-10 14:09 - 2014-11-12 18:16 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-11-10 14:09 - 2014-11-10 14:09 - 00001011 _____ () C:\Users\Nikola\Desktop\SpeedFan.lnk 2014-11-10 14:09 - 2014-11-10 14:09 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo 2014-11-10 14:09 - 2014-11-10 14:09 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-11-10 14:09 - 2014-11-10 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-11-10 13:19 - 2014-11-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2014-11-10 13:19 - 2014-11-10 13:19 - 00000000 ____D () C:\Program Files (x86)\FinalWire 2014-11-08 15:03 - 2014-11-08 15:03 - 00000000 ____D () C:\Users\mirjana\AppData\Local\JollyBear 2014-11-08 15:03 - 2014-11-08 15:03 - 00000000 ____D () C:\ProgramData\JollyBear 2014-11-08 14:56 - 2014-11-09 19:10 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Adobe 2014-10-29 10:33 - 2014-10-29 10:33 - 00003501 _____ () C:\Users\mirjana\Desktop\MTS_TwistedMexi_1463685_tmex-moveobjects.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-27 20:48 - 2014-03-23 11:42 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\uTorrent 2014-11-27 20:26 - 2014-03-23 19:12 - 01160477 _____ () C:\Windows\WindowsUpdate.log 2014-11-27 20:10 - 2014-03-23 21:28 - 00000000 ____D () C:\Users\mirjana\AppData\Roaming\Skype 2014-11-27 20:09 - 2014-03-23 13:54 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-11-27 19:59 - 2014-03-23 13:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-27 19:56 - 2014-03-23 14:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-27 14:54 - 2014-03-31 18:55 - 00000000 ____D () C:\Users\Nikola\AppData\Local\CrashDumps 2014-11-27 14:26 - 2014-03-23 14:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-27 12:17 - 2009-07-14 05:45 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-27 12:17 - 2009-07-14 05:45 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-27 12:09 - 2014-04-05 12:04 - 00214518 _____ () C:\Windows\setupact.log 2014-11-27 12:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-26 19:42 - 2014-10-23 20:18 - 00022528 ___SH () C:\Users\mirjana\Documents\Thumbs.db 2014-11-26 19:35 - 2014-03-30 15:38 - 00000000 ____D () C:\Users\mirjana\AppData\Local\CrashDumps 2014-11-26 19:28 - 2014-10-24 18:07 - 00001289 _____ () C:\Users\Public\Desktop\The Sims™ 4.lnk 2014-11-26 19:28 - 2014-10-24 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\The Sims 4 2014-11-26 18:17 - 2014-03-23 14:29 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-26 18:06 - 2014-04-09 20:24 - 02210678 _____ () C:\Windows\PFRO.log 2014-11-25 20:59 - 2014-03-23 13:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-25 20:59 - 2014-03-23 13:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-25 20:59 - 2014-03-23 13:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-25 19:01 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-11-25 19:00 - 2014-04-21 09:42 - 00192440 _____ () C:\Windows\DirectX.log 2014-11-25 18:13 - 2014-03-23 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-25 18:13 - 2014-03-23 11:48 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-25 16:52 - 2014-03-24 13:43 - 00690266 _____ () C:\Windows\system32\perfh00C.dat 2014-11-25 16:52 - 2014-03-24 13:43 - 00478818 _____ () C:\Windows\system32\perfh001.dat 2014-11-25 16:52 - 2014-03-24 13:43 - 00129844 _____ () C:\Windows\system32\perfc00C.dat 2014-11-25 16:52 - 2014-03-24 13:43 - 00094558 _____ () C:\Windows\system32\perfc001.dat 2014-11-25 16:52 - 2014-03-24 13:12 - 00696758 _____ () C:\Windows\system32\perfh007.dat 2014-11-25 16:52 - 2014-03-24 13:12 - 00148770 _____ () C:\Windows\system32\perfc007.dat 2014-11-25 16:52 - 2009-07-14 06:13 - 02992454 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-25 14:26 - 2014-03-23 11:48 - 00000000 ____D () C:\ProgramData\Avira 2014-11-24 21:04 - 2014-05-02 18:04 - 00000000 ____D () C:\ProgramData\TEMP 2014-11-24 20:41 - 2014-07-23 09:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-11-24 20:36 - 2014-07-23 09:22 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Comodo 2014-11-24 20:36 - 2014-03-23 14:29 - 00000000 ____D () C:\Users\mirjana\AppData\Local\Google 2014-11-24 20:34 - 2014-03-25 00:27 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-11-24 20:34 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-11-24 20:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-11-24 19:16 - 2014-03-23 14:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-24 18:56 - 2014-03-23 17:50 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-11-24 18:55 - 2014-03-23 11:49 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-24 18:55 - 2014-03-23 11:49 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-23 19:23 - 2014-07-22 08:57 - 00000000 ____D () C:\Users\Nikola\AppData\Local\Microsoft Games 2014-11-23 19:14 - 2014-03-23 13:20 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-11-23 13:57 - 2014-03-23 11:39 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-23 13:57 - 2014-03-23 11:39 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-23 13:57 - 2014-03-23 11:24 - 00001417 _____ () C:\Users\mirjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-22 22:50 - 2014-05-08 16:28 - 00000000 ____D () C:\Users\Nikola\AppData\Roaming\Skype 2014-11-22 21:09 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini 2014-11-22 21:02 - 2014-03-27 10:28 - 00000000 ____D () C:\Users\Nikola 2014-11-22 21:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2014-11-22 14:50 - 2014-10-24 18:08 - 00000000 ____D () C:\Users\mirjana\Documents\Electronic Arts 2014-11-22 10:24 - 2014-06-21 18:31 - 00000000 ____D () C:\Program Files (x86)\Tropico 5 2014-11-22 10:22 - 2014-03-23 14:31 - 00000000 ____D () C:\ProgramData\Norton 2014-11-18 18:35 - 2014-03-23 16:10 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-11-16 08:29 - 2009-07-14 06:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-15 22:51 - 2014-03-23 14:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 22:51 - 2014-03-23 14:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-15 16:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-14 22:22 - 2014-05-05 22:13 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-14 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA 2014-11-14 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-11-13 12:13 - 2009-07-14 05:45 - 00311760 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-13 06:22 - 2014-03-24 11:41 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-13 06:19 - 2014-03-24 11:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 06:59 - 2014-03-23 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-06 09:51 - 2014-03-23 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-02 13:21 - 2014-09-24 23:53 - 00002852 _____ () C:\Users\mirjana\Desktop\tmex-moveobjects.zip 2014-11-01 04:11 - 2014-03-23 11:24 - 00000000 ____D () C:\Users\mirjana Some content of TEMP: ==================== C:\Users\mirjana\AppData\Local\Temp\avgnt.exe C:\Users\Nikola\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 16:22 ==================== End Of Log ============================

Profil

magna86 Poslao: 29 Nov 2014 01:07 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:Uspela sam da ga obrišem,ne treba mi drugi,ionako koristim Firefoks,nemam pojma ko gaje uopšte skinuo. Evo i izveštaj: Google Chrome je bio kompromitovan novom varijantom malware-a koju si imala, a imala si poprilican broj aktivnog. Slobodno ti sada instaliraj Google Chrome. Sledeci script vrsi neko zavrsno ciscenje ... 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: Start Folder: C:\Users\Nikola\AppData\Roaming\SkypEmoticons Folder: C:\Windows\System32\Tasks\{4D76E4ED-542F-4AED-9BC6-A35C983ADF41} REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f CloseProcesses: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://services.freshy.com/general/newhometab.php?.....1147&guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&i= HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/general/newhometab.php?.....1147&guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&i= SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> DefaultScope {2667FCCE-DEB4-41D2-92CA-534E8292675D} URL = http://search.findwide.com/serp?guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> {2667FCCE-DEB4-41D2-92CA-534E8292675D} URL = http://search.findwide.com/serp?guid={A2D43EE7-C241-435D-8105-7D428F7B56BE}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/10/15&hid=18134947505762981530&lg=EN&cc=RS Hosts: HKU\S-1-5-21-1578651779-4044669291-1851725983-1005\...\Run: [se] => "C:\Users\Nikola\AppData\Roaming\SkypEmoticons\SE.exe" /minimized RemoveDirectory: C:\zoek_backup RemoveDirectory: C:\FRST\Quarantine EmptyTemp: C:\Users\Nikola\AppData\Roaming\SkypEmoticons\SE.exe End 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Reklame iskaču kao lude

Ko je trenutno na forumu

Ukupno su 1110 korisnika na forumu :: 53 registrovanih, 5 sakrivenih i 1052 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., babaroga, bojank, BORUTUS, debeli, djboj, doklevise, DonRumataEstorski, elenemste, flash12, FOX, gmlale, goxin, havoc995, HrcAk47, hyla, Ilija Cvorovic, JimmyNapoli, Karla, Krvava Devetka, ksyyaj, Kubovac, kunktator, laki_bb, Leonov, Magistar78, MaksicZoran, Marko Marković, MB120mm, Mi lao shu, mile09, Milometer, mkukoleca, Ne doznajem se u oružje, nuke92, Oscar, panzerwaffe, Parker, RJ, robert1979, ruger357, sasa76, sasakrajina, Smiljke, Stefan M, Sumadija34, suton, Vlada1389, wolverined4, zdrebac, zziko, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by