provjera sistema

1

provjera sistema

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2634
  • Gde živiš: Milan, Italy

Provjera sistema od malware posle diskusije u ovoj temi: http://www.mycity.rs/Web-browseri/Pojavljuje-se-po.....f-Pet.html



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Springfieldz0r (administrator) on SPRINGFIELD on 21-07-2014 14:51:24
Running from C:\Users\Springfieldz0r\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Flux Software LLC) C:\Users\Springfieldz0r\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Vimicro) C:\Windows\VM305_STI.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [BigDog305] => C:\Windows\VM305_STI.EXE [61440 2007-01-05] (Vimicro)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-10] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2145776392-1472050533-324974990-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2145776392-1472050533-324974990-1000\...\Run: [F.lux] => C:\Users\Springfieldz0r\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-2145776392-1472050533-324974990-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2145776392-1472050533-324974990-1000\...\Run: [ONAIR] => [X]
HKU\S-1-5-21-2145776392-1472050533-324974990-1000\...\RunOnce: [Uninstall C:\Users\Springfieldz0r\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Springfieldz0r\AppData\Local\Microsoft\SkyDr (the data entry has 20 more characters).
HKU\S-1-5-21-2145776392-1472050533-324974990-1000\...\MountPoints2: {57ccab62-873a-11e2-94f3-6c626d84b408} - I:\autorun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x402CDD2C8AA9CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-Latn-ME
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&i=48&did=11034&ppd=1434,122991,20uQ2j14gyscubZ.2.LTeR1wFcSZ000.,,,,sweet-player,,,www.sweetplayer.com&barid=105772715916699738521808106521299825672
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=4312_5&babsrc=SP_ss&mntrId=d2805edd000000000000000000000000
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=105772715916699738521808106521299825672&crg=&ppd=1434,122991,20uQ2j14gyscubZ.2.LTeR1wFcSZ000.,,,,sweet-player,,,www.sweetplayer.com&st=23&i=48&did=11034
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1FE3E268-E08B-4063-A981-45DB8B06AF0C}: [NameServer]213.133.3.5 10.11.12.14

FireFox:
========
FF ProfilePath: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default
FF DefaultSearchEngine: Wikipedia (en)
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Wikipedia (en)
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Springfieldz0r\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\browsemngr.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\onlytoolbar.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\yahoo-zugo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: Qualys BrowserCheck - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2013-12-27]
FF Extension: anonymoX - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\client@anonymox.net.xpi [2013-03-05]
FF Extension: SocialReviver - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\fbsidebardisabler@vittgam.net.xpi [2012-10-11]
FF Extension: Firebug - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\firebug@software.joehewitt.com.xpi [2012-10-11]
FF Extension: Gmail Manager NG - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\gmail-manager-ng@nedwidek.github.com.xpi [2012-10-11]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-01-30]
FF Extension: Thumbnail Zoom Plus - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2012-12-02]
FF Extension: Web Developer - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-10-11]
FF Extension: Adblock Edge - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-14]

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSearchKeyword: mysearch.sweetpacks.com
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Google Drive) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (YouTube) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (Google Search) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2014-02-09]
CHR Extension: (avast! Online Security) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-30]
CHR Extension: (Google Wallet) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
CHR Extension: (RSS Feed Reader) - C:\Users\Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Springfieldz0r\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S4 MTel_ontenegro Imola Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-02] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-02] (SaveSense)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-10] ()
R2 BT848; C:\Windows\System32\drivers\BT848.sys [421248 2009-12-27] (Illusion & Hope. Porting to AMD64 by Sergey Sakharov.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-11] (DT Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [30112 2013-03-08] (REALiX(tm))
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2013-02-17] (Padus, Inc.) [File not signed]
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [108296 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [126216 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [31496 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [130824 2007-04-03] (MCCI Corporation)
S3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-07-17] () [File not signed]
S3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [2157672 2013-07-23] (TamoSoft)
S3 TS_ARN5416; C:\Windows\System32\DRIVERS\ts_athrx.sys [3543752 2013-08-16] (TamoSoft)
S3 ULCDRHlp; C:\Windows\SysWOW64\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) [File not signed]
R3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2007-02-02] (Vimicro Corporation)
R3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2007-03-08] (Vimicro Corporation)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 14:51 - 2014-07-21 14:51 - 00025006 _____ () C:\Users\Springfieldz0r\Desktop\FRST.txt
2014-07-21 14:51 - 2014-07-21 14:51 - 00000000 ____D () C:\FRST
2014-07-21 14:50 - 2014-07-21 14:50 - 02089984 _____ (Farbar) C:\Users\Springfieldz0r\Desktop\FRST64.exe
2014-07-21 14:34 - 2014-07-21 14:34 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Springfieldz0r
2014-07-18 20:24 - 2014-07-18 20:30 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\John Legend - Love in the Future (Deluxe Edition) 2013 RnB 320kbps CBR MP3 [VX] [P2PDL]
2014-07-16 20:58 - 2014-07-16 20:58 - 05999877 _____ () C:\Users\Springfieldz0r\Desktop\Windows 7 Activator.rar
2014-07-13 18:47 - 2014-07-13 18:47 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\Ivan
2014-07-10 19:04 - 2014-07-11 15:08 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\Muzika
2014-07-10 16:25 - 2014-07-10 16:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-09 12:56 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 12:56 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 12:56 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 12:56 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 12:56 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 12:56 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 12:56 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:56 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 12:53 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 12:53 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:53 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 12:53 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 12:53 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 12:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 12:53 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 12:53 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 12:53 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 12:53 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 12:53 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 12:53 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 12:53 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 12:53 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 12:53 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 12:53 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 12:53 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 12:53 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 12:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 12:53 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 12:53 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 12:53 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 12:53 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 12:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 12:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 12:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 12:53 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 12:53 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 12:53 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 12:53 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 12:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 12:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:53 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 12:53 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 12:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 12:53 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 12:53 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 12:53 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 12:53 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 12:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:53 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 12:53 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 12:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 12:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:53 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 12:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:53 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 12:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 12:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 12:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 12:53 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 12:53 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 12:53 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 12:53 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 12:53 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 12:53 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 12:53 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 12:53 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 12:53 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 12:53 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 12:53 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 12:53 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 12:53 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 12:53 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 12:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 12:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 12:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 02:33 - 2014-07-06 02:32 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-06 02:33 - 2014-07-06 02:32 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-06 02:33 - 2014-07-06 02:32 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-06 02:33 - 2014-07-06 02:32 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-06 02:10 - 2014-07-06 02:10 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\Fifa
2014-06-28 17:17 - 2014-06-28 17:31 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\goku
2014-06-25 01:06 - 2014-06-25 01:06 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\PCSX2_Bios_Memcards
2014-06-25 01:05 - 2014-06-25 01:05 - 00000000 ____D () C:\Users\Springfieldz0r\Documents\PCSX2
2014-06-25 01:03 - 2014-06-26 11:30 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-06-25 01:03 - 2014-06-25 01:03 - 00001985 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2014-06-25 01:03 - 2014-06-25 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-06-25 01:00 - 2014-06-25 03:40 - 02209092 _____ () C:\Users\Springfieldz0r\Desktop\PCSX2_Bios_Memcards.7z
2014-06-25 00:57 - 2014-06-25 00:58 - 15127264 _____ () C:\Users\Springfieldz0r\Desktop\pcsx2-1.2.1-r5875-setup.exe

==================== One Month Modified Files and Folders =======

2014-07-21 14:51 - 2014-07-21 14:51 - 00025006 _____ () C:\Users\Springfieldz0r\Desktop\FRST.txt
2014-07-21 14:51 - 2014-07-21 14:51 - 00000000 ____D () C:\FRST
2014-07-21 14:50 - 2014-07-21 14:50 - 02089984 _____ (Farbar) C:\Users\Springfieldz0r\Desktop\FRST64.exe
2014-07-21 14:50 - 2013-06-23 14:45 - 00000964 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2145776392-1472050533-324974990-1000UA.job
2014-07-21 14:50 - 2013-06-23 14:45 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2145776392-1472050533-324974990-1000Core.job
2014-07-21 14:48 - 2014-01-11 18:19 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 14:38 - 2014-05-16 22:07 - 00719506 _____ () C:\Windows\system32\perfh019.dat
2014-07-21 14:38 - 2014-05-16 22:07 - 00151752 _____ () C:\Windows\system32\perfc019.dat
2014-07-21 14:38 - 2009-07-14 07:13 - 01657982 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 14:37 - 2012-10-10 05:17 - 01109466 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 14:37 - 2012-10-09 21:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 14:34 - 2014-07-21 14:34 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Springfieldz0r
2014-07-21 14:34 - 2014-06-01 17:31 - 00000000 ____D () C:\Users\Springfieldz0r\AppData\Local\HTC MediaHub
2014-07-21 14:34 - 2013-03-14 02:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-21 14:34 - 2012-10-09 20:36 - 00000000 ____D () C:\ProgramData\MCShield
2014-07-21 14:33 - 2014-02-02 05:22 - 00000944 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-07-21 14:33 - 2014-01-11 18:19 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 14:33 - 2013-12-21 04:49 - 00042912 _____ () C:\Windows\setupact.log
2014-07-21 14:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 14:11 - 2012-12-27 22:16 - 00000000 ____D () C:\PScript5
2014-07-21 14:01 - 2014-02-02 05:22 - 00000000 ____D () C:\Users\Springfieldz0r\AppData\Local\SaveSense
2014-07-21 13:27 - 2014-02-02 05:22 - 00000948 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-07-21 13:23 - 2013-03-04 14:05 - 00000000 ____D () C:\Users\Springfieldz0r\AppData\Local\CrashDumps
2014-07-21 13:22 - 2012-10-11 17:08 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-21 02:43 - 2012-10-14 07:47 - 00000000 ____D () C:\Users\Springfieldz0r\AppData\Roaming\Skype
2014-07-21 00:34 - 2013-10-21 02:14 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6943A896-A0B1-4206-BFB9-B56AADDE7210}
2014-07-20 20:56 - 2012-10-11 20:14 - 00000002 _____ () C:\Windows\SysWOW64\Dvbpws.dll
2014-07-20 20:33 - 2014-05-22 18:59 - 00000000 ____D () C:\Users\Springfieldz0r\AppData\Roaming\ViberPC
2014-07-20 20:33 - 2014-05-22 18:58 - 00000000 ____D () C:\Users\Springfieldz0r\AppData\Local\Viber
2014-07-20 03:33 - 2012-10-25 15:52 - 00000000 ____D () C:\Program Files (x86)\Medjed-Skript v1.5 Black
2014-07-20 02:32 - 2012-12-03 08:04 - 00000000 ____D () C:\Users\Springfieldz0r\AppData\Local\Eclipse
2014-07-18 20:30 - 2014-07-18 20:24 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\John Legend - Love in the Future (Deluxe Edition) 2013 RnB 320kbps CBR MP3 [VX] [P2PDL]
2014-07-18 20:30 - 2012-10-10 07:54 - 00000000 ____D () C:\Users\Springfieldz0r\AppData\Roaming\uTorrent
2014-07-18 02:36 - 2009-07-14 06:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 02:36 - 2009-07-14 06:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 20:58 - 2014-07-16 20:58 - 05999877 _____ () C:\Users\Springfieldz0r\Desktop\Windows 7 Activator.rar
2014-07-14 12:55 - 2012-10-09 21:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-14 12:55 - 2012-10-09 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 12:55 - 2012-10-09 21:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-14 12:19 - 2009-07-14 07:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-13 18:47 - 2014-07-13 18:47 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\Ivan
2014-07-12 15:23 - 2014-05-17 01:33 - 00000000 ____D () C:\Program Files (x86)\WarCraft III
2014-07-11 21:59 - 2013-01-15 15:47 - 00000132 _____ () C:\Users\Springfieldz0r\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-07-11 16:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 15:08 - 2014-07-10 19:04 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\Muzika
2014-07-10 23:33 - 2012-10-10 19:33 - 00000600 _____ () C:\Users\Springfieldz0r\AppData\Roaming\winscp.rnd
2014-07-10 18:10 - 2014-01-03 16:22 - 00253260 _____ () C:\Windows\PFRO.log
2014-07-10 16:25 - 2014-07-10 16:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-10 16:25 - 2014-04-30 02:23 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-10 16:25 - 2014-01-03 16:19 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-10 16:25 - 2013-03-14 02:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-10 16:25 - 2013-03-14 02:26 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-10 16:25 - 2013-03-14 02:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-10 16:25 - 2013-03-14 02:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-10 16:25 - 2013-03-14 02:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-10 16:25 - 2013-03-14 02:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-10 16:25 - 2012-10-09 20:53 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-10 00:26 - 2009-07-14 06:45 - 05077072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 00:24 - 2014-05-06 00:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 00:24 - 2010-11-21 09:16 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 00:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 00:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 00:09 - 2012-12-22 20:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-10 00:08 - 2012-11-15 20:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 00:07 - 2013-10-18 00:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 00:05 - 2012-10-11 07:34 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-06 02:32 - 2014-07-06 02:33 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-06 02:32 - 2014-07-06 02:33 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-06 02:32 - 2014-07-06 02:33 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-06 02:32 - 2014-07-06 02:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-06 02:32 - 2013-10-18 17:22 - 00000000 ____D () C:\Program Files\Java
2014-07-06 02:10 - 2014-07-06 02:10 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\Fifa
2014-06-30 04:09 - 2014-07-09 12:56 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 12:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 17:31 - 2014-06-28 17:17 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\goku
2014-06-26 11:30 - 2014-06-25 01:03 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-06-25 03:40 - 2014-06-25 01:00 - 02209092 _____ () C:\Users\Springfieldz0r\Desktop\PCSX2_Bios_Memcards.7z
2014-06-25 01:06 - 2014-06-25 01:06 - 00000000 ____D () C:\Users\Springfieldz0r\Desktop\PCSX2_Bios_Memcards
2014-06-25 01:05 - 2014-06-25 01:05 - 00000000 ____D () C:\Users\Springfieldz0r\Documents\PCSX2
2014-06-25 01:04 - 2013-10-20 10:29 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-25 01:03 - 2014-06-25 01:03 - 00001985 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2014-06-25 01:03 - 2014-06-25 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-06-25 01:03 - 2014-03-19 12:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-25 00:58 - 2014-06-25 00:57 - 15127264 _____ () C:\Users\Springfieldz0r\Desktop\pcsx2-1.2.1-r5875-setup.exe
2014-06-23 21:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 03:00 - 2012-10-21 16:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-21 17:03 - 2013-12-14 02:02 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-21 13:46 - 2009-07-14 04:34 - 00000833 _____ () C:\Windows\win.ini
2014-06-21 02:43 - 2014-01-11 18:19 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 02:43 - 2014-01-11 18:19 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\Springfieldz0r\fbchathistory.dat


Some content of TEMP:
====================
C:\Users\Springfieldz0r\AppData\Local\Temp\11152311.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\15585852.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\1_Offer_3.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\7za.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\core.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\DownloadManager.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\DSSExp.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\it.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Springfieldz0r\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\raptrpatch.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\sqlite3.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\topazfusion2_setup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\WSSetup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\_is9DE4.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 10:41

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
Task: {375DA28C-AFEC-44B7-896F-28762E55140E} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {45964C48-5DBD-4692-AA29-0AAE39CC1CF3} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-02] (SaveSense) <==== ATTENTION
Task: {6D52BD62-C61C-4D8D-A6A3-ADDC0BAE6499} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-02] (SaveSense) <==== ATTENTION
Task: {E62EE110-EA0B-4191-BBF7-B668EBA395A2} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Springfieldz0r\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
HKU\S-1-5-21-2145776392-1472050533-324974990-1000\...\MountPoints2: {57ccab62-873a-11e2-94f3-6c626d84b408} - I:\autorun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&i=48&did=11034&ppd=1434,122991,20uQ2j14gyscubZ.2.LTeR1wFcSZ000.,,,,sweet-player,,,www.sweetplayer.com&barid=105772715916699738521808106521299825672
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=4312_5&babsrc=SP_ss&mntrId=d2805edd000000000000000000000000
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=105772715916699738521808106521299825672&crg=&ppd=1434,122991,20uQ2j14gyscubZ.2.LTeR1wFcSZ000.,,,,sweet-player,,,www.sweetplayer.com&st=23&i=48&did=11034
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\browsemngr.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\onlytoolbar.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\yahoo-zugo.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\Ask.xml
CHR DefaultSearchKeyword: mysearch.sweetpacks.com
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Springfieldz0r\fbchathistory.dat
C:\Users\Springfieldz0r\AppData\Local\Temp\11152311.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\15585852.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\1_Offer_3.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\7za.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\core.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\DownloadManager.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\DSSExp.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\it.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Springfieldz0r\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\raptrpatch.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\sqlite3.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\topazfusion2_setup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\WSSetup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\_is9DE4.exe
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.






******************************







Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2634
  • Gde živiš: Milan, Italy

Tako ti je to kad imas mladjeg brata. To je jos davno instalirao neki program i uz njega milion toolbara. Nego ja sam sve to unistal preko control panela i mislio sam da sam time sve uklonio ali eto...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014
Ran by Springfieldz0r at 2014-07-21 15:35:51 Run:1
Running from C:\Users\Springfieldz0r\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Task: {375DA28C-AFEC-44B7-896F-28762E55140E} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {45964C48-5DBD-4692-AA29-0AAE39CC1CF3} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-02] (SaveSense) <==== ATTENTION
Task: {6D52BD62-C61C-4D8D-A6A3-ADDC0BAE6499} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-02] (SaveSense) <==== ATTENTION
Task: {E62EE110-EA0B-4191-BBF7-B668EBA395A2} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Springfieldz0r\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
HKU\S-1-5-21-2145776392-1472050533-324974990-1000\...\MountPoints2: {57ccab62-873a-11e2-94f3-6c626d84b408} - I:\autorun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&i=48&did=11034&ppd=1434,122991,20uQ2j14gyscubZ.2.LTeR1wFcSZ000.,,,,sweet-player,,,www.sweetplayer.com&barid=105772715916699738521808106521299825672
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=4312_5&babsrc=SP_ss&mntrId=d2805edd000000000000000000000000
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=105772715916699738521808106521299825672&crg=&ppd=1434,122991,20uQ2j14gyscubZ.2.LTeR1wFcSZ000.,,,,sweet-player,,,www.sweetplayer.com&st=23&i=48&did=11034
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\browsemngr.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\onlytoolbar.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\yahoo-zugo.xml
FF SearchPlugin: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\Ask.xml
CHR DefaultSearchKeyword: mysearch.sweetpacks.com
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Springfieldz0r\fbchathistory.dat
C:\Users\Springfieldz0r\AppData\Local\Temp\11152311.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\15585852.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\1_Offer_3.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\7za.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\core.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\DownloadManager.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\DSSExp.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\it.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Springfieldz0r\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\raptrpatch.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\sqlite3.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\topazfusion2_setup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\WSSetup.exe
C:\Users\Springfieldz0r\AppData\Local\Temp\_is9DE4.exe
End
*****************

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{375DA28C-AFEC-44B7-896F-28762E55140E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{375DA28C-AFEC-44B7-896F-28762E55140E}' => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile DownloaderUpdate => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45964C48-5DBD-4692-AA29-0AAE39CC1CF3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45964C48-5DBD-4692-AA29-0AAE39CC1CF3}' => Key deleted successfully.
C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D52BD62-C61C-4D8D-A6A3-ADDC0BAE6499}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D52BD62-C61C-4D8D-A6A3-ADDC0BAE6499}' => Key deleted successfully.
C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineUA' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E62EE110-EA0B-4191-BBF7-B668EBA395A2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E62EE110-EA0B-4191-BBF7-B668EBA395A2}' => Key deleted successfully.
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart' => Key deleted successfully.
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => Moved successfully.
'HKU\S-1-5-21-2145776392-1472050533-324974990-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ccab62-873a-11e2-94f3-6c626d84b408}' => Key deleted successfully.
'HKCR\CLSID\{57ccab62-873a-11e2-94f3-6c626d84b408}'=> Key not found.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}' => Key deleted successfully.
'HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
'HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\bing-zugo.xml => Moved successfully.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\browsemngr.xml => Moved successfully.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\my-web-search.xml => Moved successfully.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\onlytoolbar.xml => Moved successfully.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\SearchResults.xml => Moved successfully.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\startsear.xml => Moved successfully.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\web-search.xml => Moved successfully.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\yahoo-zugo.xml => Moved successfully.
C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\searchplugins\Ask.xml => Moved successfully.
CHR DefaultSearchKeyword: mysearch.sweetpacks.com ==> The Chrome "Settings" can be used to fix the entry.
'HKCU\SOFTWARE\Policies\Google' => Key deleted successfully.
C:\Users\Springfieldz0r\fbchathistory.dat => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\11152311.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\15585852.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\1_Offer_3.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\7za.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\core.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\DownloadManager.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\DSSExp.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\it.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\mgsqlite3.dll => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\nitro_reader3_x64.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\PrefJsonCpp.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\raptrpatch.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\topazfusion2_setup.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\WSSetup.exe => Moved successfully.
C:\Users\Springfieldz0r\AppData\Local\Temp\_is9DE4.exe => Moved successfully.

==== End of Fixlog ====


https://www.mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pojavljuje li se poruka sada?

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2634
  • Gde živiš: Milan, Italy

argus ::Pojavljuje li se poruka sada?

Da, i dalje je tu.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


quickscan;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2634
  • Gde živiš: Milan, Italy

Zoek.exe v5.0.0.0 Updated 19-07-2014
Tool run by Springfieldz0r on pon 21.07.2014 at 15:54:40,17.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Springfieldz0r\Desktop\zoek\zoek.com [Scan all users] [Script inserted]

==== System Restore Info ======================

21.7.2014 15:56:23 Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-07-10 14:25:46 357CEBBCD99C8928A2D1A61A6CACC168 43152 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\SPRING~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-21 13:37:54 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-07-09 10:56:24 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-09 10:56:21 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2014-07-09 10:53:47 F95E1E9D97D25C11F29CA34C843A6F4D 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2014-07-09 10:53:47 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-07-09 10:53:47 C71CC796F0E2E9BD542C87532706FCFE 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2014-07-09 10:53:47 C61DDFE40204F3BE3DF111981D91560E 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 10:53:47 8BA721F76C97A219599E88722AA48875 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 10:53:47 6CB2616152ADCDF39F05B08E4858F476 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 10:53:47 1A0BE0092646F564FAF204E678AF8E03 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-07-09 10:53:41 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 10:53:41 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 10:53:41 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-07-09 10:53:41 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:53:41 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:53:41 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 10:53:40 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:53:40 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:53:40 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:53:39 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-07-09 10:53:39 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:53:39 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 10:53:39 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:53:38 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:53:38 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-07-09 10:53:38 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 10:53:38 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 10:53:38 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:53:36 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 10:53:36 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:53:36 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 10:53:35 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:53:35 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-07-09 10:53:35 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 10:53:35 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 10:53:35 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-07-09 10:50:44 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-07-09 10:50:44 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-09 10:56:41 03282D1ADC4F64D27D697CBB63F972C2 519168 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-07-09 10:56:40 980394E1FF94E460C4D71C1B098A0B4F 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-07-09 10:56:24 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-07-09 10:56:24 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe
2014-07-09 10:56:21 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-07-09 10:53:47 E8E98B3B7A6E1250F4AA7AF8FA17D5BB 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2014-07-09 10:53:47 E23BA7A7BD97FC6B8AB5EA32A46D05CD 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2014-07-09 10:53:47 C9DD5C0D5AF2D7A54BA32E8FBD3B67F1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-07-09 10:53:47 BFC98590EAB40C785D6134B1FA818A62 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2014-07-09 10:53:47 A805B5E68262302D1A60BE3DED5846C9 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-07-09 10:53:47 7D1017ED11B7C3B162628069742B5E58 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2014-07-09 10:53:47 79EE13A5A406E4603874686B8005DA72 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-07-09 10:53:41 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-07-09 10:53:41 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-07-09 10:53:41 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-07-09 10:53:40 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-07-09 10:53:40 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-07-09 10:53:39 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-07-09 10:53:38 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-07-09 10:53:38 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-07-09 10:53:38 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-07-09 10:53:38 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-07-09 10:53:37 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-07-09 10:53:37 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-07-09 10:53:36 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-07-09 10:53:36 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-07-09 10:53:35 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-07-09 10:53:34 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-07-09 10:53:34 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-07-09 10:53:34 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-07-09 10:53:34 366FA6D38406DC8BED62825C196144D1 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-07-09 10:53:34 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-07-09 10:53:33 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-07-09 10:53:33 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-07-09 10:53:33 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-07-09 10:53:33 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-07-09 10:53:33 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-07-09 10:53:33 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-07-09 10:53:32 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-07-09 10:53:32 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-07-09 10:53:32 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-07-09 10:53:31 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-07-09 10:50:44 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-09 10:56:18 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
====== C:\Windows\Tasks ======
2014-07-21 12:34:14 BD1E3C7B5A86F3005A794C34A138568F 3496 ----a-w- C:\Windows\Sysnative\Tasks\gg_uac_daemon_Springfieldz0r
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-07-06 00:33:23 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-06-24 23:03:10 -------- d-----w- C:\PROGRA~2\PCSX2 1.2.1
======= C: =====
====== C:\Users\Springfieldz0r\AppData\Roaming ======
2014-07-06 00:33:13 -------- d-----w- C:\Users\Springfieldz0r\AppData\Locallow\Oracle
====== C:\Users\Springfieldz0r ======
2014-07-21 13:36:20 B653DD91D5D6E519D3357A80A15A5DFB 1354223 ----a-w- C:\Users\Springfieldz0r\Desktop\AdwCleaner.exe
2014-07-21 12:50:50 4AE0B41D3A1D0B2663400AC79488B057 2089984 ----a-w- C:\Users\Springfieldz0r\Desktop\FRST64.exe
2014-06-24 23:03:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2

====== C: exe-files ==
2014-07-17 12:52:08 C5D237A3DA4A914D19D825C73FDE4487 8848464 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.125\36.0.1985.125_35.0.1916.153_chrome_updater.exe
=== C: other files ==
2014-07-21 12:37:51 5E2EEB6C591FCF8EEF2EC882D3E5A923 553273 ----a-w- C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2145776392-1472050533-324974990-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
"F.lux"="C:\Users\Springfieldz0r\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2145776392-1472050533-324974990-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Springfieldz0r\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Springfieldz0r\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog305"="C:\Windows\VM305_STI.EXE USB PC Camera VC305"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Registering MS MPEG4 ActiveX filter..."="C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\mpg4ds32.ax"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
"F.lux"="C:\Users\Springfieldz0r\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Springfieldz0r\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Springfieldz0r\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcSoft Connection Service"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avichannel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avichannel"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Evaer\\videochannel.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Springfieldz0r\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Messenger (Yahoo!)"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~2\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MTel_ontenegro Imola ModemListener]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MTel_ontenegro Imola ModemListener"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HSPA USB MODEM\\BackgroundService\\ModemListener.exe start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Raptr"
"hkey"="HKCU"
"command"="C:\\PROGRA~2\\Raptr\\raptrstub.exe --startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSERIAL"
"hkey"="HKLM"
"command"="C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\amd64\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Springfieldz0r\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinampAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinFast Schedule]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinFast Schedule"
"hkey"="HKCU"
"command"="C:\\Program Files\\WinFast\\WFDTV\\WFWIZ.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinFastDTV]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinFastDTV"
"hkey"="HKLM"
"command"="C:\\Program Files\\WinFast\\WFDTV\\DTVSchdl.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Springfieldz0r^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk]
"path"="C:\\Users\\Springfieldz0r\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Send to OneNote.lnk"
"backup"="C:\\Windows\\pss\\Send to OneNote.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office15\\ONENOTEM.EXE /tsr"
"item"="Send to OneNote"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ACDaemon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD FUEL Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MTel_ontenegro Imola Modem Device Helper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NitroReaderDriverReadSpool3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PcaSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UleadBurningHelper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkSvc]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14.07.2014 12:55]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2145776392-1472050533-324974990-1000Core.job --a------ C:\Users\Springfieldz0r\AppData\Local\Facebook\Update\FacebookUpdate.exe [23.06.2013 14:45]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2145776392-1472050533-324974990-1000UA.job --a------ C:\Users\Springfieldz0r\AppData\Local\Facebook\Update\FacebookUpdate.exe [23.06.2013 14:45]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11.01.2014 18:19]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11.01.2014 18:19]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2145776392-1472050533-324974990-1000Core" [C:\Users\Springfieldz0r\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2145776392-1472050533-324974990-1000UA" [C:\Users\Springfieldz0r\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\gg_uac_daemon_Springfieldz0r" [C:\Program Files (x86)\Garena Plus\ggdllhost.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{6943A896-A0B1-4206-BFB9-B56AADDE7210}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10.07.2014 16:25]

==== Firefox Extensions ======================

ProfilePath: C:\Users\SPRING~1\AppData\Roaming\KompoZer\Profiles\1o1xsch7.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

ProfilePath: C:\Users\SPRING~1\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Qualys BrowserCheck - C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
- Qualys BrowserCheck - %ProfilePath%\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
- anonymoX - %ProfilePath%\extensions\client@anonymox.net.xpi
- SocialReviver - %ProfilePath%\extensions\fbsidebardisabler@vittgam.net.xpi
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- Gmail Manager NG - %ProfilePath%\extensions\gmail-manager-ng@nedwidek.github.com.xpi
- Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
- Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi
- Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Springfieldz0r\AppData\Roaming\Mozilla\Firefox\Profiles\8klys14k.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Springfieldz0r\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[10.07.2014 16:25]

Google Docs - Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
RSS Feed Reader - Springfieldz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp
DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on pon 21.07.2014 at 16:02:44,61 ======================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pokusaj da resetujes Firefox na default, evo kako:

https://support.mozilla.org/en-US/kb/reset-firefox.....gle.com%2F


Ajde pa javi rezultat.

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2634
  • Gde živiš: Milan, Italy

Sad je u redu, hvala.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Cekaj jos nesto da odradimo.



Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:


kdidombaedgpfiiedeimiebkmbilgmlc;chr
emptyalltemp;
autoclean;
emptyclsid;




Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

Ko je trenutno na forumu
 

Ukupno su 1308 korisnika na forumu :: 30 registrovanih, 5 sakrivenih i 1273 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, babaroga, Brana01, ccoogg123, Dimitrise93, DonRumataEstorski, dozorni, Fabius, Goran 0000, hyla, ikan, jackreacher011011, Kubovac, kybonacci, ljuba, marsovac 2, Mcdado, minmatar34957, mnn2, nemkea71, NoOneEver Dreams, oldtimer, raptorsi, robertino, Srle993, vlad the impaler, Vlad000, voja64, zdrebac, zzapNDjuric99