Windows Shell Common Dll

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 09 Dec 2014 20:44

Zoek.exe v5.0.0.0 Updated 08-December-2014
Tool run by wolf on uto 09.12.2014 at 20:23:48,82.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wolf\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-09-190503.log 21604 bytes

==== Empty Folders Check ======================

C:\Program Files\Deep Silver deleted successfully
C:\Program Files\GSC World Publishing deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Nokia deleted successfully
C:\PROGRA~2\PicPick deleted successfully
C:\Users\wolf\AppData\Roaming\rmi deleted successfully
C:\Users\wolf\AppData\Roaming\TCB Networks deleted successfully
C:\Users\wolf\AppData\Roaming\Windows Live Writer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0D5F364D-D6A9-43C1-BF0C-99B378972C5B} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3eb64985-fac7-4fdd-bca8-23d0f5ad3d95} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43449E0D-4316-4EE7-9DF0-D73A4B3F215C} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5b3cd634-86e8-4c7d-9979-9881bc0ae2db} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65FE2D85-1A6B-4AF2-B1A6-E92BD4D1D9A} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4852AF5-4C32-4671-8DF7-21242F2B501} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A880C3B2-6CE0-4F82-9B7D-2EBF1166FC75} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC802B28-BC8-412F-891F-704A7D38C1A2} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b0850bfa-0072-4b71-90d3-2e4ac0ff0c25} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF7195EC-B392-4500-AF3D-2992F3D00F7} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C142872F-F9BE-447F-BC79-FB42EA4F716E} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3810580-3CCC-4BE8-B6FF-2371C74127D0} deleted successfully
HKEY_USERS\S-1-5-21-3498366340-2121199911-2437005032-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5bbf3ef-2e2b-4c90-802c-f916ea47ad49} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3eb64985-fac7-4fdd-bca8-23d0f5ad3d95} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5b3cd634-86e8-4c7d-9979-9881bc0ae2db} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b0850bfa-0072-4b71-90d3-2e4ac0ff0c25} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5bbf3ef-2e2b-4c90-802c-f916ea47ad49} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\wolf\AppData\Roaming\Mozilla\Firefox\Profiles\5vyqcvdx.default

user.js not found
---- Lines a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390 removed from prefs.js ----
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.InstallationThankYouPage", true);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.InstallationTime", 1393425133);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.active", true);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.addressbar", "NA");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.addressbarenhanced", "");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncdb.was_copied", "true");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncdb_dbWasSet", true);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncinternaldb.was_copied", "true");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.backgroundver", 4);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.certdomaininstaller", "");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.changeprevious", false);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.InstallationTime.value", "%221393425133%2
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.au.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.au.value", "%222014-2-27%22");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.cnt.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.cnt.value", "%22RS%22");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.first_run.expiration", "Fri Feb 01 2030 0
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.first_run.value", "%221%22");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.install.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.install.value", "%222014-2-26%22");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.expiration", "Fri Feb 01 2030
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.value", "%22https%3A//extclick
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.description", "The must-have App extensions for
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.domain", "");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.enablesearch", false);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.homepage", "");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.iframe", false);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_appVer.value", "8");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_nextCheck.expiration", "Thu
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.lastDailyReport", "1393512874268");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.lastUpdate", "1393512874267");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.manifesturl", "");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.name", "Torntv V9.0");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.newtab", "");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.opensearch", "");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.pluginsversion", 4);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.publisher", "installdaddy");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.searchstatus", 0);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.setnewtab", false);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.thankyou", "");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.updateinterval", 360);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.ver", 8);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.FilesValidatorDueTime", "1393512933332");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.apps", "51390");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.bic", "1446eacec4190546447c43c43a46589e");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.cid", 51390);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.firstrun", false);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.hadappinstalled", true);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.installationdate", 1393426230);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.modetype", "production");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.reportInstall", true);
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.statsDailyCounter", 3);
---- Lines extensions.7kSXOOo6PMRD removed from prefs.js ----
user_pref("extensions.7kSXOOo6PMRD.epoch", "1393604684");
user_pref("extensions.7kSXOOo6PMRD.url", "http://downloadusaweb.info/sync2/?q=hfZ9oe4VWdwMCyVUojwFrjwFtMqLDe49CNU0kVrMCMlNhd9FqdaGrTCFqTw8rTCMBzqUojw9
---- Lines extensions.YsN3oJRfSlS removed from prefs.js ----
user_pref("extensions.YsN3oJRfSlS.epoch", "1393529779");
user_pref("extensions.YsN3oJRfSlS.url", "http://getitjpi.info/sync2/?q=hfZ9ofV9CShEAen0qHs9tMqLDe49CNU0kVrMCMlNhd9FqdaGrTgFpjs7rHkMBzqUojw9rdsGqTw4rHk
---- Lines extensions.nq2 removed from prefs.js ----
user_pref("extensions.nq2.epoch", "1393529779");
user_pref("extensions.nq2.url", "http://transferbookmy.info/sync2/?q=hfZ9ofDSC6gMCyVUojCGqchTB6lKDzt4oltjtNtVh7n0rjnErTs7rjUGqjkEtMFHhd9FqdaGrTgFpjr8r
---- Lines extensions.xHTfl removed from prefs.js ----
user_pref("extensions.xHTfl.epoch", "1393529778");
user_pref("extensions.xHTfl.url", "http://jpiserver.info/sync2/?q=hfZ9ofDSBShEAen0qHs9tMqLDe49CNU0kVrMCMlNhd9FqdaGrTgFpjrErjCMBzqUojw9rdsGqTw4rHk9qih7
---- FireFox user.js and prefs.js backups ----

prefs_09.12.2014_2035_.backup

ProfilePath: C:\Users\wolf\AppData\Roaming\Mozilla\Firefox\Profiles\o8oe9mp8.default-1411374315458

user.js not found
---- Lines extensions.2C3dRX8K3DUQohm9 removed from prefs.js ----
user_pref("extensions.2C3dRX8K3DUQohm9.epoch", "1415548539");
user_pref("extensions.2C3dRX8K3DUQohm9.url", "http://veterants.net/sync2/?q=hfZ9ofV9CShEAen0rHk9rchTB6lKDzt4oltjtNtVh7n0rjnFrja5rjk8rHrFtMFHhd9FqdwFrd
---- Lines extensions.Sfd3p6oej0wWLsqK removed from prefs.js ----
user_pref("extensions.Sfd3p6oej0wWLsqK.epoch", "1415548539");
user_pref("extensions.Sfd3p6oej0wWLsqK.scode", "void(0);");
user_pref("extensions.Sfd3p6oej0wWLsqK.url", "http://gurudirsunnycoupon.in/sync2/?q=hfZ9ofbMDMnMCyVUojr8qdaMg708BNmGWj8ikGhGheDUojw9rjwEpdw8qjs8qchIC7
---- FireFox user.js and prefs.js backups ----

prefs_09.12.2014_2035_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\TotalPlusHD-3.1V01.12 not found
C:\Windows\system32\tasks\6e49a4c8-f29a-42c7-9e6a-125f205b6233-4 deleted
C:\Users\wolf\AppData\LocalLow\{0E78CBC0-B7CA-D399-6E9F-39F678EA98AD} deleted
C:\Users\wolf\AppData\LocalLow\{126B11E2-208B-D4CE-42AC-0A875D0F8E07} deleted
C:\Users\wolf\AppData\LocalLow\{73E4B769-3270-65C2-5471-5C0D1DF1968A} deleted
C:\Users\wolf\AppData\LocalLow\{A1B4A1F1-F86E-4C8C-F254-96DE97B6ED94} deleted
C:\PROGRA~2\23405448 deleted
C:\Users\wolf\.android deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\wolf\AppData\Local\Pokki deleted
C:\Users\wolf\AppData\Local\cache deleted
C:\Users\wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\wolf\AppData\LocalLow\{1CBA8588-026A-9F45-02FE-559639EDA827} deleted
C:\Users\wolf\AppData\LocalLow\{8778143F-8659-0A88-F304-F68BB7234F40} deleted
C:\Users\wolf\AppData\LocalLow\{D4D994A7-421D-60D6-609E-4F0C81E2334D} deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\System32\_r_a_p_.tmp deleted
"C:\Users\wolf\AppData\Roaming\AUIBYKQI" deleted
"C:\Users\wolf\AppData\Roaming\FAROUT" deleted
"C:\Users\wolf\AppData\Roaming\IKF" deleted
"C:\Users\wolf\AppData\Roaming\TTJON" deleted
"C:\Users\wolf\AppData\Roaming\VLIPLXPI" deleted
"C:\Users\wolf\AppData\Roaming\XBIBS" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{9D2AA73B-6049-4799-B8AC-925723370070}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [25.08.2014 18:18]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\wolf\AppData\Roaming\Mozilla\Firefox\Profiles\o8oe9mp8.default-1411374315458
8303B3CEC05500F763B4FA75210598BB - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash
559E8D42BE485208F1C4BB294D6840A4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6
559E8D42BE485208F1C4BB294D6840A4 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6
D937A4645EFF8CB4F123E3C899C052B2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6
D937A4645EFF8CB4F123E3C899C052B2 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6
64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
E261ADA8AC724CF5DE414E86A90FA3DC - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
E261ADA8AC724CF5DE414E86A90FA3DC - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
D24676AD13BF1DE2B4E9226A4EBE3256 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
D24676AD13BF1DE2B4E9226A4EBE3256 - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
20AF900395CA5AD66A9134CF032B0435 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
44CD19D98995CB3056F406113B175820 - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.230.5
EA8FCF30D2961369435C84CE3B3063F1 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U23
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
94A3088646C777CE99C3C1D7809C4BAC - C:\Program Files\Nitro\Pro 9\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
8B322B3C8B91BDDEC77C613A8CE22ADB - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
7B31592F0D472146865BF096CCD34798 - C:\Program Files\Nitro\Pro 9\npnitroie.dll - Nitro PDF plugin for Internet Explorer
6900B96FDD37E5C08FE0AEF0C542F103 - C:\Program Files\Nitro\Pro 9\npdf.dll - FileOpen WebPublisher3+ MSO Security exchange
0C21CB9426AD831DB02FB66232B3A42F - C:\Program Files\Nitro\Pro 9\NPShellExtension.dll - Nitro Pro ShellExtension
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\wolf\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\wolf\AppData\Local\Comodo\Dragon deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.rs/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.rs/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Users\wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\wolf\AppData\Local\Mozilla\Firefox\Profiles\o8oe9mp8.default-1411374315458\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=237 folders=81 104282471 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\wolf\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\wolf\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on uto 09.12.2014 at 20:39:53,85 ======================

Dopuna: 09 Dec 2014 20:54

ja sam našao na netu taj problem predlog rešenja ali ne razumem potpuno šta treba da se uradi, tj šta treba upisati nakon otvaranja Command prompt, (nije mi engleski jača strana mada u osnovi znam šta kaže)

Question
move, delete, or modify a file that has 0 bytes and is stuck on my desktop. Details say file type if File (.) and says file opens with Windows Shell Common Dll
I tried with CMD but i could not do it . Is it an easyer way to do this ?

Answer
When you tried the command prompt, did you ‘elevate’ it? If not try this:
1. Open an elevated Command Prompt by clicking the Windows Orb (Start) > All Programs > Accessories and right-click Command Prompt, then ‘Run as Administrator’. From the prompt type CD %userprofile%\Desktop and press Enter, now type del name (where name is the file to be removed, e.g. abc.def) and press Enter. This should remove the file. If it does not, then keep the Command Prompt open and
2. Hit Ctrl+Shift+Esc to open Task Manager. On the Processes Tab, select the explorer.exe process and end it to halt the desktop. Switch to the Command Prompt window and retry the del command.
3. Now restart explorer by going to the Application Tab of Task Manager > File > New Task. Enter explorer.exe and click OK to restart the desktop.
If you still haven’t deleted it, try deleting it in safe Mode (tap F8 when you switch on the computer).
http://answers.microsoft.com/en-us/windows/forum/w.....f7161e89c5

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obavićemo još i ARK provjeru.

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.






Što se problema sa ikonom na Desktopu tiče. Probaj da uradiš ovo:
Idi u Control Panel -> Folder Options i u kartici View uključi "Show hidden files and folders" i isključi "Hide protected operating system files". Klikni na OK i na Desktopu će ti se pojaviti dva fajla pod nazivom desktop.ini. Obriši ih i restartuj računar. Ona ikona bi trebal oda nestane, a ta dva desktop.ini fajla će se opet stvoriti (da se ne iznenadiš kada ti se esitem pokrene). Nakon toga, možeš vratiti promjenjena podešavanja na staro.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.11.18.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17420
wolf :: WERDE-KOM [administrator]

9.12.2014 21:23:28
mbar-log-2014-12-09 (21-23-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 358008
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

a ono u kontrol panelu mi već jeste tako podešeno i bilo do sad.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Meni ovo nije jasno šta treba upisati; From the prompt type CD %userprofile%\Desktop and press Enter,

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

dvojkan ::Meni ovo nije jasno šta treba upisati; From the prompt type CD %userprofile%\Desktop and press Enter,

Ja se ne sjećam da sam tako nešto napisao, mada mi nisi rekao da li je moj prijedlog uspio. U svakom slučaju, sistem ti je sada čist, a tebi još samo ostaje da uradiš sljedeće:


• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.





Otvori temu u Windows forumu i tamo iznesi problem koji imaš sa tom ikonom.
http://www.mycity.rs/Windows/

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa rekao sam da su moja podešavanja već bila kako si mi predložio tako da nema promena, nije uspelo. A ovo što sam napisao je iz onog teksta koji sam našao na internetu, uspeo sam da ukucam ono što treba ali izgleda da je problem što je naziv fajla koji mi smeta na ćirilici pa ga Windows ne prepoznaje i umesto slova ispisuje znakove ????. Ikona je i dalje tu !
Ovo drugo sam sve uradio i ovo poslednje.