MyCity » Ambulanta -> Arhiva Ambulante » Virus na USB memoriji

Virus na USB memoriji

Napisano na dan: 6.4.2014

Strana:
1
2

Virus na USB memoriji

Sledeća strana

Pagination

Odgovori

Strana:
1
2

gagis976 Poslao: 06 Apr 2014 11:04 Idi na vrh
offline gagis976 Novi MyCity građanin Pridružio: 06 Apr 2014 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 06 Apr 2014 9:49 Ukljucio sam USB u koleginicin kompjuter kako bi prebacio neke dokumente. Kada sam uključio u moj kompjuter počeo je da mi pravi prečice i sakriva fajlove.Našao sam na vašem forumu sličan problem u temi:http://www.mycity.rs/Arhiva-Ambulante/Virus-koji-napada-USB-mozda-i-vise-Zarazen-preko-FaceBook-a.html i instalirao sam AVZ Antiviral Toolkit i MC Shield. Nakon ciscenja MCShiled izbacuje ovo kada upalim komp: MCShield ::Anti-Malware Tool:: [Link mogu videti samo ulogovani korisnici] >>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<< 6.4.2014 9:21:03 > Drive C: - scan started (no label ~41 GB, NTFS HDD )... => The drive is clean. 6.4.2014 9:21:04 > Drive D: - scan started (no label ~149 GB, NTFS HDD )... => The drive is clean. Ali kada ubacim USB na kome uvek pronađe virus i navodno ga ocisti ali se on stalno vraća pojavi se ovo: MCShield ::Anti-Malware Tool:: [Link mogu videti samo ulogovani korisnici] >>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<< 6.4.2014 9:37:50 > Drive I: - scan started (GAGI ~14867 MB, FAT32 flash drive )... >>> I:\slmgr.vbs - Malware > Deleted. (14.04.06. 09.37 slmgr.vbs.397854; MD5: 85a704b219392855180fb880239ee2eb) => Malicious files : 1/1 deleted. ____________________________________________ ::::: Scan duration: 3sec :::::::::::::::::: ____________________________________________ Isto tako mi se desava i sa memorijskom karticom. Skenirao sam kom sa Nod 32 ,a posle sam ubacio Avast ,ali oni nista ne pokazuju.Stvarno vise ne znam sta da radim.Unapred hvala na pomoći Dopuna: 06 Apr 2014 11:04 DS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2 Run by Sale at 10:49:23 on 2014-04-06 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.566 [GMT 2:00] . AV: avast! Antivirus Enabled/Updated {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus Enabled/Updated {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\vsnpstd3.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\System32\wscript.exe C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe C:\Program Files (x86)\MCShield\MCShieldRTM.exe C:\Windows\system32\HPSIsvc.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = [Link mogu videti samo ulogovani korisnici] uSearch Bar = [Link mogu videti samo ulogovani korisnici] uSearch Page = [Link mogu videti samo ulogovani korisnici] uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uSearchAssistant = [Link mogu videti samo ulogovani korisnici] uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] uURLSearchHooks: {fae389d5-e97e-4abd-8242-d9080c709167} - <orphaned> uURLSearchHooks: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [Firewall] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Sale\AppData\Roaming\upgrade\update.jar" uRun: [slmgr] wscript.exe //B "C:\Users\Sale\AppData\Roaming\slmgr.vbs" uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui StartupFolder: C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slmgr.vbs uPolicies-Explorer: NoDriveTypeAutoRun = dword:4 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Sale\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - [Link mogu videti samo ulogovani korisnici] DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [Link mogu videti samo ulogovani korisnici] DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [Link mogu videti samo ulogovani korisnici] DPF: {FE7D5A0F-4E25-41B1-8A99-3D9D58F400D2} - [Link mogu videti samo ulogovani korisnici] TCP: NameServer = 8.8.8.8 TCP: Interfaces\{DE68B433-F666-49F3-90F9-311D1B38276D} : DHCPNameServer = 8.8.8.8 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [slmgr] wscript.exe //B "C:\Users\Sale\AppData\Roaming\slmgr.vbs" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\tyar9h5y.default-1392685097599\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-5 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-5 208928] R1 archlp;archlp;C:\Windows\System32\drivers\ArcHlp.sys [2010-10-3 142848] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-5 1039096] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-5 423240] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/20 17:05:26];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-3-13 146928] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-5 79184] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-11-12 46136] R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-5 84816] R3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-1-27 20480] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-25 11856] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-7 231440] S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-3 37344] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-10-12 14448] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720] S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-5 119512] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-3 19456] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2012-4-2 127488] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2012-4-2 18944] S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2012-4-2 161280] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-5-3 169288] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-5-3 21320] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-5-3 188232] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2013-5-3 158024] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-3 57856] SUnknown tsusbhub;tsusbhub; [x] . =============== File Associations =============== . ShellExec: DigitalTheatre.exe: open="C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 3\uDTStart.exe" "%1" . =============== Created Last 30 ================ . 2014-04-05 22:06:53 -------- d-----w- C:\AdwCleaner 2014-04-05 19:17:21 -------- d-----w- C:\Users\Sale\AppData\Roaming\AVAST Software 2014-04-05 19:16:17 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2014-04-05 19:16:16 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-04-05 19:16:15 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2014-04-05 19:16:13 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-04-05 19:16:13 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2014-04-05 19:16:12 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2014-04-05 19:15:57 43152 ----a-w- C:\Windows\avastSS.scr 2014-04-05 19:14:57 -------- d-----w- C:\Program Files\AVAST Software 2014-04-05 19:13:32 -------- d-----w- C:\ProgramData\AVAST Software 2014-04-05 18:59:54 -------- d-----w- C:\ProgramData\MCShield 2014-04-05 18:59:54 -------- d-----w- C:\Program Files (x86)\MCShield 2014-04-05 18:01:24 -------- d-----w- C:\ProgramData\RegRun 2014-04-05 17:20:32 40720 ----a-w- C:\Windows\System32\Partizan.exe 2014-04-05 17:15:57 -------- d-----w- C:\@RestoreQuarantine 2014-04-05 17:13:29 2 --shatr- C:\Windows\winstart.bat 2014-04-05 16:51:27 -------- d-----w- C:\Users\Sale\AppData\Roaming\Zbshareware Lab 2014-04-05 16:51:27 -------- d-----w- C:\ProgramData\Zbshareware Lab 2014-04-05 11:57:39 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-05 11:50:20 -------- d-----w- C:\Program Files\ESET 2014-04-04 19:36:15 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6876B99E-139B-404F-B6E8-9F8859CB8CDF}\mpengine.dll 2014-03-12 14:58:10 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-12 14:58:10 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-12 14:58:08 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-12 14:58:08 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll . ==================== Find3M ==================== . 2014-03-12 16:07:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 16:07:59 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-24 23:17:32 4350035 --sha-w- C:\Users\Sale\AppData\Roaming\slmgr.vbs 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll 2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll 2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr . ============= FINISH: 10:51:29,90 ===============

Profil

argus Poslao: 06 Apr 2014 11:52 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i dobrodosao na forum. Nemoj da prikljucujes nista na USB dok ti ne kazem. Korak 1. Preuzmi na desktop Anti-VBSVBE * Pokreni program klikni na Run i sacekaj da program zavrsi sa radom * Na deskopu ce se pojaviti izvestaj koji je potrebno iskopirati na forum Korak 2. Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop: Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom. Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija. dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor; pričekati koji trenutak dok alat proverava postoji li novija verzija; klikni na dugme Scan; po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan; iskopiraj sadržaj FRST.txt izveštaja u poruku; po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt); okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

Profil

gagis976 Poslao: 06 Apr 2014 13:45 Idi na vrh
offline gagis976 Novi MyCity građanin Pridružio: 06 Apr 2014 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 06 Apr 2014 13:42 Running fix at 6.4.2014 13:27:25 > Found: C:\Windows\system32\slmgr.vbs - deletion failed! > Found: C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slmgr.vbs - deleted. > Found: c:\users\sale\appdata\roaming\slmgr.vbs - deleted. > Found: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\slmgr - deleted. > Found: HKU\Sale\Software\Microsoft\Windows\CurrentVersion\Run\slmgr - deleted. Fix finished at 6.4.2014 13:27:30 Anti-VBS/VBE, build 11 [Link mogu videti samo ulogovani korisnici] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Sale (administrator) on SALE-PC on 06-04-2014 13:30:53 Running from C:\Users\Sale\Downloads Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: [Link mogu videti samo ulogovani korisnici] Download link for 64-Bit Version: [Link mogu videti samo ulogovani korisnici] Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: [Link mogu videti samo ulogovani korisnici] ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\system32\HPSIsvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Windows\vsnpstd3.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] () HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software) HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [Firewall] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Sale\AppData\Roaming\upgrade\update.jar" HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [MCShield Monitor] - C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-02-02] (MyCity) HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-28] (Raptr, Inc) HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {0aedf61b-327b-11e3-9a66-001fc6c9bc70} - H:\Startme.exe HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {4ecee17d-a6d2-11df-b662-001fc6c9bc70} - H:\LaunchU3.exe -a AppInit_DLLs-x32: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll" File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x24E76DFDC378CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-Latn-RS HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Link mogu videti samo ulogovani korisnici] URLSearchHook: HKCU - (No Name) - {fae389d5-e97e-4abd-8242-d9080c709167} - No File URLSearchHook: HKCU - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File SearchScopes: HKLM - DefaultScope value is missing. BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {FAE389D5-E97E-4ABD-8242-D9080C709167} - No File DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} [Link mogu videti samo ulogovani korisnici] DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} [Link mogu videti samo ulogovani korisnici] DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [Link mogu videti samo ulogovani korisnici] DPF: HKLM-x32 {FE7D5A0F-4E25-41B1-8A99-3D9D58F400D2} [Link mogu videti samo ulogovani korisnici] Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\tyar9h5y.default-1392685097599 FF Homepage: [Link mogu videti samo ulogovani korisnici] FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pogodakyu.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vokabular.xml FF Extension: Web Navigation - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\tyar9h5y.default-1392685097599\Extensions\webnavigation@linkzb.com.xpi [2014-04-05] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-05] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-06] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "" " CHR Plugin: (Shockwave Flash) - C:\Users\Sale\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Sale\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Sale\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sale\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll No File CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Extension: (surf aend ukeeupu) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\biehpampngechlkmjlkhcofklidnbooo [2013-11-10] CHR Extension: (Google News) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2012-08-19] CHR Extension: (Disable Timeline on Facebook) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\efegkamagjpaioecemiekbhdgehlnaoe [2012-08-19] CHR Extension: (B92) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchdppllamnngnbigohhfmeglnfaccm [2012-08-19] CHR Extension: (Google провера поште) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2012-08-19] CHR Extension: (Додатак RSS претплата (од Google-а)) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-08-19] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-04-05] ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software) S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer Free\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] () S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-04-27] () R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-11-15] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2011-11-15] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-12-05] (TuneUp Software) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-15] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R1 archlp; C:\Windows\System32\drivers\archlp.sys [142848 2010-01-12] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-05] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-06] (Marvell Semiconductor, Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.) S3 SNPSTD3; C:\Windows\SysWOW64\DRIVERS\snpstd3.sys [10148480 2006-06-27] (Sonix Co. Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-07-14] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software) R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.) U3 a4yazemu; C:\Windows\System32\Drivers\a4yazemu.sys [0 ] (Microsoft Corporation) S3 cleanhlp; \??\D:\EEK\Run\cleanhlp64.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 13:30 - 2014-04-06 13:31 - 00020388 _____ () C:\Users\Sale\Downloads\FRST.txt 2014-04-06 13:30 - 2014-04-06 13:30 - 00000000 ____D () C:\FRST 2014-04-06 13:29 - 2014-04-06 13:29 - 02157056 _____ (Farbar) C:\Users\Sale\Downloads\FRST64.exe 2014-04-06 13:27 - 2014-04-06 13:27 - 00398912 _____ () C:\Users\Sale\Downloads\Anti-VBSVBEx64.exe 2014-04-06 13:27 - 2014-04-06 13:27 - 00001204 _____ () C:\Users\Sale\Downloads\Anti-VBSVBE.txt 2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____D () C:\Users\Sale\Downloads\Anti-VBSVBE-Backup 2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\ProgramData\ATI 2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP 2014-04-06 12:31 - 2014-04-06 12:31 - 00000000 ____D () C:\Windows\LastGood 2014-04-06 12:30 - 2014-04-06 12:30 - 00000000 ____D () C:\Program Files\ATI 2014-04-06 11:34 - 2014-04-06 11:34 - 00000000 ____D () C:\Users\Sale\Nova fascikla 2014-04-06 11:23 - 2014-04-06 11:23 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2014-04-06 11:22 - 2014-04-06 12:25 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Raptr 2014-04-06 11:22 - 2014-04-06 11:22 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\library_dir 2014-04-06 11:17 - 2014-04-06 11:22 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-04-06 10:52 - 2014-04-06 10:52 - 00009620 _____ () C:\Users\Sale\Desktop\attach.txt 2014-04-06 10:52 - 2014-04-06 10:51 - 00017655 _____ () C:\Users\Sale\Desktop\dds.txt 2014-04-06 08:56 - 2014-04-06 08:56 - 00262144 ____N () C:\Windows\Minidump\040614-34133-01.dmp 2014-04-06 00:06 - 2014-04-06 00:08 - 00000000 ____D () C:\AdwCleaner 2014-04-05 22:08 - 2014-04-05 22:08 - 00001238 _____ () C:\Windows\PFRO.log 2014-04-05 21:17 - 2014-04-05 21:17 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-05 21:17 - 2014-04-05 21:17 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\AVAST Software 2014-04-05 21:16 - 2014-04-06 08:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-05 21:16 - 2014-04-05 21:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-05 21:16 - 2014-04-05 21:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-05 21:16 - 2014-04-05 21:15 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-05 21:16 - 2014-04-05 21:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-05 21:16 - 2014-04-05 21:15 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-05 21:16 - 2014-04-05 21:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-05 21:16 - 2014-04-05 21:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-05 21:15 - 2014-04-05 21:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-05 21:14 - 2014-04-05 21:14 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-05 21:13 - 2014-04-05 21:13 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-05 20:59 - 2014-04-06 12:24 - 00000000 ____D () C:\ProgramData\MCShield 2014-04-05 20:59 - 2014-04-05 20:59 - 00000000 ____D () C:\Program Files (x86)\MCShield 2014-04-05 20:01 - 2014-04-05 20:09 - 00000000 ____D () C:\ProgramData\RegRun 2014-04-05 19:59 - 2014-04-05 20:08 - 00000246 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT 2014-04-05 19:20 - 2014-04-05 19:20 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe 2014-04-05 19:15 - 2014-04-05 23:47 - 00000000 ____D () C:\@RestoreQuarantine 2014-04-05 19:13 - 2014-04-05 20:03 - 00000000 ____D () C:\Users\Sale\Documents\RegRun2 2014-04-05 19:13 - 2014-04-05 19:13 - 00000002 RSHOT () C:\Windows\winstart.bat 2014-04-05 19:13 - 2014-04-05 19:13 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT 2014-04-05 18:51 - 2014-04-05 23:26 - 00000000 ____D () C:\ProgramData\Zbshareware Lab 2014-04-05 18:51 - 2014-04-05 18:51 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Zbshareware Lab 2014-04-05 17:35 - 2014-04-05 18:19 - 00000001 _____ () C:\Users\Sale\Documents\autorun.inf.txt 2014-04-05 13:57 - 2014-04-05 22:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-05 13:50 - 2014-04-05 13:50 - 00000000 ____D () C:\Program Files\ESET 2014-04-04 21:29 - 2014-04-04 21:29 - 00262144 ____N () C:\Windows\Minidump\040414-24741-01.dmp 2014-04-03 18:19 - 2014-04-03 18:19 - 00262144 ____N () C:\Windows\Minidump\040314-22932-01.dmp 2014-03-29 08:28 - 2014-03-29 08:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-27 07:24 - 2014-03-27 07:24 - 00262144 ____N () C:\Windows\Minidump\032714-21450-01.dmp 2014-03-26 16:51 - 2014-03-26 16:51 - 00262144 ____N () C:\Windows\Minidump\032614-22183-01.dmp 2014-03-25 07:25 - 2014-03-25 07:25 - 00262144 ____N () C:\Windows\Minidump\032514-76892-01.dmp 2014-03-24 17:13 - 2014-03-24 17:13 - 00262144 ____N () C:\Windows\Minidump\032414-24601-01.dmp 2014-03-21 17:28 - 2014-03-21 17:28 - 00262144 ____N () C:\Windows\Minidump\032114-26442-01.dmp 2014-03-20 16:46 - 2014-03-20 16:46 - 00262144 ____N () C:\Windows\Minidump\032014-30732-01.dmp 2014-03-20 03:43 - 2014-04-06 12:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf43ddd4f86620.job 2014-03-20 03:43 - 2014-03-20 03:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf43ddd4f86620 2014-03-16 14:30 - 2014-03-16 14:30 - 00262144 ____N () C:\Windows\Minidump\031614-27736-01.dmp 2014-03-13 19:59 - 2014-03-13 19:59 - 00000000 ____D () C:\ProgramData\Real 2014-03-13 19:57 - 2014-04-06 12:32 - 00005690 _____ () C:\Windows\setupact.log 2014-03-13 19:57 - 2014-03-13 19:57 - 00262144 ____N () C:\Windows\Minidump\031314-39702-01.dmp 2014-03-13 19:57 - 2014-03-13 19:57 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-12 19:58 - 2014-03-25 07:37 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Real 2014-03-12 17:00 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 17:00 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 17:00 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 17:00 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 17:00 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-12 17:00 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-12 17:00 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 17:00 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-12 17:00 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 17:00 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 17:00 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-12 17:00 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-12 17:00 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 17:00 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 17:00 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 17:00 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 17:00 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-12 17:00 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 17:00 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 17:00 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 17:00 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 17:00 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 17:00 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 17:00 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 17:00 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 17:00 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 17:00 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 17:00 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 17:00 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 17:00 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 17:00 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 17:00 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 17:00 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 17:00 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 17:00 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 17:00 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 17:00 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 17:00 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 17:00 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 17:00 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 17:00 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 17:00 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 17:00 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 17:00 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 16:58 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 16:58 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 16:58 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 16:58 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-06 13:31 - 2014-04-06 13:30 - 00020388 _____ () C:\Users\Sale\Downloads\FRST.txt 2014-04-06 13:30 - 2014-04-06 13:30 - 00000000 ____D () C:\FRST 2014-04-06 13:29 - 2014-04-06 13:29 - 02157056 _____ (Farbar) C:\Users\Sale\Downloads\FRST64.exe 2014-04-06 13:27 - 2014-04-06 13:27 - 00398912 _____ () C:\Users\Sale\Downloads\Anti-VBSVBEx64.exe 2014-04-06 13:27 - 2014-04-06 13:27 - 00001204 _____ () C:\Users\Sale\Downloads\Anti-VBSVBE.txt 2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____D () C:\Users\Sale\Downloads\Anti-VBSVBE-Backup 2014-04-06 13:27 - 2010-07-14 14:48 - 00000000 ___RD () C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-06 13:26 - 2013-03-03 01:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61D8E7B1-1391-4629-8BB9-F31C94EEE683} 2014-04-06 13:04 - 2012-04-05 08:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-06 13:04 - 2010-07-14 23:43 - 01250782 _____ () C:\Windows\WindowsUpdate.log 2014-04-06 12:50 - 2014-03-20 03:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf43ddd4f86620.job 2014-04-06 12:49 - 2013-08-07 00:22 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\ProgramData\ATI 2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-04-06 12:34 - 2014-04-06 12:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP 2014-04-06 12:34 - 2011-11-13 13:38 - 00000000 ____D () C:\ProgramData\AMD 2014-04-06 12:32 - 2014-03-13 19:57 - 00005690 _____ () C:\Windows\setupact.log 2014-04-06 12:32 - 2013-08-03 15:58 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-04-06 12:31 - 2014-04-06 12:31 - 00000000 ____D () C:\Windows\LastGood 2014-04-06 12:30 - 2014-04-06 12:30 - 00000000 ____D () C:\Program Files\ATI 2014-04-06 12:30 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-06 12:30 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-06 12:25 - 2014-04-06 11:22 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Raptr 2014-04-06 12:24 - 2014-04-05 20:59 - 00000000 ____D () C:\ProgramData\MCShield 2014-04-06 12:23 - 2013-05-02 21:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-04-06 12:23 - 2010-09-06 10:27 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-06 12:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-06 12:08 - 2014-01-05 23:24 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\vlc 2014-04-06 12:08 - 2012-05-17 09:12 - 00000000 ____D () C:\Users\Sale\Documents\Readon Player 2014-04-06 11:34 - 2014-04-06 11:34 - 00000000 ____D () C:\Users\Sale\Nova fascikla 2014-04-06 11:34 - 2010-07-14 14:47 - 00000000 ____D () C:\Users\Sale 2014-04-06 11:23 - 2014-04-06 11:23 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2014-04-06 11:22 - 2014-04-06 11:22 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\library_dir 2014-04-06 11:22 - 2014-04-06 11:17 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-04-06 10:52 - 2014-04-06 10:52 - 00009620 _____ () C:\Users\Sale\Desktop\attach.txt 2014-04-06 10:51 - 2014-04-06 10:52 - 00017655 _____ () C:\Users\Sale\Desktop\dds.txt 2014-04-06 08:58 - 2014-04-05 21:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-06 08:57 - 2010-07-14 17:44 - 00000000 ____D () C:\Windows\Minidump 2014-04-06 08:56 - 2014-04-06 08:56 - 00262144 ____N () C:\Windows\Minidump\040614-34133-01.dmp 2014-04-06 00:08 - 2014-04-06 00:06 - 00000000 ____D () C:\AdwCleaner 2014-04-05 23:47 - 2014-04-05 19:15 - 00000000 ____D () C:\@RestoreQuarantine 2014-04-05 23:26 - 2014-04-05 18:51 - 00000000 ____D () C:\ProgramData\Zbshareware Lab 2014-04-05 22:26 - 2014-04-05 13:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-05 22:08 - 2014-04-05 22:08 - 00001238 _____ () C:\Windows\PFRO.log 2014-04-05 21:17 - 2014-04-05 21:17 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-05 21:17 - 2014-04-05 21:17 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\AVAST Software 2014-04-05 21:15 - 2014-04-05 21:16 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-05 21:15 - 2014-04-05 21:16 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-05 21:15 - 2014-04-05 21:16 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-05 21:15 - 2014-04-05 21:16 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-05 21:15 - 2014-04-05 21:16 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-05 21:15 - 2014-04-05 21:16 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-05 21:15 - 2014-04-05 21:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-05 21:15 - 2014-04-05 21:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-05 21:15 - 2012-09-21 18:16 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-05 21:14 - 2014-04-05 21:14 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-05 21:13 - 2014-04-05 21:13 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-05 21:11 - 2013-05-03 09:31 - 00000000 ____D () C:\Program Files (x86)\TNod User & Password Finder 2014-04-05 21:11 - 2010-08-28 18:15 - 00000000 ____D () C:\Program Files (x86)\AIMP2 2014-04-05 20:59 - 2014-04-05 20:59 - 00000000 ____D () C:\Program Files (x86)\MCShield 2014-04-05 20:50 - 2009-07-14 07:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-05 20:09 - 2014-04-05 20:01 - 00000000 ____D () C:\ProgramData\RegRun 2014-04-05 20:08 - 2014-04-05 19:59 - 00000246 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT 2014-04-05 20:03 - 2014-04-05 19:13 - 00000000 ____D () C:\Users\Sale\Documents\RegRun2 2014-04-05 19:20 - 2014-04-05 19:20 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe 2014-04-05 19:13 - 2014-04-05 19:13 - 00000002 RSHOT () C:\Windows\winstart.bat 2014-04-05 19:13 - 2014-04-05 19:13 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT 2014-04-05 18:51 - 2014-04-05 18:51 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Zbshareware Lab 2014-04-05 18:19 - 2014-04-05 17:35 - 00000001 _____ () C:\Users\Sale\Documents\autorun.inf.txt 2014-04-05 16:40 - 2013-08-16 23:29 - 00000000 ____D () C:\Program Files (x86)\SimpleFiles 2014-04-05 16:40 - 2011-07-05 18:13 - 00000000 ____D () C:\ProgramData\YouTube Downloader 2014-04-05 13:56 - 2012-11-30 23:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-05 13:50 - 2014-04-05 13:50 - 00000000 ____D () C:\Program Files\ESET 2014-04-04 21:29 - 2014-04-04 21:29 - 00262144 ____N () C:\Windows\Minidump\040414-24741-01.dmp 2014-04-03 18:19 - 2014-04-03 18:19 - 00262144 ____N () C:\Windows\Minidump\040314-22932-01.dmp 2014-04-01 17:46 - 2010-07-14 18:32 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Skype 2014-03-31 17:03 - 2014-01-18 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 08:28 - 2014-03-29 08:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-27 07:24 - 2014-03-27 07:24 - 00262144 ____N () C:\Windows\Minidump\032714-21450-01.dmp 2014-03-26 16:51 - 2014-03-26 16:51 - 00262144 ____N () C:\Windows\Minidump\032614-22183-01.dmp 2014-03-25 07:37 - 2014-03-12 19:58 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\Real 2014-03-25 07:25 - 2014-03-25 07:25 - 00262144 ____N () C:\Windows\Minidump\032514-76892-01.dmp 2014-03-24 17:13 - 2014-03-24 17:13 - 00262144 ____N () C:\Windows\Minidump\032414-24601-01.dmp 2014-03-21 17:28 - 2014-03-21 17:28 - 00262144 ____N () C:\Windows\Minidump\032114-26442-01.dmp 2014-03-20 21:56 - 2013-12-25 00:15 - 00000000 ____D () C:\Program Files\Recuva 2014-03-20 16:46 - 2014-03-20 16:46 - 00262144 ____N () C:\Windows\Minidump\032014-30732-01.dmp 2014-03-20 03:43 - 2014-03-20 03:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf43ddd4f86620 2014-03-20 03:43 - 2010-09-06 10:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-16 14:30 - 2014-03-16 14:30 - 00262144 ____N () C:\Windows\Minidump\031614-27736-01.dmp 2014-03-13 19:59 - 2014-03-13 19:59 - 00000000 ____D () C:\ProgramData\Real 2014-03-13 19:57 - 2014-03-13 19:57 - 00262144 ____N () C:\Windows\Minidump\031314-39702-01.dmp 2014-03-13 19:57 - 2014-03-13 19:57 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-12 20:13 - 2012-04-02 22:00 - 00000000 ____D () C:\Users\Sale\AppData\Local\Samsung 2014-03-12 20:13 - 2012-04-02 21:44 - 00000000 ____D () C:\ProgramData\Samsung 2014-03-12 20:13 - 2010-07-14 17:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-12 19:58 - 2009-07-14 06:45 - 00418384 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 19:55 - 2012-05-18 11:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-12 19:55 - 2012-05-18 11:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-12 19:51 - 2010-07-14 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-12 19:44 - 2010-07-14 19:11 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-03-12 19:43 - 2010-07-14 14:56 - 00000000 ____D () C:\Users\Sale\AppData\Roaming\uTorrent 2014-03-12 18:08 - 2012-04-05 08:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 18:07 - 2012-04-05 08:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 18:07 - 2012-01-29 15:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 16:48 - 2014-02-13 18:42 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-31981920-1327261313-534511245-1000 2014-03-12 16:48 - 2014-01-24 16:46 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-31981920-1327261313-534511245-1000 2014-03-11 21:11 - 2013-03-17 17:44 - 00004990 _____ () C:\Users\Sale\Documents\TombRaider.log 2014-03-11 17:50 - 2014-03-05 16:58 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-31981920-1327261313-534511245-1000 2014-03-11 17:50 - 2014-02-24 16:57 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-31981920-1327261313-534511245-1000 Files to move or delete: ==================== C:\Users\Sale\jitsi.dll Some content of TEMP: ==================== C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe C:\Users\Sale\AppData\Local\Temp\Quarantine.exe C:\Users\Sale\AppData\Local\Temp\raptrpatch.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 01:41 ==================== End Of Log ============================ Dopuna: 06 Apr 2014 13:45 Pozdrav i veliko hvala na pomoci,cekam dalja uputstva!!!

Profil

argus Poslao: 06 Apr 2014 13:53 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dostavi mi Addition.txt log

Profil

gagis976 Poslao: 06 Apr 2014 14:05 Idi na vrh
offline gagis976 Novi MyCity građanin Pridružio: 06 Apr 2014 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici]

Profil

argus Poslao: 06 Apr 2014 14:14 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: Start HKLM-x32\...\Run: [] - [X] HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {0aedf61b-327b-11e3-9a66-001fc6c9bc70} - H:\Startme.exe HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {4ecee17d-a6d2-11df-b662-001fc6c9bc70} - H:\LaunchU3.exe -a AppInit_DLLs-x32: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll" File Not Found URLSearchHook: HKCU - (No Name) - {fae389d5-e97e-4abd-8242-d9080c709167} - No File URLSearchHook: HKCU - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File SearchScopes: HKLM - DefaultScope value is missing. Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {FAE389D5-E97E-4ABD-8242-D9080C709167} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File C:\Users\Sale\jitsi.dll C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe C:\Users\Sale\AppData\Local\Temp\Quarantine.exe C:\Users\Sale\AppData\Local\Temp\raptrpatch.exe Task: {2070D44D-001A-4AE6-B9F6-CE88FE970CC3} - System32\Tasks\RunAsStdUser Task => C:\Users\Sale\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe <==== ATTENTION Task: {6B86B16E-595D-4F5F-B8C9-E5A1FD828746} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Sale\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION CMD: DEL %TEMP%\. /F /S /Q End 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

gagis976 Poslao: 06 Apr 2014 14:32 Idi na vrh
offline gagis976 Novi MyCity građanin Pridružio: 06 Apr 2014 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Sale at 2014-04-06 14:27:49 Run:1 Running from C:\Users\Sale\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKLM-x32\...\Run: [] - [X] HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {0aedf61b-327b-11e3-9a66-001fc6c9bc70} - H:\Startme.exe HKU\S-1-5-21-31981920-1327261313-534511245-1000\...\MountPoints2: {4ecee17d-a6d2-11df-b662-001fc6c9bc70} - H:\LaunchU3.exe -a AppInit_DLLs-x32: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll" File Not Found URLSearchHook: HKCU - (No Name) - {fae389d5-e97e-4abd-8242-d9080c709167} - No File URLSearchHook: HKCU - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File SearchScopes: HKLM - DefaultScope value is missing. Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {FAE389D5-E97E-4ABD-8242-D9080C709167} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File C:\Users\Sale\jitsi.dll C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe C:\Users\Sale\AppData\Local\Temp\Quarantine.exe C:\Users\Sale\AppData\Local\Temp\raptrpatch.exe Task: {2070D44D-001A-4AE6-B9F6-CE88FE970CC3} - System32\Tasks\RunAsStdUser Task => C:\Users\Sale\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe <==== ATTENTION Task: {6B86B16E-595D-4F5F-B8C9-E5A1FD828746} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Sale\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION CMD: DEL %TEMP%\. /F /S /Q End ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKU\S-1-5-21-31981920-1327261313-534511245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aedf61b-327b-11e3-9a66-001fc6c9bc70} => Key deleted successfully. HKCR\CLSID\{0aedf61b-327b-11e3-9a66-001fc6c9bc70} => Key not found. HKU\S-1-5-21-31981920-1327261313-534511245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ecee17d-a6d2-11df-b662-001fc6c9bc70} => Key deleted successfully. HKCR\CLSID\{4ecee17d-a6d2-11df-b662-001fc6c9bc70} => Key not found. "c:\\progra~3\\browse~1\\22643~1.41\\{16cdf~1\\browse~1.dll" => Value Data removed successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fae389d5-e97e-4abd-8242-d9080c709167} => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{124d001a-bdcb-472f-aa59-bbe7e4bc3204} => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FAE389D5-E97E-4ABD-8242-D9080C709167} => Value deleted successfully. HKCR\CLSID\{FAE389D5-E97E-4ABD-8242-D9080C709167} => Key not found. HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully. HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found. C:\Users\Sale\jitsi.dll => Moved successfully. C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe => Moved successfully. C:\Users\Sale\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Sale\AppData\Local\Temp\raptrpatch.exe => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2070D44D-001A-4AE6-B9F6-CE88FE970CC3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2070D44D-001A-4AE6-B9F6-CE88FE970CC3} => Key deleted successfully. C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B86B16E-595D-4F5F-B8C9-E5A1FD828746} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B86B16E-595D-4F5F-B8C9-E5A1FD828746} => Key deleted successfully. C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully. ========= DEL %TEMP%\. /F /S /Q ========= Deleted file - C:\Users\Sale\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe.tmp Deleted file - C:\Users\Sale\AppData\Local\Temp\373689_235369401_Addition.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\904D57F61A9D7FE5185C01B47D54C2FB Deleted file - C:\Users\Sale\AppData\Local\Temp\AdobeARM.log Deleted file - C:\Users\Sale\AppData\Local\Temp\AdwCleaner.jpg Deleted file - C:\Users\Sale\AppData\Local\Temp\AMDCatalyst_EXE_Package_Banner_415x82_Oct_2010.bmp Deleted file - C:\Users\Sale\AppData\Local\Temp\Attach.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\CE4CF87733651BF1F44DD1E02FC1A8E8 Deleted file - C:\Users\Sale\AppData\Local\Temp\chart_data.dat Deleted file - C:\Users\Sale\AppData\Local\Temp\Cleaning.ico Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR10D1.tmp.cvr Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR1785.tmp.cvr Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR26E1.tmp.cvr Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR30C.tmp.cvr Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR3F22.tmp.cvr Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR4440.tmp.cvr Deleted file - C:\Users\Sale\AppData\Local\Temp\CVR83CF.tmp.cvr Deleted file - C:\Users\Sale\AppData\Local\Temp\CVRF23B.tmp.cvr Deleted file - C:\Users\Sale\AppData\Local\Temp\DDS.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\dd_NDP451-KB2858728-x86-x64-AllOS-ENU_decompression_log.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\Donate.ico Deleted file - C:\Users\Sale\AppData\Local\Temp\EULA.txt C:\Users\Sale\AppData\Local\Temp\FXSAPIDebugLogFile.txt Proces ne mo�e da pristupi datoteci jer je koristi drugi proces. Deleted file - C:\Users\Sale\AppData\Local\Temp\geColladaModelCacheLock Deleted file - C:\Users\Sale\AppData\Local\Temp\geIconCacheLock Deleted file - C:\Users\Sale\AppData\Local\Temp\JavaDeployReg.log Deleted file - C:\Users\Sale\AppData\Local\Temp\jusched.log Deleted file - C:\Users\Sale\AppData\Local\Temp\LastScan.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\Microsoft .NET Framework 4.5.1 Setup_20140406_124936259.html Deleted file - C:\Users\Sale\AppData\Local\Temp\MSI1fb4f.LOG Deleted file - C:\Users\Sale\AppData\Local\Temp\Report.ico Deleted file - C:\Users\Sale\AppData\Local\Temp\result.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\Scan.ico Deleted file - C:\Users\Sale\AppData\Local\Temp\Setup.log Deleted file - C:\Users\Sale\AppData\Local\Temp\streaming_updates.dat Deleted file - C:\Users\Sale\AppData\Local\Temp\Uninstall.ico Deleted file - C:\Users\Sale\AppData\Local\Temp\WER277C.tmp.WERInternalMetadata.xml Deleted file - C:\Users\Sale\AppData\Local\Temp\WER2CF9.tmp.WERInternalMetadata.xml Deleted file - C:\Users\Sale\AppData\Local\Temp\~DF161ABC39CBCB4C5A.TMP Deleted file - C:\Users\Sale\AppData\Local\Temp\~DFAB872CC9AF551411.TMP Deleted file - C:\Users\Sale\AppData\Local\Temp\~DFC3DC381873BF00F7.TMP Deleted file - C:\Users\Sale\AppData\Local\Temp\a2temp\update.ini Deleted file - C:\Users\Sale\AppData\Local\Temp\avastBCLTMP\firefox\webnavigation@linkzb.com\chrome\icon.png C:\Users\Sale\AppData\Local\Temp\hsperfdata_Sale\3472 Pristup nije dozvoljen. Deleted file - C:\Users\Sale\AppData\Local\Temp\Low\JavaDeployReg.log C:\Users\Sale\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-27551 Proces ne mo�e da pristupi datoteci jer je koristi drugi proces. Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\avz.exe Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\avz.url Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\avz_en.chm Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\avz_ru.chm Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\version.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\backup.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\bt.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\exc.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\extract.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\keylogger.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\krnldrv.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\lang_en.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\lang_ru.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main001.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main002.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main003.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main004.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main005.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main006.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main007.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main008.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main009.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main010.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main011.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main012.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main013.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main014.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main015.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main016.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main017.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main018.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main019.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main020.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main021.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main022.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main023.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main024.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main025.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main026.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main027.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main028.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\main029.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\neural.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\neurald.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\neurale.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\neuralm.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\ports.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\prt.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\repair.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\rootkit.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\scripts.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\scu.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf001.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf002.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf003.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf004.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signf005.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\signfusr.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\syscheck.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\sysipu.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\tsw-auto.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\Base\tsw.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\LOG\virusinfo_syscheck.htm Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\LOG\virusinfo_syscheck.xml Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX01.948\avz4\LOG\virusinfo_syscheck.zip Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\avz.exe Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\avz.url Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\avz_en.chm Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\avz_ru.chm Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\version.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\backup.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\bt.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\exc.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\extract.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\keylogger.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\krnldrv.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\lang_en.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\lang_ru.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main001.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main002.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main003.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main004.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main005.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main006.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main007.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main008.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main009.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main010.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main011.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main012.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main013.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main014.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main015.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main016.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main017.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main018.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main019.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main020.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main021.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main022.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main023.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main024.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main025.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main026.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main027.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main028.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\main029.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\neural.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\neurald.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\neurale.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\neuralm.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\ports.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\prt.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\repair.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\rootkit.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\scripts.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\scu.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf001.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf002.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf003.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf004.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signf005.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\signfusr.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\syscheck.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\sysipu.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\tsw-auto.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\Base\tsw.avz Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\LOG\virusinfo_syscheck.htm Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\LOG\virusinfo_syscheck.xml Deleted file - C:\Users\Sale\AppData\Local\Temp\Rar$EX32.495\avz4\LOG\virusinfo_syscheck.zip Deleted file - C:\Users\Sale\AppData\Local\Temp\tmp0000014a\tmp00000000 Deleted file - C:\Users\Sale\AppData\Local\Temp\tmp00000b2f\tmp00000000 Deleted file - C:\Users\Sale\AppData\Local\Temp\UpdateWizard_60163\TUProduct.db Deleted file - C:\Users\Sale\AppData\Local\Temp\{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}\Language.txt Deleted file - C:\Users\Sale\AppData\Local\Temp\{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}\local.txt ========= End of CMD: ========= ==== End of Fixlog ====

Profil

argus Poslao: 06 Apr 2014 14:45 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad prikljuci sve USB memorije koje imas i posle skeniranja dostavi izvestaj All Scans.txt (MCShield ce automatski da ih skenira). Zatim uradi sledece: Klikni na Start > search > Ukucaj %programdata%\mcshield > enter Zapakuj folder Quarantine u Rar i posalji ga preko ove adrese: [Link mogu videti samo ulogovani korisnici] Obavesti me kad ga uploadujes.

Profil

gagis976 Poslao: 06 Apr 2014 14:55 Idi na vrh
offline gagis976 Novi MyCity građanin Pridružio: 06 Apr 2014 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! MCShield ::Anti-Malware Tool:: [Link mogu videti samo ulogovani korisnici] >>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<< 6.4.2014 14:52:21 > Drive I: - scan started (GAGI ~14867 MB, FAT32 flash drive )... >>> I:\slmgr.vbs - Malware > Deleted. (14.04.06. 14.52 slmgr.vbs.234997; MD5: 85a704b219392855180fb880239ee2eb) => Malicious files : 1/1 deleted. ____________________________________________ ::::: Scan duration: 5sec :::::::::::::::::: ____________________________________________ MCShield ::Anti-Malware Tool:: [Link mogu videti samo ulogovani korisnici] >>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<< 6.4.2014 14:52:46 > Drive H: - scan started (no label ~3774 MB, FAT32 flash drive )... ---> Executing generic S&D routine... Searching for files hidden by malware... ---> Items to process: 2 ---> H:\Novi tekstualni dokument.txt > unhidden. ---> H:\Novi tekstualni dokument (2).txt > unhidden. >>> H:\Novi tekstualni dokument.lnk - Malware > Deleted. (14.04.06. 14.52 Novi tekstualni dokument.lnk.699169; MD5: 1be4405676399ec2afadcff91bb590d8) >>> H:\Novi tekstualni dokument (2).lnk - Malware > Deleted. (14.04.06. 14.52 Novi tekstualni dokument (2).lnk.570305; MD5: fce6257db14a5ceeb373697cb86bac60) >>> H:\AUTORUN.INF.lnk - Malware > Deleted. (14.04.06. 14.52 AUTORUN.INF.lnk.740255; MD5: d3b29923f93cdca2a428bd3045a6b849) > Resetting attributes: H:\AUTORUN.INF < Successful. => Malicious files : 3/3 deleted. => Hidden folders : 1/1 unhidden. => Hidden files : 2/2 unhidden. ____________________________________________ ::::: Scan duration: 1sec :::::::::::::::::: ____________________________________________

Profil

argus Poslao: 06 Apr 2014 14:59 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posalji Quarantine folder.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus na USB memoriji

Ko je trenutno na forumu

Ukupno su 1319 korisnika na forumu :: 61 registrovanih, 9 sakrivenih i 1249 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 8086 - dana 18 Jan 2026 07:11

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AMX72, Arsenije, Aska, Asteker, Bbbggg1979, Bo96, Bojan198527, bolimejoli, Cigi, cuvarkuca, darkojovxp, Djota1, Doc, Doca, Dorcolac, draganl, Drugsparrow, dusanobr, esx66, Feller, Hardenberg, In_hero, jalos, Jaxupa, Kajzer Soze, Lazarus, ludiagresivan, luka1978, luka35, mat, milbos, milutin134, Nikolajevic, nnovakis, operniki, ozzy, Pilence, Primus17, Radio operater, RajkoB, raketaš, Sarmat, Sava89, sickmouse, Sićko, Sky diver 29, Solunac na steroidima, Sone01, stegonosa, The Boss, tmanda323, Velibor Radoja, vidra boy, vlado_pg, voja64, vukovi, x011, Zimbabwe, zivojin32, Žoržo, šakalakazu

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by