Virus na USB memoriji

1

Virus na USB memoriji

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

Napisano: 06 Apr 2014 9:49

Ukljucio sam USB u koleginicin kompjuter kako bi prebacio neke dokumente. Kada sam uključio u moj kompjuter počeo je da mi pravi prečice i sakriva fajlove.Našao sam na vašem forumu sličan problem u temi:http://www.mycity.rs/Arhiva-Ambulante/Virus-koji-napada-USB-mozda-i-vise-Zarazen-preko-FaceBook-a.html i instalirao sam AVZ Antiviral Toolkit i MC Shield. Nakon ciscenja MCShiled izbacuje ovo kada upalim komp:

MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<<

6.4.2014 9:21:03 > Drive C: - scan started (no label ~41 GB, NTFS HDD )...
=> The drive is clean.
6.4.2014 9:21:04 > Drive D: - scan started (no label ~149 GB, NTFS HDD )...

=> The drive is clean.

Ali kada ubacim USB na kome uvek pronađe virus i navodno ga ocisti ali se on stalno vraća pojavi se ovo:
MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<<

6.4.2014 9:37:50 > Drive I: - scan started (GAGI ~14867 MB, FAT32 flash drive )...

>>> I:\slmgr.vbs - Malware > Deleted. (14.04.06. 09.37 slmgr.vbs.397854; MD5: 85a704b219392855180fb880239ee2eb)

=> Malicious files : 1/1 deleted.
____________________________________________

::::: Scan duration: 3sec ::::::::::::::::::
____________________________________________
Isto tako mi se desava i sa memorijskom karticom. Skenirao sam kom sa Nod 32 ,a posle sam ubacio Avast ,ali oni nista ne pokazuju.Stvarno vise ne znam sta da radim.Unapred hvala na pomoći

Dopuna: 06 Apr 2014 11:04

DS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Sale at 10:49:23 on 2014-04-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.566 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp:///
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {fae389d5-e97e-4abd-8242-d9080c709167} - <orphaned>
uURLSearchHooks: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Firewall] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Sale\AppData\Roaming\upgrade\update.jar"
uRun: [slmgr] wscript.exe //B "C:\Users\Sale\AppData\Roaming\slmgr.vbs"
uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slmgr.vbs
uPolicies-Explorer: NoDriveTypeAutoRun = dword:4
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Sale\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FE7D5A0F-4E25-41B1-8A99-3D9D58F400D2} - hxxp://178.250.142.23/webvideo.cab
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{DE68B433-F666-49F3-90F9-311D1B38276D} : DHCPNameServer = 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [slmgr] wscript.exe //B "C:\Users\Sale\AppData\Roaming\slmgr.vbs"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\tyar9h5y.default-1392685097599\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.rs/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-5 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-5 208928]
R1 archlp;archlp;C:\Windows\System32\drivers\ArcHlp.sys [2010-10-3 142848]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-5 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-5 423240]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/20 17:05:26];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-3-13 146928]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-5 79184]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-11-12 46136]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-5 84816]
R3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-1-27 20480]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-25 11856]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-7 231440]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-3 37344]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-10-12 14448]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-5 119512]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-3 19456]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2012-4-2 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2012-4-2 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2012-4-2 161280]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-5-3 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-5-3 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-5-3 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2013-5-3 158024]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-3 57856]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2014-04-05 22:06:53 -------- d-----w- C:\AdwCleaner
2014-04-05 19:17:21 -------- d-----w- C:\Users\Sale\AppData\Roaming\AVAST Software
2014-04-05 19:16:17 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-04-05 19:16:16 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-05 19:16:15 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-04-05 19:16:13 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-05 19:16:13 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-05 19:16:12 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-05 19:15:57 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-05 19:14:57 -------- d-----w- C:\Program Files\AVAST Software
2014-04-05 19:13:32 -------- d-----w- C:\ProgramData\AVAST Software
2014-04-05 18:59:54 -------- d-----w- C:\ProgramData\MCShield
2014-04-05 18:59:54 -------- d-----w- C:\Program Files (x86)\MCShield
2014-04-05 18:01:24 -------- d-----w- C:\ProgramData\RegRun
2014-04-05 17:20:32 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-04-05 17:15:57 -------- d-----w- C:\@RestoreQuarantine
2014-04-05 17:13:29 2 --shatr- C:\Windows\winstart.bat
2014-04-05 16:51:27 -------- d-----w- C:\Users\Sale\AppData\Roaming\Zbshareware Lab
2014-04-05 16:51:27 -------- d-----w- C:\ProgramData\Zbshareware Lab
2014-04-05 11:57:39 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-05 11:50:20 -------- d-----w- C:\Program Files\ESET
2014-04-04 19:36:15 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6876B99E-139B-404F-B6E8-9F8859CB8CDF}\mpengine.dll
2014-03-12 14:58:10 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 14:58:10 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 14:58:08 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 14:58:08 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M ====================
.
2014-03-12 16:07:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 16:07:59 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-24 23:17:32 4350035 --sha-w- C:\Users\Sale\AppData\Roaming\slmgr.vbs
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 10:51:29,90 ===============

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav i dobrodosao na forum.

Nemoj da prikljucujes nista na USB dok ti ne kazem.



Arrow Korak 1.


Preuzmi na desktop Anti-VBSVBE


* Pokreni program klikni na Run i sacekaj da program zavrsi sa radom
* Na deskopu ce se pojaviti izvestaj koji je potrebno iskopirati na forum







Arrow Korak 2.


Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.


dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

Napisano: 06 Apr 2014 13:42

Running fix at 6.4.2014 13:27:25

> Found: C:\Windows\system32\slmgr.vbs - deletion failed!

> Found: C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slmgr.vbs - deleted.

> Found: c:\users\sale\appdata\roaming\slmgr.vbs - deleted.

> Found: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\slmgr - deleted.

> Found: HKU\Sale\Software\Microsoft\Windows\CurrentVersion\Run\slmgr - deleted.

Fix finished at 6.4.2014 13:27:30

Anti-VBS/VBE, build 11
mcshield.net/download/tools/Anti-VBSVBE/






Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Sale (administrator) on SALE-PC on 06-04-2014 13:30:53
Running from C:\Users\Sale\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Windows\vsnpstd3.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [Firewall] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Sale\AppData\Roaming\upgrade\update.jar"
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [MCShield Monitor] - C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-02-02] (MyCity)
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-28] (Raptr, Inc)
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {0aedf61b-327b-11e3-9a66-001fc6c9bc70} - H:\Startme.exe
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {4ecee17d-a6d2-11df-b662-001fc6c9bc70} - H:\LaunchU3.exe -a
AppInit_DLLs-x32: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll" File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x24E76DFDC378CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-Latn-RS
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = google.rs/
URLSearchHook: HKCU - (No Name) - {fae389d5-e97e-4abd-8242-d9080c709167} - No File
URLSearchHook: HKCU - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {FAE389D5-E97E-4ABD-8242-D9080C709167} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FE7D5A0F-4E25-41B1-8A99-3D9D58F400D2} 178.250.142.23/webvideo.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\tyar9h5y.default-1392685097599
FF Homepage: google.rs/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: Web Navigation - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\tyar9h5y.default-1392685097599\Extensions\webnavigation@linkzb.com.xpi [2014-04-05]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-06]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: ""
"
CHR Plugin: (Shockwave Flash) - C:\Users\Sale\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Sale\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Sale\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sale\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (surf aend ukeeupu) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\biehpampngechlkmjlkhcofklidnbooo [2013-11-10]
CHR Extension: (Google News) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2012-08-19]
CHR Extension: (Disable Timeline on Facebook) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\efegkamagjpaioecemiekbhdgehlnaoe [2012-08-19]
CHR Extension: (B92) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchdppllamnngnbigohhfmeglnfaccm [2012-08-19]
CHR Extension: (Google провера поште) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2012-08-19]
CHR Extension: (Додатак RSS претплата (од Google-а)) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-08-19]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-04-05]

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer Free\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-04-27] ()
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-11-15] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2011-11-15] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-12-05] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-15] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 archlp; C:\Windows\System32\drivers\archlp.sys [142848 2010-01-12] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-06] (Marvell Semiconductor, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 SNPSTD3; C:\Windows\SysWOW64\DRIVERS\snpstd3.sys [10148480 2006-06-27] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-07-14] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.)
U3 a4yazemu; C:\Windows\System32\Drivers\a4yazemu.sys [0 ] (Microsoft Corporation)
S3 cleanhlp; \??\D:\EEK\Run\cleanhlp64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 13:30 - 2014-04-06 13:31 - 00020388 _____ () C:\Users\Sale\Downloads\FRST.txt
2014-04-06 13:30 - 2014-04-06 13:30 - 00000000 ____D () C:\FRST
2014-04-06 13:29 - 2014-04-06 13:29 - 02157056 _____ (Farbar) C:\Users\Sale\Downloads\FRST64.exe
2014-04-06 13:27 - 2014-04-06 13:27 - 00398912 _____ () C:\Users\Sale\Downloads\Anti-VBSVBEx64.exe
2014-04-06 13:27 - 2014-04-06 13:27 - 00001204 _____ () C:\Users\Sale\Downloads\Anti-VBSVBE.txt
2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____D () C:\Users\Sale\Downloads\Anti-VBSVBE-Backup
2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\ProgramData\ATI
2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-04-06 12:31 - 2014-04-06 12:31 - 00000000 ____D () C:\Windows\LastGood
2014-04-06 12:30 - 2014-04-06 12:30 - 00000000 ____D () C:\Program Files\ATI
2014-04-06 11:34 - 2014-04-06 11:34 - 00000000 ____D () C:\Users\Sale\Nova fascikla
2014-04-06 11:23 - 2014-04-06 11:23 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-04-06 11:22 - 2014-04-06 12:25 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Raptr
2014-04-06 11:22 - 2014-04-06 11:22 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\library_dir
2014-04-06 11:17 - 2014-04-06 11:22 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-06 10:52 - 2014-04-06 10:52 - 00009620 _____ () C:\Users\Sale\Desktop\attach.txt
2014-04-06 10:52 - 2014-04-06 10:51 - 00017655 _____ () C:\Users\Sale\Desktop\dds.txt
2014-04-06 08:56 - 2014-04-06 08:56 - 00262144 ____N () C:\Windows\Minidump\040614-34133-01.dmp
2014-04-06 00:06 - 2014-04-06 00:08 - 00000000 ____D () C:\AdwCleaner
2014-04-05 22:08 - 2014-04-05 22:08 - 00001238 _____ () C:\Windows\PFRO.log
2014-04-05 21:17 - 2014-04-05 21:17 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-05 21:17 - 2014-04-05 21:17 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\AVAST Software
2014-04-05 21:16 - 2014-04-06 08:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-05 21:16 - 2014-04-05 21:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-05 21:16 - 2014-04-05 21:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-05 21:16 - 2014-04-05 21:15 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-05 21:16 - 2014-04-05 21:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-05 21:16 - 2014-04-05 21:15 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-05 21:16 - 2014-04-05 21:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-05 21:16 - 2014-04-05 21:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-05 21:15 - 2014-04-05 21:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 21:14 - 2014-04-05 21:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-05 21:13 - 2014-04-05 21:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-05 20:59 - 2014-04-06 12:24 - 00000000 ____D () C:\ProgramData\MCShield
2014-04-05 20:59 - 2014-04-05 20:59 - 00000000 ____D () C:\Program Files (x86)\MCShield
2014-04-05 20:01 - 2014-04-05 20:09 - 00000000 ____D () C:\ProgramData\RegRun
2014-04-05 19:59 - 2014-04-05 20:08 - 00000246 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-04-05 19:20 - 2014-04-05 19:20 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-04-05 19:15 - 2014-04-05 23:47 - 00000000 ____D () C:\@RestoreQuarantine
2014-04-05 19:13 - 2014-04-05 20:03 - 00000000 ____D () C:\Users\Sale\Documents\RegRun2
2014-04-05 19:13 - 2014-04-05 19:13 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-04-05 19:13 - 2014-04-05 19:13 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-04-05 18:51 - 2014-04-05 23:26 - 00000000 ____D () C:\ProgramData\Zbshareware Lab
2014-04-05 18:51 - 2014-04-05 18:51 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Zbshareware Lab
2014-04-05 17:35 - 2014-04-05 18:19 - 00000001 _____ () C:\Users\Sale\Documents\autorun.inf.txt
2014-04-05 13:57 - 2014-04-05 22:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 13:50 - 2014-04-05 13:50 - 00000000 ____D () C:\Program Files\ESET
2014-04-04 21:29 - 2014-04-04 21:29 - 00262144 ____N () C:\Windows\Minidump\040414-24741-01.dmp
2014-04-03 18:19 - 2014-04-03 18:19 - 00262144 ____N () C:\Windows\Minidump\040314-22932-01.dmp
2014-03-29 08:28 - 2014-03-29 08:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 07:24 - 2014-03-27 07:24 - 00262144 ____N () C:\Windows\Minidump\032714-21450-01.dmp
2014-03-26 16:51 - 2014-03-26 16:51 - 00262144 ____N () C:\Windows\Minidump\032614-22183-01.dmp
2014-03-25 07:25 - 2014-03-25 07:25 - 00262144 ____N () C:\Windows\Minidump\032514-76892-01.dmp
2014-03-24 17:13 - 2014-03-24 17:13 - 00262144 ____N () C:\Windows\Minidump\032414-24601-01.dmp
2014-03-21 17:28 - 2014-03-21 17:28 - 00262144 ____N () C:\Windows\Minidump\032114-26442-01.dmp
2014-03-20 16:46 - 2014-03-20 16:46 - 00262144 ____N () C:\Windows\Minidump\032014-30732-01.dmp
2014-03-20 03:43 - 2014-04-06 12:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf43ddd4f86620.job
2014-03-20 03:43 - 2014-03-20 03:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf43ddd4f86620
2014-03-16 14:30 - 2014-03-16 14:30 - 00262144 ____N () C:\Windows\Minidump\031614-27736-01.dmp
2014-03-13 19:59 - 2014-03-13 19:59 - 00000000 ____D () C:\ProgramData\Real
2014-03-13 19:57 - 2014-04-06 12:32 - 00005690 _____ () C:\Windows\setupact.log
2014-03-13 19:57 - 2014-03-13 19:57 - 00262144 ____N () C:\Windows\Minidump\031314-39702-01.dmp
2014-03-13 19:57 - 2014-03-13 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-12 19:58 - 2014-03-25 07:37 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Real
2014-03-12 17:00 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 17:00 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 17:00 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 17:00 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 17:00 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 17:00 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 17:00 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 17:00 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 17:00 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 17:00 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 17:00 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 17:00 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 17:00 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 17:00 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 17:00 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 17:00 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 17:00 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 17:00 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 17:00 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 17:00 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 17:00 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 17:00 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 17:00 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 17:00 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 17:00 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 17:00 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 17:00 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 17:00 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 17:00 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 17:00 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 17:00 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 17:00 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 17:00 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 17:00 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 17:00 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 17:00 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 17:00 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 17:00 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 17:00 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 17:00 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 17:00 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 17:00 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 17:00 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 17:00 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 16:58 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 16:58 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:58 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 16:58 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-06 13:31 - 2014-04-06 13:30 - 00020388 _____ () C:\Users\Sale\Downloads\FRST.txt
2014-04-06 13:30 - 2014-04-06 13:30 - 00000000 ____D () C:\FRST
2014-04-06 13:29 - 2014-04-06 13:29 - 02157056 _____ (Farbar) C:\Users\Sale\Downloads\FRST64.exe
2014-04-06 13:27 - 2014-04-06 13:27 - 00398912 _____ () C:\Users\Sale\Downloads\Anti-VBSVBEx64.exe
2014-04-06 13:27 - 2014-04-06 13:27 - 00001204 _____ () C:\Users\Sale\Downloads\Anti-VBSVBE.txt
2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____D () C:\Users\Sale\Downloads\Anti-VBSVBE-Backup
2014-04-06 13:27 - 2010-07-14 14:48 - 00000000 ___RD () C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 13:26 - 2013-03-03 01:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61D8E7B1-1391-4629-8BB9-F31C94EEE683}
2014-04-06 13:04 - 2012-04-05 08:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 13:04 - 2010-07-14 23:43 - 01250782 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 12:50 - 2014-03-20 03:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf43ddd4f86620.job
2014-04-06 12:49 - 2013-08-07 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\ProgramData\ATI
2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-04-06 12:34 - 2011-11-13 13:38 - 00000000 ____D () C:\ProgramData\AMD
2014-04-06 12:32 - 2014-03-13 19:57 - 00005690 _____ () C:\Windows\setupact.log
2014-04-06 12:32 - 2013-08-03 15:58 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-04-06 12:31 - 2014-04-06 12:31 - 00000000 ____D () C:\Windows\LastGood
2014-04-06 12:30 - 2014-04-06 12:30 - 00000000 ____D () C:\Program Files\ATI
2014-04-06 12:30 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 12:30 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 12:25 - 2014-04-06 11:22 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Raptr
2014-04-06 12:24 - 2014-04-05 20:59 - 00000000 ____D () C:\ProgramData\MCShield
2014-04-06 12:23 - 2013-05-02 21:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-06 12:23 - 2010-09-06 10:27 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 12:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 12:08 - 2014-01-05 23:24 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\vlc
2014-04-06 12:08 - 2012-05-17 09:12 - 00000000 ____D () C:\Users\Sale\Documents\Readon Player
2014-04-06 11:34 - 2014-04-06 11:34 - 00000000 ____D () C:\Users\Sale\Nova fascikla
2014-04-06 11:34 - 2010-07-14 14:47 - 00000000 ____D () C:\Users\Sale
2014-04-06 11:23 - 2014-04-06 11:23 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-04-06 11:22 - 2014-04-06 11:22 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\library_dir
2014-04-06 11:22 - 2014-04-06 11:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-06 10:52 - 2014-04-06 10:52 - 00009620 _____ () C:\Users\Sale\Desktop\attach.txt
2014-04-06 10:51 - 2014-04-06 10:52 - 00017655 _____ () C:\Users\Sale\Desktop\dds.txt
2014-04-06 08:58 - 2014-04-05 21:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-06 08:57 - 2010-07-14 17:44 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 08:56 - 2014-04-06 08:56 - 00262144 ____N () C:\Windows\Minidump\040614-34133-01.dmp
2014-04-06 00:08 - 2014-04-06 00:06 - 00000000 ____D () C:\AdwCleaner
2014-04-05 23:47 - 2014-04-05 19:15 - 00000000 ____D () C:\@RestoreQuarantine
2014-04-05 23:26 - 2014-04-05 18:51 - 00000000 ____D () C:\ProgramData\Zbshareware Lab
2014-04-05 22:26 - 2014-04-05 13:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 22:08 - 2014-04-05 22:08 - 00001238 _____ () C:\Windows\PFRO.log
2014-04-05 21:17 - 2014-04-05 21:17 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-05 21:17 - 2014-04-05 21:17 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\AVAST Software
2014-04-05 21:15 - 2014-04-05 21:16 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-05 21:15 - 2014-04-05 21:16 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-05 21:15 - 2014-04-05 21:16 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-05 21:15 - 2014-04-05 21:16 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-05 21:15 - 2014-04-05 21:16 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-05 21:15 - 2014-04-05 21:16 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-05 21:15 - 2014-04-05 21:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-05 21:15 - 2014-04-05 21:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 21:15 - 2012-09-21 18:16 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-05 21:14 - 2014-04-05 21:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-05 21:13 - 2014-04-05 21:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-05 21:11 - 2013-05-03 09:31 - 00000000 ____D () C:\Program Files (x86)\TNod User & Password Finder
2014-04-05 21:11 - 2010-08-28 18:15 - 00000000 ____D () C:\Program Files (x86)\AIMP2
2014-04-05 20:59 - 2014-04-05 20:59 - 00000000 ____D () C:\Program Files (x86)\MCShield
2014-04-05 20:50 - 2009-07-14 07:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 20:09 - 2014-04-05 20:01 - 00000000 ____D () C:\ProgramData\RegRun
2014-04-05 20:08 - 2014-04-05 19:59 - 00000246 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-04-05 20:03 - 2014-04-05 19:13 - 00000000 ____D () C:\Users\Sale\Documents\RegRun2
2014-04-05 19:20 - 2014-04-05 19:20 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-04-05 19:13 - 2014-04-05 19:13 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-04-05 19:13 - 2014-04-05 19:13 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-04-05 18:51 - 2014-04-05 18:51 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Zbshareware Lab
2014-04-05 18:19 - 2014-04-05 17:35 - 00000001 _____ () C:\Users\Sale\Documents\autorun.inf.txt
2014-04-05 16:40 - 2013-08-16 23:29 - 00000000 ____D () C:\Program Files (x86)\SimpleFiles
2014-04-05 16:40 - 2011-07-05 18:13 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-04-05 13:56 - 2012-11-30 23:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 13:50 - 2014-04-05 13:50 - 00000000 ____D () C:\Program Files\ESET
2014-04-04 21:29 - 2014-04-04 21:29 - 00262144 ____N () C:\Windows\Minidump\040414-24741-01.dmp
2014-04-03 18:19 - 2014-04-03 18:19 - 00262144 ____N () C:\Windows\Minidump\040314-22932-01.dmp
2014-04-01 17:46 - 2010-07-14 18:32 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Skype
2014-03-31 17:03 - 2014-01-18 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 08:28 - 2014-03-29 08:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 07:24 - 2014-03-27 07:24 - 00262144 ____N () C:\Windows\Minidump\032714-21450-01.dmp
2014-03-26 16:51 - 2014-03-26 16:51 - 00262144 ____N () C:\Windows\Minidump\032614-22183-01.dmp
2014-03-25 07:37 - 2014-03-12 19:58 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Real
2014-03-25 07:25 - 2014-03-25 07:25 - 00262144 ____N () C:\Windows\Minidump\032514-76892-01.dmp
2014-03-24 17:13 - 2014-03-24 17:13 - 00262144 ____N () C:\Windows\Minidump\032414-24601-01.dmp
2014-03-21 17:28 - 2014-03-21 17:28 - 00262144 ____N () C:\Windows\Minidump\032114-26442-01.dmp
2014-03-20 21:56 - 2013-12-25 00:15 - 00000000 ____D () C:\Program Files\Recuva
2014-03-20 16:46 - 2014-03-20 16:46 - 00262144 ____N () C:\Windows\Minidump\032014-30732-01.dmp
2014-03-20 03:43 - 2014-03-20 03:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf43ddd4f86620
2014-03-20 03:43 - 2010-09-06 10:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-16 14:30 - 2014-03-16 14:30 - 00262144 ____N () C:\Windows\Minidump\031614-27736-01.dmp
2014-03-13 19:59 - 2014-03-13 19:59 - 00000000 ____D () C:\ProgramData\Real
2014-03-13 19:57 - 2014-03-13 19:57 - 00262144 ____N () C:\Windows\Minidump\031314-39702-01.dmp
2014-03-13 19:57 - 2014-03-13 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-12 20:13 - 2012-04-02 22:00 - 00000000 ____D () C:\Users\Sale\AppData\Local\Samsung
2014-03-12 20:13 - 2012-04-02 21:44 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-12 20:13 - 2010-07-14 17:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-12 19:58 - 2009-07-14 06:45 - 00418384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 19:55 - 2012-05-18 11:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 19:55 - 2012-05-18 11:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 19:51 - 2010-07-14 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 19:44 - 2010-07-14 19:11 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-03-12 19:43 - 2010-07-14 14:56 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\uTorrent
2014-03-12 18:08 - 2012-04-05 08:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 18:07 - 2012-04-05 08:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:07 - 2012-01-29 15:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 16:48 - 2014-02-13 18:42 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-31981920-1327261313-534511245-1000
2014-03-12 16:48 - 2014-01-24 16:46 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-31981920-1327261313-534511245-1000
2014-03-11 21:11 - 2013-03-17 17:44 - 00004990 _____ () C:\Users\Sale\Documents\TombRaider.log
2014-03-11 17:50 - 2014-03-05 16:58 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-31981920-1327261313-534511245-1000
2014-03-11 17:50 - 2014-02-24 16:57 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-31981920-1327261313-534511245-1000

Files to move or delete:
====================
C:\Users\Sale\jitsi.dll


Some content of TEMP:
====================
C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Sale\AppData\Local\Temp\Quarantine.exe
C:\Users\Sale\AppData\Local\Temp\raptrpatch.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 01:41

==================== End Of Log ============================

Dopuna: 06 Apr 2014 13:45

Pozdrav i veliko hvala na pomoci,cekam dalja uputstva!!!

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Dostavi mi Addition.txt log

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Start
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {0aedf61b-327b-11e3-9a66-001fc6c9bc70} - H:\Startme.exe
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {4ecee17d-a6d2-11df-b662-001fc6c9bc70} - H:\LaunchU3.exe -a
AppInit_DLLs-x32: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll" File Not Found
URLSearchHook: HKCU - (No Name) - {fae389d5-e97e-4abd-8242-d9080c709167} - No File
URLSearchHook: HKCU - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {FAE389D5-E97E-4ABD-8242-D9080C709167} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
C:\Users\Sale\jitsi.dll
C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Sale\AppData\Local\Temp\Quarantine.exe
C:\Users\Sale\AppData\Local\Temp\raptrpatch.exe
Task: {2070D44D-001A-4AE6-B9F6-CE88FE970CC3} - System32\Tasks\RunAsStdUser Task => C:\Users\Sale\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe <==== ATTENTION
Task: {6B86B16E-595D-4F5F-B8C9-E5A1FD828746} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Sale\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
CMD: DEL %TEMP%\*.* /F /S /Q
End

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Sale at 2014-04-06 14:27:49 Run:1
Running from C:\Users\Sale\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {0aedf61b-327b-11e3-9a66-001fc6c9bc70} - H:\Startme.exe
HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {4ecee17d-a6d2-11df-b662-001fc6c9bc70} - H:\LaunchU3.exe -a
AppInit_DLLs-x32: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll" File Not Found
URLSearchHook: HKCU - (No Name) - {fae389d5-e97e-4abd-8242-d9080c709167} - No File
URLSearchHook: HKCU - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {FAE389D5-E97E-4ABD-8242-D9080C709167} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
C:\Users\Sale\jitsi.dll
C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Sale\AppData\Local\Temp\Quarantine.exe
C:\Users\Sale\AppData\Local\Temp\raptrpatch.exe
Task: {2070D44D-001A-4AE6-B9F6-CE88FE970CC3} - System32\Tasks\RunAsStdUser Task => C:\Users\Sale\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe <==== ATTENTION
Task: {6B86B16E-595D-4F5F-B8C9-E5A1FD828746} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Sale\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
CMD: DEL %TEMP%\*.* /F /S /Q
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-31981920-1327261313-534511245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aedf61b-327b-11e3-9a66-001fc6c9bc70} => Key deleted successfully.
HKCR\CLSID\{0aedf61b-327b-11e3-9a66-001fc6c9bc70} => Key not found.
HKU\S-1-5-21-31981920-1327261313-534511245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ecee17d-a6d2-11df-b662-001fc6c9bc70} => Key deleted successfully.
HKCR\CLSID\{4ecee17d-a6d2-11df-b662-001fc6c9bc70} => Key not found.
"c:\\progra~3\\browse~1\\22643~1.41\\{16cdf~1\\browse~1.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fae389d5-e97e-4abd-8242-d9080c709167} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{124d001a-bdcb-472f-aa59-bbe7e4bc3204} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FAE389D5-E97E-4ABD-8242-D9080C709167} => Value deleted successfully.
HKCR\CLSID\{FAE389D5-E97E-4ABD-8242-D9080C709167} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
C:\Users\Sale\jitsi.dll => Moved successfully.
C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe => Moved successfully.
C:\Users\Sale\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Sale\AppData\Local\Temp\raptrpatch.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2070D44D-001A-4AE6-B9F6-CE88FE970CC3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2070D44D-001A-4AE6-B9F6-CE88FE970CC3} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B86B16E-595D-4F5F-B8C9-E5A1FD828746} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B86B16E-595D-4F5F-B8C9-E5A1FD828746} => Key deleted successfully.
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully.

========= DEL %TEMP%\*.* /F /S /Q =========

Deleted file - C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe.tmp
Deleted file - C:\Users\Sale\AppData\Local\Temp\373689_235369401_Addition.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\904D57F61A9D7FE5185C01B47D54C2FB
Deleted file - C:\Users\Sale\AppData\Local\Temp\AdobeARM.log
Deleted file - C:\Users\Sale\AppData\Local\Temp\AdwCleaner.jpg
Deleted file - C:\Users\Sale\AppData\Local\Temp\AMDCatalyst_EXE_Package_Banner_415x82_Oct_2010.bmp
Deleted file - C:\Users\Sale\AppData\Local\Temp\Attach.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\CE4CF87733651BF1F44DD1E02FC1A8E8
Deleted file - C:\Users\Sale\AppData\Local\Temp\chart_data.dat
Deleted file - C:\Users\Sale\AppData\Local\Temp\Cleaning.ico
Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR10D1.tmp.cvr
Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR1785.tmp.cvr
Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR26E1.tmp.cvr
Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR30C.tmp.cvr
Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR3F22.tmp.cvr
Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR4440.tmp.cvr
Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR83CF.tmp.cvr
Deleted file - C:\Users\Sale\AppData\Local\Temp\CVRF23B.tmp.cvr
Deleted file - C:\Users\Sale\AppData\Local\Temp\DDS.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\dd_NDP451-KB2858728-x86-x64-AllOS-ENU_decompression_log.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\Donate.ico
Deleted file - C:\Users\Sale\AppData\Local\Temp\EULA.txt
C:\Users\Sale\AppData\Local\Temp\FXSAPIDebugLogFile.txt
Proces ne mo�e da pristupi datoteci jer je koristi drugi proces.
Deleted file - C:\Users\Sale\AppData\Local\Temp\geColladaModelCacheLock
Deleted file - C:\Users\Sale\AppData\Local\Temp\geIconCacheLock
Deleted file - C:\Users\Sale\AppData\Local\Temp\JavaDeployReg.log
Deleted file - C:\Users\Sale\AppData\Local\Temp\jusched.log
Deleted file - C:\Users\Sale\AppData\Local\Temp\LastScan.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\Microsoft .NET Framework 4.5.1 Setup_20140406_124936259.html
Deleted file - C:\Users\Sale\AppData\Local\Temp\MSI1fb4f.LOG
Deleted file - C:\Users\Sale\AppData\Local\Temp\Report.ico
Deleted file - C:\Users\Sale\AppData\Local\Temp\result.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\Scan.ico
Deleted file - C:\Users\Sale\AppData\Local\Temp\Setup.log
Deleted file - C:\Users\Sale\AppData\Local\Temp\streaming_updates.dat
Deleted file - C:\Users\Sale\AppData\Local\Temp\Uninstall.ico
Deleted file - C:\Users\Sale\AppData\Local\Temp\WER277C.tmp.WERInternalMetadata.xml
Deleted file - C:\Users\Sale\AppData\Local\Temp\WER2CF9.tmp.WERInternalMetadata.xml
Deleted file - C:\Users\Sale\AppData\Local\Temp\~DF161ABC39CBCB4C5A.TMP
Deleted file - C:\Users\Sale\AppData\Local\Temp\~DFAB872CC9AF551411.TMP
Deleted file - C:\Users\Sale\AppData\Local\Temp\~DFC3DC381873BF00F7.TMP
Deleted file - C:\Users\Sale\AppData\Local\Temp\a2temp\update.ini
Deleted file - C:\Users\Sale\AppData\Local\Temp\avastBCLTMP\firefox\webnavigation@linkzb.com\chrome\icon.png
C:\Users\Sale\AppData\Local\Temp\hsperfdata_Sale\3472
Pristup nije dozvoljen.
Deleted file - C:\Users\Sale\AppData\Local\Temp\Low\JavaDeployReg.log
C:\Users\Sale\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-27551
Proces ne mo�e da pristupi datoteci jer je koristi drugi proces.
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\avz.exe
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\avz.url
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\avz_en.chm
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\avz_ru.chm
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\version.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\backup.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\bt.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\exc.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\extract.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\keylogger.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\krnldrv.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\lang_en.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\lang_ru.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main001.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main002.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main003.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main004.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main005.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main006.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main007.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main008.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main009.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main010.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main011.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main012.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main013.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main014.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main015.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main016.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main017.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main018.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main019.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main020.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main021.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main022.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main023.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main024.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main025.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main026.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main027.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main028.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main029.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\neural.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\neurald.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\neurale.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\neuralm.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\ports.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\prt.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\repair.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\rootkit.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\scripts.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\scu.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf001.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf002.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf003.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf004.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf005.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signfusr.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\syscheck.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\sysipu.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\tsw-auto.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\tsw.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\LOG\virusinfo_syscheck.htm
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\LOG\virusinfo_syscheck.xml
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\LOG\virusinfo_syscheck.zip
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\avz.exe
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\avz.url
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\avz_en.chm
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\avz_ru.chm
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\version.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\backup.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\bt.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\exc.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\extract.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\keylogger.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\krnldrv.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\lang_en.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\lang_ru.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main001.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main002.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main003.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main004.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main005.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main006.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main007.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main008.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main009.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main010.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main011.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main012.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main013.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main014.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main015.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main016.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main017.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main018.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main019.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main020.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main021.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main022.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main023.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main024.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main025.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main026.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main027.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main028.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main029.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\neural.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\neurald.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\neurale.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\neuralm.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\ports.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\prt.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\repair.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\rootkit.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\scripts.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\scu.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf001.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf002.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf003.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf004.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf005.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signfusr.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\syscheck.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\sysipu.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\tsw-auto.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\tsw.avz
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\LOG\virusinfo_syscheck.htm
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\LOG\virusinfo_syscheck.xml
Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\LOG\virusinfo_syscheck.zip
Deleted file - C:\Users\Sale\AppData\Local\Temp\tmp0000014a\tmp00000000
Deleted file - C:\Users\Sale\AppData\Local\Temp\tmp00000b2f\tmp00000000
Deleted file - C:\Users\Sale\AppData\Local\Temp\UpdateWizard_60163\TUProduct.db
Deleted file - C:\Users\Sale\AppData\Local\Temp\{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}\Language.txt
Deleted file - C:\Users\Sale\AppData\Local\Temp\{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}\local.txt

========= End of CMD: =========


==== End of Fixlog ====

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Sad prikljuci sve USB memorije koje imas i posle skeniranja dostavi izvestaj All Scans.txt (MCShield ce automatski da ih skenira).


Zatim uradi sledece:

Klikni na Start > search > Ukucaj %programdata%\mcshield > enter

Zapakuj folder Quarantine u Rar i posalji ga preko ove adrese:

http://www.mycity.rs/ambulanta-upload.php



Obavesti me kad ga uploadujes.

offline
  • Pridružio: 06 Apr 2014
  • Poruke: 12

MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<<


6.4.2014 14:52:21 > Drive I: - scan started (GAGI ~14867 MB, FAT32 flash drive )...


>>> I:\slmgr.vbs - Malware > Deleted. (14.04.06. 14.52 slmgr.vbs.234997; MD5: 85a704b219392855180fb880239ee2eb)


=> Malicious files : 1/1 deleted.

____________________________________________

::::: Scan duration: 5sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<<


6.4.2014 14:52:46 > Drive H: - scan started (no label ~3774 MB, FAT32 flash drive )...



---> Executing generic S&D routine... Searching for files hidden by malware...


---> Items to process: 2

---> H:\Novi tekstualni dokument.txt > unhidden.

---> H:\Novi tekstualni dokument (2).txt > unhidden.



>>> H:\Novi tekstualni dokument.lnk - Malware > Deleted. (14.04.06. 14.52 Novi tekstualni dokument.lnk.699169; MD5: 1be4405676399ec2afadcff91bb590d8)

>>> H:\Novi tekstualni dokument (2).lnk - Malware > Deleted. (14.04.06. 14.52 Novi tekstualni dokument (2).lnk.570305; MD5: fce6257db14a5ceeb373697cb86bac60)

>>> H:\AUTORUN.INF.lnk - Malware > Deleted. (14.04.06. 14.52 AUTORUN.INF.lnk.740255; MD5: d3b29923f93cdca2a428bd3045a6b849)

> Resetting attributes: H:\AUTORUN.INF < Successful.


=> Malicious files : 3/3 deleted.
=> Hidden folders : 1/1 unhidden.
=> Hidden files : 2/2 unhidden.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Posalji Quarantine folder.

Ko je trenutno na forumu
 

Ukupno su 479 korisnika na forumu :: 9 registrovanih, 1 sakriven i 469 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., brufen2, Drug pukovnik, goxin, kaptain2, Konda2, Mercury2, uruk, VJ