Virus

1

Virus

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1867
  • Gde živiš: Ček' da vidim...

Nakon skeniranja avastom,pronasao je virus :
ss:


dds:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.4.1
Run by PC at 18:15:28 on 2013-04-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1071 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.babylon.com/?affID=119816&babsrc=HP_ss_bayi&mntrId=d86227e80000000000000025228b2b88
uSearch Bar = hxxp://search.imesh.com/sidebar.html?src=ssb&sysid=1
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={FB3572DC-FCCC-11E1-83F8-0025228B2B88}
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.imesh.com/sidebar.html?src=ssb&sysid=1
mSearchAssistant = hxxp://search.imesh.com/sidebar.html?src=ssb&sysid=1
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.10.0\bh\delta.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} -
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.10.0\deltaTlbr.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\pc\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [EADM] "c:\program files\origin\Origin.exe" -AutoStart
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\pc\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{473C8E96-8510-474D-A48C-C6B7274C4778} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{70A43B74-DAA5-4318-9EAC-1A4345FD4D29} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pc\application data\mozilla\firefox\profiles\s71zogm4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?affID=119816&babsrc=HP_ss_bayi&mntrId=d86227e80000000000000025228b2b88
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=2&q=
FF - component: c:\documents and settings\all users\application data\browserprotect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\firefoxextension\components\BrowserProtect-3.6.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\pc\application data\mozilla\firefox\profiles\s71zogm4.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\pc\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_04.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Delta Toolbar: ffxtlbr@delta.com - %profile%\extensions\ffxtlbr@delta.com
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: SweetPacks Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: BrowserProtect: {0F827075-B026-42F3-885D-98981EE7B1AE} - c:\documents and settings\all users\application data\browserprotect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - d86227e80000000000000025228b2b88
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15771
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.022:19:38
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-29 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-22 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-22 368176]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-9 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-22 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-29 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-22 45248]
R2 BrowserProtect;BrowserProtect;c:\documents and settings\all users\application data\browserprotect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-4-25 2569168]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-2-8 625304]
R3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-29 164736]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2002-1-1 1684736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2002-1-1 1390976]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
.
=============== Created Last 30 ================
.
2013-04-29 16:20:01 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-29 16:20:01 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-29 16:20:01 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-29 16:06:20 -------- d-----w- c:\program files\Origin Games
2013-04-29 16:06:18 -------- d-----w- c:\documents and settings\pc\local settings\application data\Origin
2013-04-29 16:06:16 -------- d-----w- c:\documents and settings\pc\application data\Origin
2013-04-29 16:06:08 -------- d-----w- c:\documents and settings\all users\application data\Origin
2013-04-29 16:05:38 -------- d-----w- c:\program files\Origin
2013-04-29 16:02:54 -------- d-----w- C:\ProgramData
2013-04-29 15:46:10 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2013-04-29 10:55:14 114176 ----a-w- c:\documents and settings\pc\application data\BabMaint.exe
.
==================== Find3M ====================
.
2013-03-12 22:17:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 22:17:35 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-06 22:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:32:51 41664 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 18:21:42.76 ===============





https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


iedefaults;
resetIEproxy;
{EEE6C35D-6118-11DC-9C72-001320C79847};c
c:\program files\sweetim;fs
{28387537-e3f9-4ed7-860c-11e69af4a8a0};c
{C1AF5FA5-852C-4C90-812E-A7F75E011D87};c
c:\program files\delta;fs
{EEE6C35C-6118-11DC-9C72-001320C79847};c
{EEE6C35B-6118-11DC-9C72-001320C79847};c
{28387537-e3f9-4ed7-860c-11e69af4a8a0};c
Delta Search;ff
BrowserProtect;ff
Delta Toolbar;ff
SweetPacks;ff
BrowserProtect;s
c:\documents and settings\all users\application data\browserprotect;fs
FFdefaults;
chrdefaults;
emptyalltemp;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1867
  • Gde živiš: Ček' da vidim...

Evo rezultata,samo da napomenem jos da mi je kom puzasno spor -.-

Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by PC on Thu 05/02/2013 at 19:45:52.60.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected

==== Creating Sample_20130502_0749.zip ======================

Process rundll32.exe killed
Copied file C:\Documents and Settings\PC\Application Data\BabMaint.exe to sample
sample\BabMaint.exe renamed to CC1A55091FD96BCB624AD791CD15D179

C:\Documents and Settings\All Users\Desktop\sample_20130502_0749.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} deleted successfully
HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\prefs.js:
user_pref("browser.startup.homepage", "http://isearch.babylon.com/?affID=119816&babsrc=HP_ss_bayi&mntrId=d86227e80000000000000025228b2b88");
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}");
user_pref("browser.newtab.url", "http://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=d86227e80000000000000025228b2b88");
user_pref("browser.search.defaultenginename", "SweetIM Search");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.search.order.1", "Delta Search");

Added to C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default

---- Lines Delta Search removed from prefs.js ----

user_pref("avg.install.userSPSettings", "Delta Search");

---- Lines Delta Search modified from prefs.js ----


---- Lines Delta Search removed from user.js ----


---- Lines BrowserProtect removed from prefs.js ----


---- Lines BrowserProtect modified from prefs.js ----


---- Lines BrowserProtect removed from user.js ----


---- Lines Delta Toolbar removed from prefs.js ----


---- Lines Delta Toolbar modified from prefs.js ----


---- Lines Delta Toolbar removed from user.js ----


---- Lines SweetPacks removed from prefs.js ----


---- Lines SweetPacks modified from prefs.js ----


---- Lines SweetPacks removed from user.js ----


---- Lines CT2304157 removed from prefs.js ----

user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2304157&SearchSource=13,http://search.conduit.com/?ctid=CT2304157&SearchSource=13");

---- Lines CT2304157 modified from prefs.js ----


---- Lines CT2304157 removed from user.js ----


---- Lines conduit removed from prefs.js ----

user_pref("CommunityToolbar.ConduitSearchList", "XfireXO Customized Web Search,XfireXO Customized Web Search");

---- Lines conduit modified from prefs.js ----


---- Lines conduit removed from user.js ----


---- Lines babylon removed from prefs.js ----

user_pref("avg.install.userHPSettings", "http://isearch.babylon.com/?affID=119816&babsrc=HP_ss_bayi&mntrId=d86227e80000000000000025228b2b88");

---- Lines babylon modified from prefs.js ----


---- Lines babylon removed from user.js ----


---- Lines search.com removed from prefs.js ----


---- Lines search.com modified from prefs.js ----


---- Lines search.com removed from user.js ----


---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultthis.engineName", "XfireXO Customized Web Search");

---- Lines Web Search modified from prefs.js ----


---- Lines Web Search removed from user.js ----


---- Lines Customized removed from prefs.js ----


---- Lines Customized modified from prefs.js ----


---- Lines Customized removed from user.js ----


---- Lines CommunityToolbar removed from prefs.js ----


---- Lines CommunityToolbar modified from prefs.js ----


---- Lines CommunityToolbar removed from user.js ----


---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ----


---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ----

user_pref("extensions.enabledItems", "{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0,{5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.14.1.0,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.6.0.11664,fdm_ffext@freedownloadmanager.org:1.3.4,{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}:2.0.1,{EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3,ffxtlbr@delta.com:1.5.0,wrc@avast.com:8.0.1483,{0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1125.80,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26");

---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from user.js ----


---- Lines SweetIM removed from prefs.js ----

ser_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.*.orkut.com.br/.*|.*login.live.com/.*|.*youtubedownloader.mybrowserbar.com/.*");user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1347806423);

---- Lines SweetIM modified from prefs.js ----


---- Lines SweetIM removed from user.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----

user_pref("extensions.enabledItems", "{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0,{5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.14.1.0,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.6.0.11664,fdm_ffext@freedownloadmanager.org:1.3.4,{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}:2.0.1,{disabled}:1.6.0.3,ffxtlbr@delta.com:1.5.0,wrc@avast.com:8.0.1483,{0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1125.80,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26");

---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from user.js ----


---- Lines mybrowserbar removed from prefs.js ----


---- Lines mybrowserbar modified from prefs.js ----


---- Lines mybrowserbar removed from user.js ----


---- FireFox user.js and prefs.js backups ----

user_20130502_0752_.backup
prefs_20130502_0752_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\BrowserProtect.xml" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\conduit.xml" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\babylon.xml" not deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\sweetim.xml" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" not deleted
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" not deleted
"C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml" deleted
"C:\WINDOWS\tasks\EPUpdater.job" deleted
"C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtectorPreferences" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\BrowserProtect.xml" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\babylon.xml" not deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\iMeshWebSearch.xml" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\bprotector_extensions.rdf" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\bprotector_prefs.js" deleted
"C:\Documents and Settings\PC\Application Data\BabMaint.exe" deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-10.0.2.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-11.0.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-12.0.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-13.0.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-14.0.1.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-15.0.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-17.0.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-5.0.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-6.0.2.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-7.0.1.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-8.0.1.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-9.0.1.dll" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-10.0.2.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-11.0.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-12.0.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-13.0.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-14.0.1.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-15.0.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-17.0.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-5.0.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-6.0.2.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-7.0.1.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-8.0.1.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-9.0.1.dll" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted
"c:\program files\SweetIM" deleted
"c:\program files\Delta" deleted
"c:\documents and settings\all users\application data\BrowserProtect" not deleted
"C:\Program Files\Delta" deleted
"C:\Program Files\SweetIM" deleted
"C:\Documents and Settings\PC\Application Data\BabSolution" deleted
"C:\Documents and Settings\PC\Application Data\Babylon" deleted
"C:\Documents and Settings\PC\Application Data\Delta" deleted
"C:\Documents and Settings\PC\Application Data\eType" deleted
"C:\Documents and Settings\All Users\Application Data\SweetIM" deleted
"C:\Documents and Settings\All Users\Application Data\Babylon" deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect" not deleted
"C:\Documents and Settings\PC\Local Settings\Application Data\PackageAware" deleted
"C:\Documents and Settings\PC\Local Settings\Application Data\Conduit" deleted
"C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\CT2304157" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\SweetPacksToolbarData" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\CT2304157" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\conduitCommon" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}" deleted
"C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default
- Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org
- Delta Toolbar - %ProfilePath%\extensions\ffxtlbr@delta.com
- Undetermined - %ProfilePath%\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
- XfireXO Community Toolbar - %ProfilePath%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
- Undetermined - %ProfilePath%\extensions\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
5B048C618D064031FEC6D2C573321801 - C:\Program Files\Java\jre7\bin\npjpi170_04.dll - Java(TM) Platform SE 7 U4
75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner +
136485E00BA2917F0FEA68D2EE78D733 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U4
AB45A736C78A166B89C0A578AD5E4392 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.40.255
9E8656A72541775394ADC0B680320BD0 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
B6A800D881A0176C544988870861E798 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
F7414304D2D88213E935B048E04FE1AA - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll - Shockwave Flash
E0FF893763BA82BAABB869A351F0C455 - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
8988788C0E72997BAE454DE220F958F4 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in
F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\PC\Application Data\BabSolution\CR\Delta.crx[]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/07/2013 12:29 AM]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[01/31/2013 10:40 AM]
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[]

Delta Toolbar - PC - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
avast WebRep - PC - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Forecastfox - PC - Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg
SweetIM for Facebook - PC - Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Skype for Chromium - PC - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
SweetPacks Chrome Extension - PC - Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

==== Chrome Fix ======================

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://isearch.babylon.com/?affID=119816&babsrc=HP_ss_bayi&mntrId=d86227e80000000000000025228b2b88"
"Start Page Restore"="http://search.conduit.com?SearchSource=10&ctid=CT2304157"
"Search Bar"="http://search.imesh.com/sidebar.html?src=ssb&sysid=1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://home.sweetim.com/?crg=3.1010000.10002&barid={FB3572DC-FCCC-11E1-83F8-0025228B2B88}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://search.imesh.com/sidebar.html?src=ssb&sysid=1"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://search.imesh.com/sidebar.html?src=ssb&sysid=1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{EEE6C360-6118-11DC-9C72-001320C79847}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Start Page Restore"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=d86227e80000000000000025228b2b88"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\PC\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\PC\Local Settings\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\PC\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\babylon.xml" not found
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" not found
"C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\babylon.xml" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-10.0.2.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-11.0.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-12.0.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-13.0.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-14.0.1.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-15.0.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-17.0.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-5.0.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-6.0.2.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-7.0.1.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-8.0.1.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-9.0.1.dll" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not found
"c:\documents and settings\all users\application data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-10.0.2.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-11.0.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-12.0.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-13.0.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-14.0.1.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-15.0.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-17.0.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-5.0.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-6.0.2.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-7.0.1.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-8.0.1.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-9.0.1.dll" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"c:\documents and settings\all users\application data\BrowserProtect" not found
"C:\Documents and Settings\All Users\Application Data\BrowserProtect" not found

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Idemo na dodatne provere:

Arrow Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.



--- --- --- --- --- --- --- --- --- --- --- ---


Arrow Ponovo pokreni zoek.exe kao malopre sto si ali kopiraj ovaj script:


filesrcm;
startupall;
firefoxlook;
chromelook;



Klikni na dugme RunScript i okaci mi svez zoekov log.

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1867
  • Gde živiš: Ček' da vidim...

Napisano: 02 Maj 2013 21:14

bice za nekoliko minuta sve Smile

Dopuna: 02 Maj 2013 21:23

Evo aswMBR
https://www.mycity.rs/must-login.png

a evo i zoek.exe

Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by PC on Thu 05/02/2013 at 21:19:39.51.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\PC\LOCALS~1\Temp ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
2013-04-29 16:20:01 EDB0C9BA44B748E420CCA989FD8B826E 164736 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2013-04-29 16:20:01 A6E20E62871A28A0F1C05B1681848FA7 66336 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2013-04-29 16:20:01 657A61979F40D67CA29716149766FFA7 49248 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
====== C:\WINDOWS\Tasks ======
2013-05-01 16:26:47 F67A6969495943C95AAFEDDB707E92B8 292 ----a-w- C:\WINDOWS\Tasks\BrowserProtect.job
2013-04-28 09:27:18 5994775B24B8E2B05D7ACA84BA14C993 966 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1592454029-1801674531-1003UA.job
2013-04-28 09:27:17 05C9608645BFC7B8D385021187A928EF 914 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1592454029-1801674531-1003Core.job
2013-04-28 09:23:57 F80BBCD935A0692CB6CF9D3B44891C53 878 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-28 09:23:57 BD2EF473E8F1D5493E36130FE6B92AEE 874 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-04-29 16:06:20 -------- d-----w- C:\Program Files\Origin Games
2013-04-29 16:05:38 -------- d-----w- C:\Program Files\Origin
2013-04-29 16:02:44 -------- d-----w- C:\Program Files\Electronic Arts
======= C: =====
====== C:\Documents and Settings\PC\Application Data ======
2013-04-29 16:06:18 -------- d-----w- C:\Documents and Settings\PC\Local Settings\Application Data\Origin
2013-04-29 16:06:16 -------- d-----w- C:\Documents and Settings\PC\Application Data\Origin
2013-04-29 16:06:13 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Origin
2013-04-29 16:06:08 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Origin
====== C:\Documents and Settings\PC ======
2013-04-29 16:02:54 -------- d-----w- C:\ProgramData\Electronic Arts

====== C: exe-files ==
2013-05-02 19:14:10 AEDB6AA9598337DA300942DEF6B5EFC5 4745728 ----a-w- C:\Documents and Settings\PC\My Documents\Downloads\aswMBR.exe
2013-05-02 18:00:24 8D52BB9305B4F67C42457B30CE83C4B1 106104 ----a-w- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\MSIExecWatcher.exe
2013-05-02 14:28:25 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
2013-05-02 14:28:25 8F11F0321ED84B1533FC1384AC71AC8D 59784 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
2013-05-02 14:28:25 00F714CA28A01FACB709486D6DA306A8 59784 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
2013-05-02 14:28:24 76B35CB0F3A4E69D6DFF27F542B9F856 216968 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
2013-05-02 14:28:24 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdate.exe
2013-05-02 14:28:24 4E252E85E5DC31BD645E809222AFAF27 287624 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
2013-05-02 14:28:21 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145\GoogleUpdateSetup.exe
2013-05-01 05:50:10 835F89BA2AF2012370EB9015DFACB1BD 1040720 ----a-w- C:\WINDOWS\Temp\avast_ash\uTorrent\uTorrent.exe
2013-04-29 16:08:53 DD5929790DADF08539945440FC7B2BC1 1331904 ----a-w- C:\Program Files\Origin\LegacyPM\OriginUninstall.exe
2013-04-29 16:06:38 5B37D12195597DC67BBF0E9A46226782 11821312 ----a-w- C:\Documents and Settings\All Users\Application Data\Origin\DownloadCache\{ CP_Guest_2652(1)_ver3 }\OriginThinSetup.exe
2013-04-28 09:30:45 88363B688206D0C89FB1DD926F074C42 33302880 ----a-w- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\26.0.1410.64\26.0.1410.64_chrome_installer.exe
2013-04-28 09:27:17 DCCE450DF30437E4A98FFAEAF9FEF949 774640 ----a-w- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleUpdateSetup.exe
2013-04-28 09:27:17 BECDDA0990DEBD72A30096533521AD73 213384 ----atw- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
2013-04-28 09:27:17 B676429E44F2F8ACC3BAE7C89F46B212 281480 ----atw- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
2013-04-28 09:27:17 74E337FFEB2B34043F8499D2F3DE03A8 59784 ----atw- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe
2013-04-28 09:27:17 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
2013-04-28 09:27:17 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleUpdate.exe
2013-04-28 09:27:17 376ECCCE33C2C232112DE830E3C81763 59784 ----atw- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleUpdateBroker.exe
2013-04-28 09:23:55 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe
=== C: other files ==
2013-05-02 17:59:55 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Documents and Settings\PC\Local Settings\Temp\scoped_dir_2140_15740\youtube.crx
2013-05-02 17:59:55 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Documents and Settings\PC\Local Settings\Temp\scoped_dir_2140_22586\search.crx
2013-05-02 17:59:55 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Documents and Settings\PC\Local Settings\Temp\scoped_dir_2140_11838\drive.crx
2013-05-02 17:59:55 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Documents and Settings\PC\Local Settings\Temp\scoped_dir_2140_30573\gmail.crx
2013-05-02 17:59:54 DAEF5D9BA909DDE76195F96100B40445 2031824 ----a-w- C:\Documents and Settings\PC\Local Settings\Temp\scoped_dir_2140_23109\skype_chrome_extension.crx
2013-05-02 17:59:54 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Documents and Settings\PC\Local Settings\Temp\scoped_dir_2140_15737\docs.crx
2013-05-02 17:59:52 D203F19F77E672CBF7F22DD674F56803 638478 ----a-w- C:\Documents and Settings\PC\Local Settings\Temp\scoped_dir_2140_15731\aswWebRepChrome.crx
2013-05-02 17:49:40 518D85BD63C2FCED31ABEE6FEB4F705D 57608 ----a-w- C:\Documents and Settings\All Users\Desktop\sample_20130502_0749.zip
2013-04-29 16:20:01 EDB0C9BA44B748E420CCA989FD8B826E 164736 ----a-w- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-04-29 16:20:01 A6E20E62871A28A0F1C05B1681848FA7 66336 ----a-w- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-04-29 16:20:01 657A61979F40D67CA29716149766FFA7 49248 ----a-w- C:\WINDOWS\system32\drivers\aswRvrt.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

[HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe -silent"
"EADM"="C:\Program Files\Origin\Origin.exe -AutoStart"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe -silent"
"EADM"="C:\Program Files\Origin\Origin.exe -AutoStart"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DATAMN~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\IMESHA~1\\MediaBar\\Datamngr\\DATAMN~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Free Download Manager\\fdm.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Vid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Vid"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Vid\\Vid.exe\" -bootmode"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Vid HD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vid"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Vid\\vid.exe\" -bootmode"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LWS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LWS"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\LWS\\Webcam Software\\LWS.exe -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBKeyScan"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe /install"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lsass"
"hkey"="HKLM"
"command"="C:\\Win\\lsass.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VCDDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"


==== Startup Folders ======================

2013-02-02 12:23:16 1761 ----a-w- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2013-01-31 17:33:13 947 ----a-w- C:\Documents and Settings\PC\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/13/2013 12:17 AM]
C:\WINDOWS\tasks\avast\Undertermined Task.exe []
C:\WINDOWS\tasks\BrowserProtect.job --a------ C:\WINDOWS\system32\sc.exe [08/23/2001 01:00 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/28/2013 11:23 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1592454029-1801674531-1003Core.job --a------ C:\C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1592454029-1801674531-1003UA.job --a------ C:\C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\Norton Security Scan for PC.job --ah----- C:\PROGRA1\NORTON2\Engine\3521.10\Nss.exe []
C:\WINDOWS\tasks\Updater.job --a------ C:\Documents and Settings\All Users\Application Data\WombatUpdater\WombatUpdater.exe []

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default
- Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org
- Delta Toolbar - %ProfilePath%\extensions\ffxtlbr@delta.com
- Undetermined - %ProfilePath%\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
- XfireXO Community Toolbar - %ProfilePath%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
- Undetermined - %ProfilePath%\extensions\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
5B048C618D064031FEC6D2C573321801 - C:\Program Files\Java\jre7\bin\npjpi170_04.dll - Java(TM) Platform SE 7 U4
75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner +
136485E00BA2917F0FEA68D2EE78D733 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U4
AB45A736C78A166B89C0A578AD5E4392 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.40.255
9E8656A72541775394ADC0B680320BD0 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
B6A800D881A0176C544988870861E798 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
F7414304D2D88213E935B048E04FE1AA - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll - Shockwave Flash
E0FF893763BA82BAABB869A351F0C455 - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
8988788C0E72997BAE454DE220F958F4 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in
F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/07/2013 12:29 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[01/31/2013 10:40 AM]

Google Docs - PC - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - PC - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - PC - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PC - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast WebRep - PC - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Skype for Chromium - PC - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Gmail - PC - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Ponovo pokreni zoek.exe kao malopre ali kopiraj ovaj script:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32];r
C:\Win;f
Delta Toolbar;ff
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\ffxtlbr@delta.com;f
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0};f
XfireXO Community Toolbar;ff
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3};f
autoclean;


Klikni na dugme RunScript i okaci svez zoek.log


----------------------

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

-----------------------


Ovo sto ti je detektovao avast nije malware. AV nije uspeo da pristupi ili da pravilno procita file pa ti je izbacio upozorenje kao moguc sumnjiv file. Ali si zato bio pun crapware softvera.

> Kako ti sad radi racunar?

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1867
  • Gde živiš: Ček' da vidim...

Napisano: 03 Maj 2013 10:55

Izvini sto malo kasne podaci jer nije moj komp,nego od mog komsije,pa dok ja dodjem do njega Smile

Dopuna: 03 Maj 2013 11:02

Zoek.exe Version 4.0.0.2 Updated 30-04-2013
Tool run by PC on Fri 05/03/2013 at 10:55:26.92.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1454471165-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default

---- Lines Delta Toolbar removed from prefs.js ----


---- Lines Delta Toolbar modified from prefs.js ----


---- Lines Delta Toolbar removed from user.js ----


---- Lines XfireXO Community Toolbar removed from prefs.js ----


---- Lines XfireXO Community Toolbar modified from prefs.js ----


---- Lines XfireXO Community Toolbar removed from user.js ----


---- FireFox user.js and prefs.js backups ----

user_20130502_0752_.backup
user_20130503_1057_.backup
prefs_20130502_0752_.backup
prefs_20130503_1057_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\Win\names.txt" deleted
"C:\Win" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default
- Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org
- Delta Toolbar - %ProfilePath%\extensions\ffxtlbr@delta.com
- Undetermined - %ProfilePath%\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
- XfireXO Community Toolbar - %ProfilePath%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
- Undetermined - %ProfilePath%\extensions\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
5B048C618D064031FEC6D2C573321801 - C:\Program Files\Java\jre7\bin\npjpi170_04.dll - Java(TM) Platform SE 7 U4
75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner +
136485E00BA2917F0FEA68D2EE78D733 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U4
AB45A736C78A166B89C0A578AD5E4392 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.40.255
9E8656A72541775394ADC0B680320BD0 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
B6A800D881A0176C544988870861E798 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
F7414304D2D88213E935B048E04FE1AA - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll - Shockwave Flash
E0FF893763BA82BAABB869A351F0C455 - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
8988788C0E72997BAE454DE220F958F4 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in
F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/07/2013 12:29 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[01/31/2013 10:40 AM]

avast WebRep - PC - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Skype for Chromium - PC - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Start Page Restore"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Start Page Restore"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\PC\Local Settings\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\PC\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

Dopuna: 03 Maj 2013 11:05

# AdwCleaner v2.300 - Logfile created 05/03/2013 at 11:02:28
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : PC - COMPUTER_1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\PC\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\delta.xml
File Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\searchplugins\yahoo-zugo.xml
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\WINDOWS\Tasks\BrowserProtect.job
Folder Deleted : C:\Documents and Settings\PC\Application Data\imeshbandmltbpi
Folder Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Folder Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
Folder Deleted : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\extensions\ffxtlbr@delta.com
Folder Deleted : C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\DSNR Labs
Key Deleted : HKCU\Software\fed8dbb63bb949
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\fed8dbb63bb949
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.26 (en-US)

File : C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\prefs.js

C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\s71zogm4.default\user.js ... Deleted !

Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.id", "d86227e80000000000000025228b2b88");
Deleted : user_pref("extensions.delta.instlDay", "15771");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.022:19:38");

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [16091 octets] - [03/05/2013 11:02:28]

########## EOF - C:\AdwCleaner[S1].txt - [16152 octets] ##########

Dopuna: 03 Maj 2013 11:09

Ne bi bilo lose ako bih mogo ja da ti posaljem neki test da vidis sta sve ima u kompjuteru i ako je nepotrebno da mi kazes da maknem,jer ima nekih stvari ovde za koje nikad nisam cuo......a sto se tice kompa malo brze al nije neka veca osetna razlika Smile

Dopuna: 03 Maj 2013 11:10

Znaci da ostavimo samo osnovne stvari i ovih par igrica sto ima i to je to. Smile

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Citat:Ne bi bilo lose ako bih mogo ja da ti posaljem neki test da vidis sta sve ima u kompjuteru i ako je nepotrebno da mi kazes da maknem,jer ima nekih stvari ovde za koje nikad nisam cuo......a sto se tice kompa malo brze al nije neka veca osetna razlika

U redu, hajde ponovo pokreni DDS i postavi mi svez DDS.txt i Attach.txt logove na uvid.

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1867
  • Gde živiš: Ček' da vidim...

evo Smile
https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.4.1
Run by PC at 18:10:36 on 2013-05-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1274 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\pc\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\pc\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{473C8E96-8510-474D-A48C-C6B7274C4778} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{70A43B74-DAA5-4318-9EAC-1A4345FD4D29} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pc\application data\mozilla\firefox\profiles\s71zogm4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\pc\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_04.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-29 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-22 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-22 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-22 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-29 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-22 45248]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-2-8 625304]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-9 242240]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2002-1-1 1684736]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-29 164736]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2002-1-1 1390976]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
.
=============== Created Last 30 ================
.
2013-05-03 08:58:35 24064 ----a-w- c:\windows\zoek-delete.exe
2013-04-29 16:20:01 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-29 16:20:01 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-29 16:20:01 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-29 16:06:16 -------- d-----w- c:\documents and settings\pc\application data\Origin
2013-04-29 16:06:08 -------- d-----w- c:\documents and settings\all users\application data\Origin
2013-04-29 16:02:54 -------- d-----w- C:\ProgramData
2013-04-29 15:46:10 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
.
==================== Find3M ====================
.
2013-03-12 22:17:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 22:17:35 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-06 22:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:32:51 41664 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 18:10:56.06 ===============

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pokreni CCleaner ( imas ga instaliranog );

Tools > Sturtup


Sa desne strane pod Windows tabom bice izlistani svi programi koji ti se automacki startuju sa sistemom;

Dvoklikom mozes slobodno iskljuciti sve izlistane programe osim ovih:

Skype <--- proizvoljno
avast <-- obavezan
EA Core <--- proizvoljno

Ovi su neophodni.

Tvoj avast AntiVirus od verzije 8 poseduje "Software Updater" alat koji ce proveravati da li su programi azurirani. Ukoliko postoji zastarela verzija neke aplikacije, dobices upozorenje + bice prikazano dugme Fix now koji ce ili automacki preuzeti i pokrenuti azuriran instaler ili ce te odvesti do download linka.



Isto tako mozes proveriti i ostale tabove ( Internet Explorer; Firefox; Chrome; Sheduled; Context Menu ) gde ce takodje biti izlistane extenzije i taskovi koji ti se startuju sa sistemom. Nepotrebno mozes slobodno iskljuciti.


Takodje iskoristi "Cleaner" i "Registry" mogucnosti.


-------------------------------


Dao sam ti par kratkih saveta kako ubrzati Windows. Ja sam takodje sa zoek alatom obrisao temp fajlove i ostali junk.
Za sva dodatna pitanja kako ubrzati Windows otvori novu temu u Windows forumu. Ovde iskljucivo radimo na detektovanju i uklanjanju malware-a.



Potrebno je deinstalirati koriscene alate:

Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt


Arrow Nije potrebno da mi prilazes DelFix izvestaj!

Ko je trenutno na forumu
 

Ukupno su 1029 korisnika na forumu :: 40 registrovanih, 10 sakrivenih i 979 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, babaroga, bojank, bokisha253, Brana01, danilopu, doktor1964, drimer, Duh sa sekirom, dule10savic, elenemste, Excalibur13, FOX, galijot, Georgius, goxin, Ivica1102, kolle.the.kid, Kubovac, Luka Blažević, madza, Magistar78, mercedesamg, milos.cbr, Motocar, nemkea71, nextyamb, pacika, pein, procesor, royst33, sevenino, slonic_tonic, Steeeefan, stegonosa, trajkoni018, vlada035, Yugol33, YugoSlav, zdrebac