system pun virusa

system pun virusa

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2629
  • Gde živiš: Milan, Italy

Pozdrav,

Na jedom laptopu imam XP jos odavno je taj system na njega. I sad je pun virusa i ko zna jos ceka unistalirao sam brdo nepotrebnih stvari i instalirao avast i mcshield. Hocu da se otarasim gamadi i da ga koliko toliko osposobim za normalan rad. Evo log...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Ivan (administrator) on IVAN-34C8DC74EF on 28-03-2015 14:18:03
Running from C:\Documents and Settings\Ivan\Desktop
Loaded Profiles: Ivan (Available profiles: Ivan)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Bandoo Media Inc.) C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files\Movies App\Datamngr\DatamngrUI.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
() C:\Documents and Settings\All Users\Application Data\Internet Manager\OnlineUpdate\ouc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe
(Graphisoft SE) C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerMonitorService.exe
() C:\Program Files\Telenor Internet\BackgroundService\ServiceManager.exe
() C:\Program Files\Join Air\AssistantServices.exe
(Creative Technology Ltd.) C:\WINDOWS\OEM02Mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OEM02Mon.exe] => C:\WINDOWS\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [Regedit32] => C:\WINDOWS\system32\regedit.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-28] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\Run: [sucgapsiwiba] => C:\Documents and Settings\Ivan\sucgapsiwiba.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb16-91e1-11e2-85f0-001644ea98f7} - G:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb19-91e1-11e2-85f0-001644ea98f7} - G:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb1c-91e1-11e2-85f0-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {21617ace-9664-11e2-85f4-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {21617ad1-9664-11e2-85f4-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {294e2c80-673a-11e3-873c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80cf-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80d3-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80d7-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {3bef09e2-0ac6-11e4-87df-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {3bef09e5-0ac6-11e4-87df-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {85ef0f9f-2e44-11e3-86fc-001644ea98f7} - F:\iLinker.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {8a08bd28-cc67-11e2-8660-001644ea98f7} - G:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {a9ce0896-59c3-11e3-872c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {a9ce089b-59c3-11e3-872c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {ba78af40-ceb2-11e3-87b2-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {ba78af43-ceb2-11e3-87b2-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {e977f8f8-c3d7-11e2-8650-001644ea98f7} - F:\autorun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {f3307811-cc0c-11e2-865e-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {f3307816-cc0c-11e2-865e-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Lsa: [Authentication Packages] msv1_0 nwprovau
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies app\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies App\Datamngr\apcrtldr.dll [488448 2014-08-06] () <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-583907252-1004336348-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&.....83&t=4
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-1004336348-1417001333-1003 -> DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
SearchScopes: HKU\S-1-5-21-583907252-1004336348-1417001333-1003 -> {6D64DA1C-F88B-4230-8713-6BCF209E2A22} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071813&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-583907252-1004336348-1417001333-1003 -> {93C7EBCC-70B4-41EA-878B-DBD7AD11BDCF} URL = http://search.yahoo.com/search?ei=utf-8&fr=chr.....=12&p={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-1004336348-1417001333-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG6&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-28] (Avast Software s.r.o.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Help the General-Search Project -> {CA4520F3-AE13-4FB1-A513-58E23991C86D} -> C:\Documents and Settings\Ivan\Application Data\Media Finder\Extensions\gencrawler_gc.dll [2012-08-25] ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1281&v=a13653-183&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1281&systemid=406&v=a13653-183&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3520120051914381&o=APN10645&q=
FF Plugin: @graphisoft.com/GDL Web Plug-in -> C:\Program Files\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-06-13] (Graphisoft SE)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-08-17] (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-08-17] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-08-17] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-08-17] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\user.js [2012-08-09]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\Ask.xml [2014-09-29]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\bingp.xml [2013-07-18]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\yahoo_ff.xml [2013-10-01]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2013-10-14]
FF Extension: General Crawler - C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2013-05-24]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\savingsslider@mybrowserbar.com [2014-11-29]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{229ae5b5-5528-4a17-bfb4-1f7b10d4d006} [2015-03-28]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} [2015-03-24]
FF Extension: New tab - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{3EFE9303-0141-5987-A155-001F9D9C9E98} [2013-10-08]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2015-03-24]
FF Extension: uTorrentControl_v6 - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-10-17]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{CE36D7E8-11CC-D9A8-3684-BE6E720D22A9} [2014-10-01]
FF Extension: GoPhotoIt - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\gophoto@gophoto.it.xpi [2013-08-08]
FF Extension: Torntv 3 - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-02]
FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files\BetterSurf\ff [2013-11-19]
FF HKLM\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files\Better-Surf\ff [2013-11-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-28]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ArchiCAD) - C:\Program Files\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Profile: C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-31]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-31]
CHR Extension: (Google Search) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-31]
CHR Extension: (BetterSurf) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-19]
CHR Extension: (General Crawler) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-05-28]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-28]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-10-01]
CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-10-01]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-19]
CHR Extension: (Slick Savings) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-10-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (No Name) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-10-15]
CHR Extension: (GoPhoto.it) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-10-17]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-10-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-31]
CHR Extension: (BetterSrf) - C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco [2013-11-26]
CHR HKLM\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files\TornTV.com\torntv10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Documents and Settings\Ivan\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2013-05-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-28]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\Ivan\Application Data\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Ivan\Local Settings\Application Data\Slick Savings\coupons.crx [2013-10-01]
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit16.crx [2013-08-08]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-23]
CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx [2013-11-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-28] (Avast Software s.r.o.)
R2 DatamngrCoordinator; C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe [3573248 2014-08-06] (Bandoo Media Inc.)
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [276048 2013-02-06] ()
S2 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-08-16] () [File not signed]
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STacSV; C:\WINDOWS\system32\STacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
S3 TeamworkMessagingServer-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkMessagingServer\bin\win32\wrapper.exe [204800 2012-06-13] () [File not signed]
S3 TeamworkServerManager-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerManager.exe [1102848 2012-06-13] (Graphisoft SE) [File not signed]
R2 TeamworkServerMonitor-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerMonitorService.exe [177152 2012-06-13] (Graphisoft SE) [File not signed]
R2 Telenor_Montenegro Sepang Modem Device Helper; C:\Program Files\Telenor Internet\BackgroundService\ServiceManager.exe [49752 2011-06-20] () [File not signed]
R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [253264 2011-01-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-03-28] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-03-28] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-03-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-03-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-03-28] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427736 2015-03-28] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-03-28] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208024 2015-03-28] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [3360768 2011-02-15] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Movies App\Datamngr\setmgrc2.cfg [34168 2014-08-06] (Bandoo Media Inc.)
S3 filtertdidriver; C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys [7552 2013-08-16] (Huawei Technologies Co., Ltd.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2006-11-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2006-11-02] (Conexant Systems, Inc.)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-08-16] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [70528 2013-08-16] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27776 2013-08-16] (Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\System32\DRIVERS\ZDDriver.sys [106496 2010-01-14] (ZD Secret Incorporated)
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
S3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-06-07] (Creative Technology Ltd.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298016 2011-05-26] (Marvell)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249600 2013-08-16] (Huawei Technologies Co., Ltd.)
S3 ialm; system32\DRIVERS\igxpmp32.sys [X]
S4 IntelIde; No ImagePath
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
U1 WS2IFSL; No ImagePath
S0 WudfPf; C:\WINDOWS\system32\WudfPf.sys [X]
S3 WudfRd; C:\WINDOWS\system32\wudfrd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 14:18 - 2015-03-28 14:18 - 00031017 _____ () C:\Documents and Settings\Ivan\Desktop\FRST.txt
2015-03-28 14:17 - 2015-03-28 14:18 - 00000000 ____D () C:\FRST
2015-03-28 14:17 - 2015-03-28 14:17 - 01135104 _____ (Farbar) C:\Documents and Settings\Ivan\Desktop\FRST.exe
2015-03-28 14:06 - 2015-03-28 14:06 - 00001689 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-03-28 14:06 - 2015-03-28 14:06 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-03-28 14:06 - 2015-03-28 14:06 - 00000000 ____D () C:\Documents and Settings\Ivan\Application Data\AVAST Software
2015-03-28 14:06 - 2015-03-28 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-03-28 14:05 - 2015-03-28 14:11 - 00000360 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-03-28 14:05 - 2015-03-28 14:05 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-03-28 14:05 - 2015-03-28 14:05 - 00427736 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-03-28 14:05 - 2015-03-28 14:05 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-03-28 14:05 - 2015-03-28 14:05 - 00208024 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-03-28 14:05 - 2015-03-28 14:05 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-03-28 14:05 - 2015-03-28 14:05 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-03-28 14:05 - 2015-03-28 14:05 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-03-28 14:05 - 2015-03-28 14:05 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-03-28 14:05 - 2015-03-28 14:05 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-03-28 14:05 - 2015-03-28 14:05 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-03-28 14:05 - 2015-03-28 14:05 - 00000687 _____ () C:\awh2B8.tmp
2015-03-28 14:02 - 2015-03-28 14:02 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-28 14:01 - 2015-03-28 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2015-03-28 14:01 - 2015-03-28 14:01 - 00000000 ____D () C:\Program Files\MCShield
2015-03-28 14:01 - 2015-03-28 14:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2015-03-28 13:59 - 2015-03-28 13:59 - 02856736 _____ (MyCity) C:\Documents and Settings\Ivan\Desktop\MCShield-Setup.exe
2015-03-28 13:59 - 2015-03-28 13:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-03-28 13:58 - 2015-03-28 13:58 - 05475064 _____ (Avast Software s.r.o.) C:\Documents and Settings\Ivan\Desktop\avast_free_antivirus_setup_online.exe
2015-03-28 13:09 - 2015-03-28 13:10 - 00000000 ____D () C:\WINDOWS\pss
2015-03-27 10:15 - 2015-03-27 10:32 - 00000000 ____D () C:\Documents and Settings\Ivan\Desktop\budo
2015-03-24 10:17 - 2015-03-27 12:58 - 00000000 ____D () C:\Documents and Settings\Ivan\Desktop\HFME
2015-03-22 15:46 - 2015-03-22 15:54 - 00000000 ____D () C:\Documents and Settings\Ivan\Desktop\fleska

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 14:18 - 2013-03-20 08:53 - 00000000 ____D () C:\Documents and Settings\Ivan\Local Settings\Temp
2015-03-28 14:15 - 2013-03-20 00:31 - 00563558 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-28 14:13 - 2014-09-29 12:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Datamngr
2015-03-28 14:11 - 2013-04-12 17:41 - 00000290 _____ () C:\WINDOWS\Tasks\Express FilesUpdate.job
2015-03-28 14:11 - 2013-03-31 21:50 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 14:11 - 2013-03-20 08:52 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-28 14:11 - 2013-03-20 08:42 - 02063052 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-28 14:11 - 2013-03-20 00:34 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-28 14:11 - 2013-03-20 00:34 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-28 14:09 - 2013-03-20 08:53 - 00000178 ___SH () C:\Documents and Settings\Ivan\ntuser.ini
2015-03-28 14:09 - 2013-03-20 08:52 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-28 14:08 - 2013-03-20 08:53 - 00000000 ____D () C:\Documents and Settings\Ivan
2015-03-28 13:53 - 2013-06-11 06:14 - 01104871 _____ () C:\WINDOWS\setupapi.log
2015-03-28 13:50 - 2014-10-15 10:53 - 00000000 ____D () C:\Documents and Settings\Ivan\Application Data\23067
2015-03-28 13:50 - 2013-03-26 04:46 - 00000000 ____D () C:\Program Files\wxRecnik
2015-03-28 13:50 - 2013-03-20 08:38 - 00000000 ____D () C:\Program Files\NeoSmart Technologies
2015-03-28 13:32 - 2013-03-21 05:30 - 00000000 ____D () C:\Program Files\Common Files\Nero
2015-03-28 13:28 - 2013-03-21 05:30 - 00000000 ____D () C:\Program Files\Nero
2015-03-28 13:22 - 2013-03-31 21:50 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 13:15 - 2014-10-15 10:55 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-03-28 13:15 - 2014-03-24 16:01 - 00000000 ____D () C:\Program Files\MediaWatchV1
2015-03-28 13:13 - 2013-06-22 11:23 - 00000000 ____D () C:\Documents and Settings\Ivan\Application Data\Skype
2015-03-28 13:10 - 2013-03-20 00:28 - 00000211 ___SH () C:\boot.ini
2015-03-28 13:10 - 2008-04-14 13:00 - 00000633 _____ () C:\WINDOWS\win.ini
2015-03-28 13:10 - 2008-04-14 13:00 - 00000246 _____ () C:\WINDOWS\system.ini
2015-03-28 13:08 - 2013-03-21 06:57 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-03-28 13:08 - 2013-03-21 04:57 - 00000000 ____D () C:\Documents and Settings\Ivan\Application Data\uTorrent
2015-03-28 13:06 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-27 12:07 - 2013-03-26 04:43 - 00000000 ____D () C:\Program Files\The KMPlayer
2015-03-27 12:04 - 2013-03-26 04:36 - 00000000 ____D () C:\Documents and Settings\Ivan\Application Data\vlc
2015-03-27 12:02 - 2013-05-13 17:39 - 00000000 ____D () C:\Documents and Settings\Ivan\Application Data\dvdcss
2015-03-24 15:56 - 2013-03-21 05:01 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-03-24 11:56 - 2014-07-23 22:39 - 00000000 ____D () C:\Documents and Settings\Ivan\Desktop\ivovi radovi
2015-03-24 10:26 - 2013-10-15 21:08 - 00000000 ____D () C:\Documents and Settings\Ivan\My Documents\Mobogenie
2015-03-24 10:25 - 2013-10-15 21:08 - 00000000 ____D () C:\Documents and Settings\Ivan\Start Menu\Programs\Mobogenie
2015-03-24 10:25 - 2013-10-15 21:08 - 00000000 ____D () C:\Documents and Settings\Ivan\Local Settings\Application Data\Mobogenie
2015-03-24 10:23 - 2013-06-22 01:15 - 00000000 ____D () C:\Documents and Settings\Ivan\Local Settings\Application Data\Facebook
2015-03-24 10:21 - 2013-03-20 08:44 - 00000000 ____D () C:\WINDOWS\system32\Adobe
2015-03-24 10:19 - 2013-03-20 00:31 - 00935773 _____ () C:\WINDOWS\iis6.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00848093 _____ () C:\WINDOWS\FaxSetup.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00549285 _____ () C:\WINDOWS\ocgen.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00397012 _____ () C:\WINDOWS\tsoc.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00292069 _____ () C:\WINDOWS\comsetup.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00261008 _____ () C:\WINDOWS\msmqinst.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00176056 _____ () C:\WINDOWS\ntdtcsetup.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00150522 _____ () C:\WINDOWS\netfxocm.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00059744 _____ () C:\WINDOWS\MedCtrOC.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00043237 _____ () C:\WINDOWS\tabletoc.log
2015-03-24 10:19 - 2013-03-20 00:31 - 00001917 _____ () C:\WINDOWS\imsins.log

==================== Files in the root of some directories =======

2013-05-17 19:28 - 2009-02-03 01:31 - 78437735 _____ (Igor Pavlov) C:\Program Files\Photoshop_11.exe
2013-04-09 16:20 - 2014-12-04 14:36 - 0025088 _____ () C:\Documents and Settings\Ivan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Program Files\Movies App\Datamngr\apcrtldr.dll
C:\Documents and Settings\Default User\DelB44.bat
C:\Documents and Settings\Ivan\DelB44.bat


Some content of TEMP:
====================
C:\Documents and Settings\Ivan\Local Settings\Temp\1347123126.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1349379132.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1350994680.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1351029495.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1351680821.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1352041890.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1353005512.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1353049436.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1355300352.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1355314554.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1356295944.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1356386823.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1357018526.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1357318100.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1357781908.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1359640567.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1359680962.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1364070607.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1365157657.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1366541603.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1372551929.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1374304349.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1374343256.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1462635949.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\1462641313.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\appinstall.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\Better-Surf.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\BetterSurf.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\BingBarSetup-Partner.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\BundleSweetIMSetup.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\Delta.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\DeltaTB.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\DeviceSetup.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\DriverIdentifier.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\drv44341.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\ExPromo.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\Ivan\Local Settings\Temp\install_helper.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\MybabylonTB.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\propsys.dll
C:\Documents and Settings\Ivan\Local Settings\Temp\SimilarBundleGenericDl.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\SpeedTestSetup.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\srv22467.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\toolbar98102718.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\toolbar98103250.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\uninstall501906.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\uninstall509671.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\uninstall509875.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\Upd2A9.tmp.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\upd5051.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\upd90603.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\Updater.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\utt2B2.tmp.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\vlc-1.0.2-win32.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\WSSetup.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\xmlUpdater.exe
C:\Documents and Settings\Ivan\Local Settings\Temp\{D9CCA0E2-18DB-4D76-86E0-A757C5D728EB}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Ovo je neka modifikovana verzija Windowsa. Ocisticemo sad racunar, ali ti je moja preporuka da instaliras cist Windows XP bez ikakvih izmena, no to je na tebi.

Deinstaliraj OffersWizard Network System Driver


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

closeprocesses:
emptytemp:
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\Run: [sucgapsiwiba] => C:\Documents and Settings\Ivan\sucgapsiwiba.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb16-91e1-11e2-85f0-001644ea98f7} - G:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb19-91e1-11e2-85f0-001644ea98f7} - G:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb1c-91e1-11e2-85f0-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {21617ace-9664-11e2-85f4-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {21617ad1-9664-11e2-85f4-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {294e2c80-673a-11e3-873c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80cf-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80d3-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80d7-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {3bef09e2-0ac6-11e4-87df-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {3bef09e5-0ac6-11e4-87df-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {85ef0f9f-2e44-11e3-86fc-001644ea98f7} - F:\iLinker.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {8a08bd28-cc67-11e2-8660-001644ea98f7} - G:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {a9ce0896-59c3-11e3-872c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {a9ce089b-59c3-11e3-872c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {ba78af40-ceb2-11e3-87b2-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {ba78af43-ceb2-11e3-87b2-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {e977f8f8-c3d7-11e2-8650-001644ea98f7} - F:\autorun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {f3307811-cc0c-11e2-865e-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {f3307816-cc0c-11e2-865e-001644ea98f7} - F:\Windows\Install.exe
C:\Documents and Settings\Ivan\sucgapsiwiba.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies app\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies App\Datamngr\apcrtldr.dll [488448 2014-08-06] () <===== ATTENTION
c:\program files\movies app
C:\Program Files\Movies App
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1281&v=a13653-183&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1281&systemid=406&v=a13653-183&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3520120051914381&o=APN10645&q=
FF user.js: detected! => C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\user.js [2012-08-09]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\Ask.xml [2014-09-29]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\bingp.xml [2013-07-18]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\yahoo_ff.xml [2013-10-01]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2013-10-14]
FF Extension: General Crawler - C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2013-05-24]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\savingsslider@mybrowserbar.com [2014-11-29]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{229ae5b5-5528-4a17-bfb4-1f7b10d4d006} [2015-03-28]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} [2015-03-24]
FF Extension: New tab - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{3EFE9303-0141-5987-A155-001F9D9C9E98} [2013-10-08]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2015-03-24]
FF Extension: uTorrentControl_v6 - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-10-17]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{CE36D7E8-11CC-D9A8-3684-BE6E720D22A9} [2014-10-01]
FF Extension: GoPhotoIt - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\gophoto@gophoto.it.xpi [2013-08-08]
FF Extension: Torntv 3 - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\trtv3@trtv.com.xpi [2013-06-30]
FF Extension: BetterSurf - C:\Program Files\BetterSurf\ff [2013-11-19]
FF HKLM\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files\Better-Surf\ff [2013-11-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
CHR HKLM\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files\TornTV.com\torntv10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Documents and Settings\Ivan\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2013-05-24]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\Ivan\Application Data\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Ivan\Local Settings\Application Data\Slick Savings\coupons.crx [2013-10-01]
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit16.crx [2013-08-08]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-23]
CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx [2013-11-25]
R2 DatamngrCoordinator; C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe [3573248 2014-08-06] (Bandoo Media Inc.)
Task: C:\WINDOWS\Tasks\Express FilesUpdate.job => C:\Program Files\ExpressFiles\EFUpdater.exehttp:/www.express-files.com <==== ATTENTION
C:\Program Files\ExpressFiles


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Skeniranje sa AdwCleaner

Preuzmi AdwCleaner i sacuvaj ga na Desktop.

Pokreni alat i sacekaj da se izvrši ažuriranje.
Prihvati Terms of use tako što ceš kliknuti na I Agree.
Klikni Scan i sacekaj da se skeniranje završi.
Kada je gotovo, klikni Clean.
Pojavice se poruka da ce svi programi biti zaustavljeni nakon što klikneš OK, tako da ako imaš nešto da sacuvaš, sada je vreme da to uradiš.
Pojaviše se još dve poruke gde je potrebno kliknuti OK. Racunar ce se restartovati.
Nakon restarta, otvorice se izveštaj, ciji sadržaj možeš kopirati u sledecu poruku.

Napomena: Izveštaji ce biti sacuvani na tvoju sistemsku particiju, obicno je to folder C:\AdwCleaner

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2629
  • Gde živiš: Milan, Italy

Napisano: 29 Mar 2015 12:56

OffersWizard Network System Driver nijesam mogao naci.

Evo logova:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Ivan at 2015-03-29 12:29:26 Run:1
Running from C:\Documents and Settings\Ivan\Desktop
Loaded Profiles: Ivan (Available profiles: Ivan)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\Run: [sucgapsiwiba] => C:\Documents and Settings\Ivan\sucgapsiwiba.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb16-91e1-11e2-85f0-001644ea98f7} - G:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb19-91e1-11e2-85f0-001644ea98f7} - G:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {1bb3bb1c-91e1-11e2-85f0-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {21617ace-9664-11e2-85f4-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {21617ad1-9664-11e2-85f4-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {294e2c80-673a-11e3-873c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80cf-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80d3-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {2c8c80d7-cc1b-11e2-865f-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {3bef09e2-0ac6-11e4-87df-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {3bef09e5-0ac6-11e4-87df-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {85ef0f9f-2e44-11e3-86fc-001644ea98f7} - F:\iLinker.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {8a08bd28-cc67-11e2-8660-001644ea98f7} - G:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {a9ce0896-59c3-11e3-872c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {a9ce089b-59c3-11e3-872c-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {ba78af40-ceb2-11e3-87b2-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {ba78af43-ceb2-11e3-87b2-001644ea98f7} - F:\AutoRun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {e977f8f8-c3d7-11e2-8650-001644ea98f7} - F:\autorun.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {f3307811-cc0c-11e2-865e-001644ea98f7} - F:\Windows\Install.exe
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\...\MountPoints2: {f3307816-cc0c-11e2-865e-001644ea98f7} - F:\Windows\Install.exe
C:\Documents and Settings\Ivan\sucgapsiwiba.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies app\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies App\Datamngr\apcrtldr.dll [488448 2014-08-06] () <===== ATTENTION
c:\program files\movies app
C:\Program Files\Movies App
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1281&v=a13653-183&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1281&systemid=406&v=a13653-183&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3520120051914381&o=APN10645&q=
FF user.js: detected! => C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\user.js [2012-08-09]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\Ask.xml [2014-09-29]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\bingp.xml [2013-07-18]
FF SearchPlugin: C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\yahoo_ff.xml [2013-10-01]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2013-10-14]
FF Extension: General Crawler - C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2013-05-24]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\savingsslider@mybrowserbar.com [2014-11-29]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{229ae5b5-5528-4a17-bfb4-1f7b10d4d006} [2015-03-28]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} [2015-03-24]
FF Extension: New tab - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{3EFE9303-0141-5987-A155-001F9D9C9E98} [2013-10-08]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2015-03-24]
FF Extension: uTorrentControl_v6 - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-10-17]
FF Extension: No Name - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{CE36D7E8-11CC-D9A8-3684-BE6E720D22A9} [2014-10-01]
FF Extension: GoPhotoIt - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\gophoto@gophoto.it.xpi [2013-08-08]
FF Extension: Torntv 3 - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\trtv3@trtv.com.xpi [2013-06-30]
FF Extension: BetterSurf - C:\Program Files\BetterSurf\ff [2013-11-19]
FF HKLM\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files\Better-Surf\ff [2013-11-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
CHR HKLM\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files\TornTV.com\torntv10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Documents and Settings\Ivan\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2013-05-24]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\Ivan\Application Data\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Ivan\Local Settings\Application Data\Slick Savings\coupons.crx [2013-10-01]
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit16.crx [2013-08-08]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-23]
CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx [2013-11-25]
R2 DatamngrCoordinator; C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe [3573248 2014-08-06] (Bandoo Media Inc.)
Task: C:\WINDOWS\Tasks\Express FilesUpdate.job => C:\Program Files\ExpressFiles\EFUpdater.exehttp:/www.express-files.com <==== ATTENTION
C:\Program Files\ExpressFiles
*****************

Processes closed successfully.
HKU\S-1-5-21-583907252-1004336348-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\sucgapsiwiba => Value not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb3bb16-91e1-11e2-85f0-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{1bb3bb16-91e1-11e2-85f0-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb3bb19-91e1-11e2-85f0-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{1bb3bb19-91e1-11e2-85f0-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb3bb1c-91e1-11e2-85f0-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{1bb3bb1c-91e1-11e2-85f0-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21617ace-9664-11e2-85f4-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{21617ace-9664-11e2-85f4-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21617ad1-9664-11e2-85f4-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{21617ad1-9664-11e2-85f4-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294e2c80-673a-11e3-873c-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{294e2c80-673a-11e3-873c-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c8c80cf-cc1b-11e2-865f-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{2c8c80cf-cc1b-11e2-865f-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c8c80d3-cc1b-11e2-865f-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{2c8c80d3-cc1b-11e2-865f-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c8c80d7-cc1b-11e2-865f-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{2c8c80d7-cc1b-11e2-865f-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bef09e2-0ac6-11e4-87df-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{3bef09e2-0ac6-11e4-87df-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bef09e5-0ac6-11e4-87df-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{3bef09e5-0ac6-11e4-87df-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85ef0f9f-2e44-11e3-86fc-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{85ef0f9f-2e44-11e3-86fc-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a08bd28-cc67-11e2-8660-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{8a08bd28-cc67-11e2-8660-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9ce0896-59c3-11e3-872c-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{a9ce0896-59c3-11e3-872c-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9ce089b-59c3-11e3-872c-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{a9ce089b-59c3-11e3-872c-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba78af40-ceb2-11e3-87b2-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{ba78af40-ceb2-11e3-87b2-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba78af43-ceb2-11e3-87b2-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{ba78af43-ceb2-11e3-87b2-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e977f8f8-c3d7-11e2-8650-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{e977f8f8-c3d7-11e2-8650-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3307811-cc0c-11e2-865e-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{f3307811-cc0c-11e2-865e-001644ea98f7} => Key not found.
"HKU\S-1-5-21-583907252-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3307816-cc0c-11e2-865e-001644ea98f7}" => Key deleted successfully.
HKCR\CLSID\{f3307816-cc0c-11e2-865e-001644ea98f7} => Key not found.
"C:\Documents and Settings\Ivan\sucgapsiwiba.exe" => File/Directory not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value not found.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value not found.
c:\program files\movies app => Moved successfully.
"C:\Program Files\Movies App" => File/Directory not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.3 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\user.js => not found.
"C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\Ask.xml" => not found.
"C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\bingp.xml" => not found.
"C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\searchplugins\yahoo_ff.xml" => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\savingsslider@mybrowserbar.com => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{229ae5b5-5528-4a17-bfb4-1f7b10d4d006} => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{3EFE9303-0141-5987-A155-001F9D9C9E98} => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\{CE36D7E8-11CC-D9A8-3684-BE6E720D22A9} => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\gophoto@gophoto.it.xpi => not found.
C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\uw3xkohd.default\Extensions\trtv3@trtv.com.xpi => not found.
C:\Program Files\BetterSurf\ff => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\12x3q@3244516.com => Value not found.
C:\Program Files\Better-Surf\ff => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\wrc@avast.com => value deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap => Key not found.
"C:\Program Files\BetterSurf\ch\Chrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel => Key not found.
"C:\Documents and Settings\Ivan\Application Data\Media Finder\Extensions\gencrawler_gc.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key not found.
"C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key not found.
"C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key not found.
C:\Documents and Settings\Ivan\Local Settings\Application Data\Slick Savings\coupons.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk => Key not found.
"C:\Program Files\Gophoto.it\gophotoit16.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key not found.
"C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco => Key not found.
"C:\Program Files\Better-Surf\ch\Chrome.crx" => File/Directory not found.
DatamngrCoordinator => Service not found.
C:\WINDOWS\Tasks\Express FilesUpdate.job => Moved successfully.
"C:\Program Files\ExpressFiles" => File/Directory not found.
EmptyTemp: => Removed 4.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:32:00 ====


# AdwCleaner v4.113 - Logfile created 29/03/2015 at 12:52:23
# Updated 22/03/2015 by Xplode
# Database : 2015-03-28.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Ivan - IVAN-34C8DC74EF
# Running from : C:\Documents and Settings\Ivan\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\Music Toolbar
Folder Deleted : C:\Program Files\SimilarSites
Folder Deleted : C:\Documents and Settings\Ivan\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Ivan\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Ivan\Local Settings\Application Data\Slick Savings
Folder Deleted : C:\Documents and Settings\Ivan\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\Ivan\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Ivan\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\Ivan\Application Data\FirefoxToolbar
Folder Deleted : C:\Documents and Settings\Ivan\Application Data\Media Finder
Folder Deleted : C:\Documents and Settings\Ivan\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Ivan\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Documents and Settings\Ivan\My Documents\Mobogenie
File Deleted : C:\Documents and Settings\Ivan\daemonprocess.txt
File Deleted : C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\ckh9zye1.default-1427569979468\invalidprefs.js

***** [ Scheduled tasks ] *****

Task Deleted : DriverEasy Scheduled Scan

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon
Key Deleted : HKCU\Software\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{310D38FE-EB4C-467C-8781-B7C2AEB7847D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ExpressFiles
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Better-Surf
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6DA399FC-350F-41AC-8CA6-B9F8496753BE}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inethnfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[ckh9zye1.default-1427569979468\prefs.js] - Line Deleted : user_pref("extensions.gencrawler@some.com.install-event-fired", true);

-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [5718 bytes] - [29/03/2015 12:47:01]
AdwCleaner[S0].txt - [5705 bytes] - [29/03/2015 12:52:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5764 bytes] ##########

Dopuna: 29 Mar 2015 13:08

LOCK

Moram da ubacim windows 7 posto ova verzija xp nesto definitivno nije u redu.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Dabome da nije Mr. Green

Ko je trenutno na forumu
 

Ukupno su 740 korisnika na forumu :: 25 registrovanih, 4 sakrivenih i 711 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., amonsrb, bojank, Chainsaw, cole77, djboj, goxin, ikan, Lieutenant, MB120mm, mercedesamg, Milan A. Nikolic, Mlav, MrNo, nemkea71, repac, ruseskij, SlaKoj, Tas011, Toni, Van, vasa.93, vlahale, yufighter