Šaljem facebook virus

1

Šaljem facebook virus

offline
  • Pridružio: 27 Okt 2011
  • Poruke: 32
  • Gde živiš: Starcevo

Slabo koristim a redovno saljem virus Very Happy

Koristim avast, koristio sam mbam koji je nasao neke problemcice i stavio u karantin. Neznam dal ce sada slati vise virus, ali je jutros pri paljenju kompa poslao svima.

----------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Borko (administrator) on BORKO-PC on 17-05-2014 09:22:42
Running from C:\Users\Borko\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
() C:\Users\Borko\AppData\Local\Viber\Viber.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\My Vapor Record\MVR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-12] (AVAST Software)
HKU\S-1-5-21-2573452926-3300673817-3940925064-1000\...\Run: [MCShield] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe
HKU\S-1-5-21-2573452926-3300673817-3940925064-1000\...\Run: [Viber] => C:\Users\Borko\AppData\Local\Viber\Viber.exe [936456 2013-12-02] ()
HKU\S-1-5-21-2573452926-3300673817-3940925064-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MVR.Lnk
ShortcutTarget: MVR.Lnk -> C:\Program Files\My Vapor Record\MVR.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x123F1E267F38CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3133085D-B5E4-4730-BDEA-19DB102B6AC5} URL = search.conduit.com/Results.aspx?gd=&cti.....712&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&r=949
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4CD6C626D8C66C5&affID=128403&tsp=5248
SearchScopes: HKCU - {3133085D-B5E4-4730-BDEA-19DB102B6AC5} URL = search.conduit.com/Results.aspx?gd=&cti.....712&q={searchTerms}&SSPV=
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = daemon-search.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740
FF user.js: detected! => C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740\user.js
FF Homepage: google.rs/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Exif Viewer - C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-05-02]
FF Extension: Adblock Plus - C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []

Chrome:
=======
CHR HomePage: google.rs/
CHR DefaultSearchURL: google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultNewTabURL:
CHR Extension: (Google документи) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-08]
CHR Extension: (Google диск) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-08]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-05-17]
CHR Extension: (YouTube) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (Adblock Plus) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-08]
CHR Extension: (Google претрага) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (BitTorrentControl_v12) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2014-03-08]
CHR Extension: (Freemake Video Converter) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-08]
CHR Extension: (Google новчаник) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-08]
CHR Extension: (Gmail) - C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Borko\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Borko\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-12] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-12] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-12] ()
S3 DCamUSBTP10; C:\Windows\System32\Drivers\iP293x.sys [253696 2008-01-29] (iPassion Technology Inc.)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [14848 2008-11-10] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [16384 2008-11-10] (Marvell Semiconductor, Inc.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-02-22] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203320 2012-02-24] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-18] (StdLib)
U3 a67wslxq; C:\Windows\System32\Drivers\a67wslxq.sys [0 ] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 zghsser; system32\DRIVERS\zghsser.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 09:22 - 2014-05-17 09:22 - 00015626 _____ () C:\Users\Borko\Desktop\FRST.txt
2014-05-17 09:22 - 2014-05-17 09:22 - 00000000 ____D () C:\FRST
2014-05-17 09:21 - 2014-05-17 09:22 - 02067456 _____ (Farbar) C:\Users\Borko\Desktop\FRST64.exe
2014-05-17 08:36 - 2014-05-17 08:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 08:36 - 2014-05-17 08:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 08:36 - 2014-05-17 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 08:35 - 2014-05-17 08:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 08:35 - 2014-05-17 08:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 08:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 08:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 08:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 08:34 - 2014-05-17 08:34 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-17 08:30 - 2014-05-17 08:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Borko\Desktop\mbam-setup-consumer-2.0.2.1012.exe
2014-05-17 08:26 - 2014-05-17 08:26 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\ProductData
2014-05-17 08:25 - 2014-05-17 08:34 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-17 08:25 - 2014-05-17 08:25 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-05-17 08:24 - 2014-05-17 08:34 - 00000000 ____D () C:\ProgramData\IObit
2014-05-17 08:24 - 2014-05-17 08:27 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\IObit
2014-05-17 08:24 - 2014-05-17 08:27 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-05-16 06:13 - 2014-05-17 08:48 - 00012032 _____ () C:\Windows\PFRO.log
2014-05-15 13:24 - 2014-05-15 13:24 - 00000000 ____D () C:\Users\Borko\AppData\Local\Cool_Mirage
2014-05-13 16:29 - 2014-05-13 16:31 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\vlc
2014-05-13 16:29 - 2014-05-13 16:29 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-13 16:29 - 2014-05-13 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-12 16:26 - 2014-05-17 08:48 - 00000392 _____ () C:\Windows\setupact.log
2014-05-12 16:26 - 2014-05-12 16:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 14:49 - 2014-05-12 14:49 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\AVAST Software
2014-05-12 14:47 - 2014-05-15 14:47 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 14:47 - 2014-05-12 14:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-12 14:47 - 2014-05-12 14:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-12 14:47 - 2014-05-12 14:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-09 20:54 - 2014-05-09 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-05 20:06 - 2014-05-05 20:06 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-05 20:06 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-05 20:06 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-05 20:06 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-05 20:06 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-05 20:05 - 2014-05-05 20:05 - 00921512 _____ (Oracle Corporation) C:\Users\Borko\Downloads\chromeinstall-7u55.exe
2014-04-29 21:16 - 2014-04-29 21:16 - 00000000 ____D () C:\Users\Borko\Desktop\Klima količina gasa
2014-04-27 17:56 - 2014-05-02 16:04 - 00000000 ____D () C:\Users\Borko\Desktop\Untitled Export
2014-04-27 17:35 - 2014-04-27 17:35 - 00000000 ____D () C:\Users\Borko\Documents\Adobe
2014-04-27 10:23 - 2014-04-27 10:39 - 00000000 ____D () C:\Users\Borko\Desktop\ibm
2014-04-23 15:31 - 2014-04-23 15:31 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-04-23 15:31 - 2014-04-23 15:31 - 00000000 ____D () C:\Windows\en
2014-04-23 15:30 - 2014-04-23 15:30 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-21 20:49 - 2014-04-21 20:51 - 00000882 _____ () C:\Users\Borko\Desktop\MVR.Lnk
2014-04-21 20:49 - 2014-04-21 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Vapor Record
2014-04-20 21:41 - 2014-04-26 20:24 - 00000000 ____D () C:\Users\Borko\Desktop\dragan
2014-04-20 21:40 - 2014-05-02 15:40 - 00000000 ____D () C:\Users\Borko\Desktop\cr2
2014-04-19 21:51 - 2014-04-19 21:52 - 00000008 __RSH () C:\Users\Borko\ntuser.pol
2014-04-19 20:16 - 2014-04-19 20:16 - 00002075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.4 64-bit.lnk
2014-04-19 20:16 - 2014-04-19 20:16 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.4 64-bit.lnk
2014-04-19 20:16 - 2014-04-19 20:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-19 20:15 - 2014-04-19 20:15 - 00000000 ____D () C:\Program Files\Adobe
2014-04-19 14:02 - 2014-04-19 14:06 - 00000000 ____D () C:\Users\Borko\Desktop\sx220hs
2014-04-19 01:31 - 2014-04-19 01:31 - 00003058 _____ () C:\Windows\System32\Tasks\{700DE113-372B-4650-828A-3A2E4A3EEB0B}
2014-04-19 01:27 - 2014-04-19 01:27 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-04-18 17:39 - 2014-04-18 17:39 - 00000000 ____D () C:\Users\Borko\AppData\Local\TuneUp Software
2014-04-18 17:36 - 2014-04-18 17:36 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\PowerISO
2014-04-18 15:13 - 2014-04-18 15:13 - 00000000 ____D () C:\Users\Borko\Desktop\za televizor
2014-04-18 10:24 - 2014-04-18 10:24 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\Canneverbe Limited
2014-04-18 10:24 - 2014-04-18 10:24 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-04-18 09:11 - 2014-04-18 09:11 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-17 18:49 - 2014-05-02 15:38 - 00000000 ____D () C:\Users\Borko\Desktop\slike
2014-04-17 17:53 - 2014-04-17 17:53 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\TuneUp Software
2014-04-17 17:52 - 2014-04-18 17:38 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-17 17:52 - 2014-04-17 17:53 - 00000000 ____D () C:\ProgramData\TuneUp Software

==================== One Month Modified Files and Folders =======

2014-05-17 09:22 - 2014-05-17 09:22 - 00015626 _____ () C:\Users\Borko\Desktop\FRST.txt
2014-05-17 09:22 - 2014-05-17 09:22 - 00000000 ____D () C:\FRST
2014-05-17 09:22 - 2014-05-17 09:21 - 02067456 _____ (Farbar) C:\Users\Borko\Desktop\FRST64.exe
2014-05-17 09:11 - 2013-02-22 17:13 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\Skype
2014-05-17 08:51 - 2013-02-22 16:51 - 01452439 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 08:49 - 2014-05-17 08:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 08:49 - 2013-12-29 21:03 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\ViberPC
2014-05-17 08:49 - 2013-12-29 21:02 - 00000000 ____D () C:\Users\Borko\AppData\Local\Viber
2014-05-17 08:49 - 2013-02-22 17:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-17 08:48 - 2014-05-16 06:13 - 00012032 _____ () C:\Windows\PFRO.log
2014-05-17 08:48 - 2014-05-12 16:26 - 00000392 _____ () C:\Windows\setupact.log
2014-05-17 08:48 - 2014-03-08 10:08 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-17 08:48 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 08:36 - 2014-05-17 08:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 08:36 - 2014-05-17 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 08:36 - 2014-05-17 08:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 08:35 - 2014-05-17 08:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 08:34 - 2014-05-17 08:34 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-17 08:34 - 2014-05-17 08:25 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-17 08:34 - 2014-05-17 08:24 - 00000000 ____D () C:\ProgramData\IObit
2014-05-17 08:33 - 2013-02-22 18:59 - 00000000 ____D () C:\Program Files (x86)\MCShield
2014-05-17 08:33 - 2013-02-22 18:54 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-17 08:31 - 2014-05-17 08:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Borko\Desktop\mbam-setup-consumer-2.0.2.1012.exe
2014-05-17 08:31 - 2009-07-13 20:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 08:31 - 2009-07-13 20:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 08:27 - 2014-05-17 08:24 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\IObit
2014-05-17 08:27 - 2014-05-17 08:24 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-05-17 08:26 - 2014-05-17 08:26 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\ProductData
2014-05-17 08:25 - 2014-05-17 08:25 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-05-17 08:25 - 2013-05-13 19:40 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\Apple Computer
2014-05-17 08:24 - 2014-03-08 10:08 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-17 07:10 - 2013-02-22 18:59 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\MCShield
2014-05-17 07:10 - 2013-02-22 17:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 07:10 - 2013-02-22 17:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 16:28 - 2014-03-08 10:09 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 14:47 - 2014-05-12 14:47 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 14:47 - 2013-02-22 17:34 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 14:47 - 2013-02-22 17:34 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 13:24 - 2014-05-15 13:24 - 00000000 ____D () C:\Users\Borko\AppData\Local\Cool_Mirage
2014-05-14 15:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-13 16:31 - 2014-05-13 16:29 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\vlc
2014-05-13 16:29 - 2014-05-13 16:29 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-13 16:29 - 2014-05-13 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-13 16:28 - 2013-03-10 16:07 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-12 16:26 - 2014-05-12 16:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 14:49 - 2014-05-12 14:49 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\AVAST Software
2014-05-12 14:47 - 2014-05-12 14:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-12 14:47 - 2014-05-12 14:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-12 14:47 - 2014-05-12 14:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-12 14:47 - 2013-02-22 17:34 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400194074988
2014-05-12 14:47 - 2013-02-22 17:34 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400194074988
2014-05-12 14:47 - 2013-02-22 17:34 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-12 14:47 - 2013-02-22 17:34 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-12 14:47 - 2013-02-22 17:34 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-12 14:47 - 2013-02-22 17:34 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-12 14:47 - 2013-02-22 17:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-12 14:44 - 2013-02-22 17:34 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-12 14:44 - 2013-02-22 17:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-12 07:26 - 2014-05-17 08:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-17 08:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-17 08:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 08:38 - 2013-02-22 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 20:54 - 2014-05-09 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 21:19 - 2014-03-08 10:08 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:19 - 2014-03-08 10:08 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 20:06 - 2014-05-05 20:06 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-05 20:06 - 2013-10-16 13:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-05 20:06 - 2013-07-07 21:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-05 20:05 - 2014-05-05 20:05 - 00921512 _____ (Oracle Corporation) C:\Users\Borko\Downloads\chromeinstall-7u55.exe
2014-05-04 08:16 - 2009-07-13 21:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-02 16:04 - 2014-04-27 17:56 - 00000000 ____D () C:\Users\Borko\Desktop\Untitled Export
2014-05-02 15:40 - 2014-04-20 21:40 - 00000000 ____D () C:\Users\Borko\Desktop\cr2
2014-05-02 15:38 - 2014-04-17 18:49 - 00000000 ____D () C:\Users\Borko\Desktop\slike
2014-04-29 21:16 - 2014-04-29 21:16 - 00000000 ____D () C:\Users\Borko\Desktop\Klima količina gasa
2014-04-27 17:35 - 2014-04-27 17:35 - 00000000 ____D () C:\Users\Borko\Documents\Adobe
2014-04-27 17:35 - 2013-02-22 17:27 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\Adobe
2014-04-27 16:57 - 2013-12-27 19:43 - 00000000 ____D () C:\Users\Borko\AppData\Local\genienext
2014-04-27 10:39 - 2014-04-27 10:23 - 00000000 ____D () C:\Users\Borko\Desktop\ibm
2014-04-27 10:06 - 2009-07-13 21:13 - 00782922 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 20:24 - 2014-04-20 21:41 - 00000000 ____D () C:\Users\Borko\Desktop\dragan
2014-04-24 18:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-23 15:31 - 2014-04-23 15:31 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-04-23 15:31 - 2014-04-23 15:31 - 00000000 ____D () C:\Windows\en
2014-04-23 15:31 - 2013-04-14 15:27 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-04-23 15:30 - 2014-04-23 15:30 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-23 15:30 - 2013-04-25 19:34 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-04-23 15:30 - 2013-02-22 20:36 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-21 20:51 - 2014-04-21 20:49 - 00000882 _____ () C:\Users\Borko\Desktop\MVR.Lnk
2014-04-21 20:49 - 2014-04-21 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Vapor Record
2014-04-21 20:49 - 2013-03-30 13:55 - 00000000 ____D () C:\Program Files\My Vapor Record
2014-04-21 20:49 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 09:46 - 2014-01-18 15:41 - 00000000 ____D () C:\Users\Borko\AppData\Local\Sony
2014-04-20 09:46 - 2014-01-18 15:41 - 00000000 ____D () C:\ProgramData\Sony
2014-04-20 09:45 - 2013-02-22 19:07 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\BitTorrent
2014-04-20 09:45 - 2013-02-22 19:05 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\DAEMON Tools Lite
2014-04-20 09:45 - 2013-02-22 18:54 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\Winamp
2014-04-20 09:40 - 2013-02-22 19:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-19 21:52 - 2014-04-19 21:51 - 00000008 __RSH () C:\Users\Borko\ntuser.pol
2014-04-19 21:52 - 2013-02-22 16:59 - 00000000 ____D () C:\Users\Borko
2014-04-19 21:47 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-19 21:37 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-04-19 20:23 - 2013-02-22 19:10 - 00000000 ____D () C:\Users\Borko\AppData\Local\Adobe
2014-04-19 20:16 - 2014-04-19 20:16 - 00002075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.4 64-bit.lnk
2014-04-19 20:16 - 2014-04-19 20:16 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.4 64-bit.lnk
2014-04-19 20:16 - 2014-04-19 20:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-19 20:16 - 2013-02-22 19:10 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-19 20:15 - 2014-04-19 20:15 - 00000000 ____D () C:\Program Files\Adobe
2014-04-19 14:06 - 2014-04-19 14:02 - 00000000 ____D () C:\Users\Borko\Desktop\sx220hs
2014-04-19 01:31 - 2014-04-19 01:31 - 00003058 _____ () C:\Windows\System32\Tasks\{700DE113-372B-4650-828A-3A2E4A3EEB0B}
2014-04-19 01:27 - 2014-04-19 01:27 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-04-18 19:41 - 2013-12-27 19:42 - 00000000 ____D () C:\Program Files (x86)\SecretSauce
2014-04-18 17:39 - 2014-04-18 17:39 - 00000000 ____D () C:\Users\Borko\AppData\Local\TuneUp Software
2014-04-18 17:38 - 2014-04-17 17:52 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-18 17:36 - 2014-04-18 17:36 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\PowerISO
2014-04-18 15:40 - 2009-07-13 18:34 - 00000739 _____ () C:\Windows\win.ini
2014-04-18 15:13 - 2014-04-18 15:13 - 00000000 ____D () C:\Users\Borko\Desktop\za televizor
2014-04-18 10:24 - 2014-04-18 10:24 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\Canneverbe Limited
2014-04-18 10:24 - 2014-04-18 10:24 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-04-18 09:11 - 2014-04-18 09:11 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-17 17:57 - 2013-02-22 19:02 - 00000000 ____D () C:\Users\Borko\Documents\GomPlayer
2014-04-17 17:53 - 2014-04-17 17:53 - 00000000 ____D () C:\Users\Borko\AppData\Roaming\TuneUp Software
2014-04-17 17:53 - 2014-04-17 17:52 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-17 17:51 - 2013-02-22 19:03 - 00001213 _____ () C:\Users\Borko\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2014-04-17 17:51 - 2013-02-22 19:02 - 00001189 _____ () C:\Users\Public\Desktop\GOM Player.lnk

Some content of TEMP:
====================
C:\Users\Borko\AppData\Local\Temp\libcurl-4.dll
C:\Users\Borko\AppData\Local\Temp\pthreadGC2.dll
C:\Users\Borko\AppData\Local\Temp\zlib1.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 07:11

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav borkostar,

Voleo bih da vidim MBAM-ov izvestaj. Postaviti izvestaj (export-ovati logfile) na uvid;

Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.

1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.





.





Prvo iz Control Panel-a (Start > Control Panel) > Programs and Features deinstaliraj MovieDownloader. Ukoliko iz nekog razloga program odbija deinstalaciju preskoci ga i predji na sledeci korak.



Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

StartUpAll;
C:\Program Files\My Vapor Record\MVR.exe;i
C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D};vs
EmptyCLSID;
dknkjnkhedbanphkkpbpcgoblmkbfhlf;chr
dknkjnkhedbanphkkpbpcgoblmkbfhlf;chr
C:\Users\Borko\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx;f
C:\Users\Borko\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx;f
LiveUpdateSvc;s
C:\Program Files (x86)\IObit;fs
C:\ProgramData\IObit;fs
C:\Users\Borko\AppData\Roaming\IObit;fs
1ClickDownload;u
AutoClean;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 27 Okt 2011
  • Poruke: 32
  • Gde živiš: Starcevo

Napisano: 17 Maj 2014 14:13

mbam

mycity.rs/must-login.png


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Borko on Sat 05/17/2014 at 13:38:17.98.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Borko\Desktop\zoek\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

5/17/2014 1:39:24 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3133085D-B5E4-4730-BDEA-19DB102B6AC5} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51C78168-EAD3-43B1-ABDA-F288B583E6C0} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51C78168-EAD3-43B1-ABDA-F288B583E6C0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{0FFD0EF2-DBE9-483A-80C4-D2C331DA1CE4} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{51C78168-EAD3-43B1-ABDA-F288B583E6C0} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully

==== File Information Results ======================


--- C:\Program Files\My Vapor Record\MVR.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ------w-
File size: 1291264
Created time: 2013-04-12 17:33:47
Modified time: 2013-04-12 17:33:47
MD5: 0B85BB3C1F7B1E03E9982E7325D25692
SHA1: 834823320F96676D39FDD9EE7424E3C9BF21D6E3


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdateSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LiveUpdateSvc deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740

---- Lines buenosearch removed from prefs.js ----
user_pref("extensions.buenosearch.admin", false);
user_pref("extensions.buenosearch.aflt", "babsst");
user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
user_pref("extensions.buenosearch.autoRvrt", "false");
user_pref("extensions.buenosearch.dfltLng", "en");
user_pref("extensions.buenosearch.excTlbr", false);
user_pref("extensions.buenosearch.ffxUnstlRst", true);
user_pref("extensions.buenosearch.id", "b4cd239e0000000000006c626d8c66c5");
user_pref("extensions.buenosearch.instlDay", "16205");
user_pref("extensions.buenosearch.instlRef", "sst");
user_pref("extensions.buenosearch.newTab", false);
user_pref("extensions.buenosearch.prdct", "buenosearch");
user_pref("extensions.buenosearch.prtnrId", "buenosearch");
user_pref("extensions.buenosearch.rvrt", "false");
user_pref("extensions.buenosearch.smplGrp", "none");
user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=B4CD6C626D8C66C5&affID=128403&tsp=5248");
user_pref("extensions.buenosearch.tlbrId", "base");
user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=B4CD6C626D8C66C5&affID=128403&tsp=524
user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
user_pref("extensions.buenosearch.vrsnTs", "1.8.28.713:24:54");
user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
---- Lines suggestor removed from prefs.js ----
user_pref("extensions.WinToFlashSuggestor.aid", "10045");
user_pref("extensions.WinToFlashSuggestor.uid", "a9df31fd91f1318aa6215d74dbf1677f");
---- FireFox user.js and prefs.js backups ----

user_20140517_0155_.backup
prefs_20140517_0155_.backup

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\IObit deleted
C:\ProgramData\IObit deleted
C:\Users\Borko\AppData\Roaming\IObit deleted
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Users\Borko\AppData\Local\genienext deleted
C:\Users\Borko\daemonprocess.txt deleted
C:\Users\Borko\.android deleted
C:\PROGRA~2\DAEMON Tools Toolbar deleted
C:\PROGRA~2\SecretSauce deleted
C:\PROGRA~2\Conduit deleted
C:\Users\Borko\AppData\Roaming\Babylon deleted
C:\Users\Borko\AppData\Roaming\NCdownloader deleted
C:\Users\Borko\ia_remove.sh6516.tmp deleted
C:\Users\Borko\ia_remove.sh7801.tmp deleted
C:\PROGRA~3\StarApp deleted
C:\PROGRA~3\SoftSafe deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Tarma Installer deleted
C:\PROGRA~3\Babylon deleted
C:\PROGRA~3\Package Cache deleted
C:\PROGRA~3\SummerSoft deleted
C:\Users\Borko\AppData\Local\CRE deleted
C:\Users\Borko\AppData\Local\avgchrome deleted
C:\Users\Borko\AppData\Local\Mobogenie deleted
C:\Users\Borko\AppData\Local\cache deleted
C:\Users\Borko\AppData\Local\Cool_Mirage deleted
C:\Users\Borko\AppData\Local\Conduit deleted
C:\Users\Borko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted
C:\Users\Borko\AppData\LocalLow\ADSRemoval deleted
C:\Users\Borko\AppData\LocalLow\Conduit deleted
C:\user.js deleted
C:\Windows\Syswow64\lMMLDeleteUserData42107612FX.tmp deleted
C:\Users\Borko\Documents\Mobogenie deleted
C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740\Invalidprefs.js deleted
"C:\Users\Borko\AppData\Roaming\HTC" deleted
"C:\Users\Borko\AppData\Roaming\Samsung" deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Viber"="C:\Users\Borko\AppData\Local\Viber\Viber.exe StartMinimized"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Viber"="C:\Users\Borko\AppData\Local\Viber\Viber.exe StartMinimized"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MVR.Lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MVR.Lnk"
"backup"="C:\\Windows\\pss\\MVR.Lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\MYVAPO~1\\MVR.exe -1"
"item"="MVR"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer6]


==== Startup Folders ======================

2014-04-22 04:49:36 862 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MVR.Lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/08/2014 10:08 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{7FF3E889-B827-4708-92B6-5F84BA0EE11D}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [09/12/2013 03:44 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740
- Exif Viewer - %ProfilePath%\extensions\exif_viewer@mozilla.doslash.org.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
acaoakiamfeidcmgooclgeleejkbaecf - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx[]
dknkjnkhedbanphkkpbpcgoblmkbfhlf - C:\Users\Borko\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx[]
jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[08/14/2013 04:40 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
dknkjnkhedbanphkkpbpcgoblmkbfhlf - C:\Users\Borko\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx[]

Google Docs - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Advanced SystemCare Surfing Protection - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
YouTube - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
BitTorrentControl_v12 - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Freemake Video Converter - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Google Wallet - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage deleted successfully
C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage-journal deleted successfully
C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Bar"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{3133085D-B5E4-4730-BDEA-19DB102B6AC5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3133085D-B5E4-4730-BDEA-19DB102B6AC5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2832D40C-1ADF-B9ED-895E-F2F6DDD0FB53} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6B7B739A-B9B5-4ACE-24DE-495833B6F44E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3505AED-15E9-77EC-DCF6-B16DDBCB4C0A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Borko\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HNOJBA5 will be deleted at reboot
C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI6372CV will be deleted at reboot
C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYKWEG3D will be deleted at reboot
C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Borko\AppData\Local\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Borko\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=981 folders=232 103697136 bytes)

==== Empty Temp Folders ======================

C:\Users\Borko\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Borko\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HNOJBA5" not found
"C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI6372CV" not found
"C:\Users\Borko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYKWEG3D" not found

==== EOF on Sat 05/17/2014 at 14:06:06.00 ======================

Dopuna: 17 Maj 2014 14:16

posle ovoga moviedownloader i dalje se nemoze uninstalirati

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav,

Pokreni sada ovu zoekscript:

C:\Program Files\My Vapor Record\MVR.exe;virustotal;
moviedownloader;a
moviedownloader;z


Imaj na umu da ce zoek pokrenuti tvoj default browser sa virustotal sajtom. To je Ok, ne diraj nista, ostavi da zoek zavrsi sa radom.

Po zavrsenom radu, postavi mi ovde sveze formiran zoek izvestaj da ga pogledam.

offline
  • Pridružio: 27 Okt 2011
  • Poruke: 32
  • Gde živiš: Starcevo

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Borko on Sat 05/17/2014 at 18:22:31.69.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Borko\Desktop\zoek\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

5/17/2014 6:23:49 PM Zoek.exe System Restore Point Created Succesfully.

==== VirusTotal Scan ======================

C:\Program Files\My Vapor Record\MVR.exe virustotal.com/file/8FCE39EDBFE47582FF...../analysis/

==== Folders Found ======================

2014-05-17 21:56:13 2014-05-17 21:56:13 -------- d---a-w- C:\zoek_backup\C_Users_Borko_AppData_Local_Cool_Mirage\MovieDownloader.exe_Url_gqcx4i2tjf3noz2kegv2yo0cbxdse1hr

==== Files Found ======================


==== Registry Search Results for "moviedownloader" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MovieDownloader_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MovieDownloader_RASMANCS]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=981 folders=232 103697136 bytes)

==== EOF on Sat 05/17/2014 at 18:25:10.55 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kolega neće biti u mogućnosti da nastavi sa tvojim slučajem, pa ću ja preuzeti.
Moraću imati uvid u trenutno stanje sistema.


Arrow

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

procces;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Pridružio: 27 Okt 2011
  • Poruke: 32
  • Gde živiš: Starcevo

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Borko on Sun 05/18/2014 at 8:22:19.34.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Borko\Desktop\zoek\zoek.scr [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-18-022510.log 1288 bytes

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-05-12 22:47:26 0B5A0005C0BDF4A05174576AF80DEA04 43152 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\Borko\AppData\Local\Temp ====
====== Java Cache =====
2014-05-17 23:57:22 F733CEFB54F9FE716DE787802331285D 341 ----a-w- C:\Users\Borko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\11926968-55dcc8ab9ed07938f5a9bba350cbef20247d74b846d57eb140958a5831e07b17-6.0.lap
2014-05-17 23:57:23 90E4916959D6337C96B204B3B28985C4 102655 ----a-w- C:\Users\Borko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6931e5eb-7e3e2982
2014-05-17 23:57:28 C1F3142FFD07E0A9E75C5096CAB015C9 6552 ----a-w- C:\Users\Borko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7f753b39-3595e038
====== C:\Windows\SysWOW64 =====
2014-05-06 04:06:48 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-05-06 04:06:42 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\SysWOW64\java.exe
2014-05-06 04:06:42 3B10B54F50CD362537B9F2186267EDF8 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-06 04:06:42 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-05-17 21:28:53 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-05-17 21:28:36 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-05-17 21:28:36 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-05-17 21:28:36 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-05-12 22:47:37 A7115ED31675BB823CFA9FE571C25676 85328 ----a-w- C:\Windows\Sysnative\drivers\aswstm.sys
2014-05-12 22:47:35 340B0467E98A8C92697D73034DB4BCB7 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2014-04-18 17:11:21 07AD42C112E1BC69A7AD77A586615819 61120 ----a-w- C:\Windows\Sysnative\drivers\wStLibG64.sys
====== C:\Windows\Tasks ======
2014-04-19 09:31:26 E76A08E122A48B85E92303BFAD21938D 3058 ----a-w- C:\Windows\Sysnative\Tasks\{700DE113-372B-4650-828A-3A2E4A3EEB0B}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-04-23 23:30:17 -------- d-----w- C:\Program Files\Windows Live
2014-04-20 04:16:39 -------- d-----w- C:\Program Files\Common Files\Adobe
2014-04-20 04:15:13 -------- d-----w- C:\Program Files\Adobe
======= C:\PROGRA~2 =====
2014-04-22 20:35:23 -------- d-----w- C:\PROGRA~2\COMMON~1\Canon
======= C: =====
====== C:\Users\Borko\AppData\Roaming ======
2014-05-17 22:04:08 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-05-17 22:04:08 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-05-17 22:04:08 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-05-17 22:04:08 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-05-17 22:04:07 -------- d-----w- C:\Users\Borko\AppData\Local\Temp
2014-05-17 16:26:52 -------- d-----w- C:\Users\Borko\AppData\Roaming\ProductData
2014-05-17 16:25:48 -------- d-----w- C:\Users\Borko\AppData\Locallow\IObit
2014-05-14 00:29:25 -------- d-----w- C:\Users\Borko\AppData\Roaming\vlc
2014-04-19 01:39:37 -------- d-----w- C:\Users\Borko\AppData\Local\TuneUp Software
2014-04-19 01:36:56 -------- d-----w- C:\Users\Borko\AppData\Roaming\PowerISO
2014-04-18 18:24:09 -------- d-----w- C:\Users\Borko\AppData\Roaming\Canneverbe Limited
====== C:\Users\Borko ======
2014-05-17 17:40:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-05-17 17:40:37 -------- d-----w- C:\ProgramData\MCShield
2014-05-17 17:35:51 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\Users\Borko\Desktop\MCShield-Setup.exe
2014-05-17 17:21:48 BB6C369AD818F4C0D90F61C837E6BA24 2067456 ----a-w- C:\Users\Borko\Desktop\FRST64.exe
2014-05-17 16:30:52 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Borko\Desktop\mbam-setup-consumer-2.0.2.1012.exe
2014-05-14 00:29:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-06 04:05:11 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\Borko\Downloads\chromeinstall-7u55.exe
2014-04-22 04:49:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Vapor Record
2014-04-20 05:51:03 8E1B08222F20E45A3E8DB04C569F9CB7 8 --sha-r- C:\Users\Borko\ntuser.pol
2014-04-19 09:27:23 -------- d-----w- C:\ProgramData\Office Genuine Advantage
2014-04-18 18:24:13 -------- d-----w- C:\ProgramData\Canneverbe Limited

====== C: exe-files ==
2014-05-17 17:40:38 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\ProgramData\MCShield\MCShield-Setup.exe
2014-05-17 17:35:51 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\Users\Borko\Desktop\MCShield-Setup.exe
2014-05-17 17:21:48 BB6C369AD818F4C0D90F61C837E6BA24 2067456 ----a-w- C:\Users\Borko\Desktop\FRST64.exe
2014-05-17 16:30:52 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Borko\Desktop\mbam-setup-consumer-2.0.2.1012.exe
2014-05-16 00:25:23 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe
2014-05-14 00:29:06 C7381EEC1332559C3582B40A41221904 233566 ----a-w- C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
=== C: other files ==
2014-05-17 21:28:53 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-17 21:28:36 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-17 21:28:36 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-17 21:28:36 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 22:47:37 A7115ED31675BB823CFA9FE571C25676 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-12 22:47:35 340B0467E98A8C92697D73034DB4BCB7 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Viber"="C:\Users\Borko\AppData\Local\Viber\Viber.exe StartMinimized"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

[HKEY_USERS\S-1-5-21-2573452926-3300673817-3940925064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Viber"="C:\Users\Borko\AppData\Local\Viber\Viber.exe StartMinimized"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Viber"="C:\Users\Borko\AppData\Local\Viber\Viber.exe StartMinimized"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MVR.Lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MVR.Lnk"
"backup"="C:\\Windows\\pss\\MVR.Lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\MYVAPO~1\\MVR.exe -1"
"item"="MVR"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer6]


==== Startup Folders ======================

2014-04-22 04:49:36 862 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MVR.Lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/08/2014 10:08 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{7FF3E889-B827-4708-92B6-5F84BA0EE11D}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [09/12/2013 03:44 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740
- Exif Viewer - %ProfilePath%\extensions\exif_viewer@mozilla.doslash.org.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Borko\AppData\Roaming\Mozilla\Firefox\Profiles\qw60xpq8.default-1383457067740
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[08/14/2013 04:40 PM]

Google Docs - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Advanced SystemCare Surfing Protection - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
YouTube - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Freemake Video Converter - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Google Wallet - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Borko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=981 folders=232 103697136 bytes)

==== EOF on Sun 05/18/2014 at 8:28:30.95 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je stanje sada? Da li i dalje tvoj FB profil šalje neželjene poruke?

offline
  • Pridružio: 27 Okt 2011
  • Poruke: 32
  • Gde živiš: Starcevo

nije poslao, zadnji put je juce ujutru kada se komp upalio.

Mislis da je gotovo, delujem dobro sada?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Izvještaj mi izgleda čist. Obavićemo još jednu provjeru i javi mi ako u međuvremenu tvoj FB profil nastavi slati poruke.


Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

Ko je trenutno na forumu
 

Ukupno su 955 korisnika na forumu :: 26 registrovanih, 2 sakrivenih i 927 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, babaroga, Bobrock1, brundo65, cemix, darkangel, Futog 74, ILGromovnik, Kriglord, krkalon, Krvava Devetka, LUDI, m0nstrum_, milenko crazy north, Mixelotti, mkukoleca, Nemanja.M, paja69, Parker, pein, powSrb, sabros, Shilok, slonic_tonic, sovanova95, tubular