usporeno radi, blokira itd...

usporeno radi, blokira itd...

offline
  • Pridružio: 08 Maj 2014
  • Poruke: 95

Smatram da je doslo do nagomilavanja virusa, jer u zadnje vreme koci, usporeno radi, npr mozila stalno izbacuje onaj prozorcic gde pise stop script itd...


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014
Ran by PC (administrator) on PC-PC on 24-08-2014 04:20:59
Running from C:\Users\PC\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: engleski (SAD)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skillbrains) C:\Users\PC\AppData\Local\Skillbrains\lightshot\5.1.2.5\Lightshot.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Users\PC\AppData\Local\Installer\Installsense_31623\delay.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\BitTorrent\BitTorrent.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FontExpertType1Loader] => D:\Program Files (x86)\FontExpert\Type1Loader.exe [295800 2012-10-16] (Proxima Software)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [3211776 2014-08-07] ()
HKLM-x32\...\RunOnce: [network_adscendmedia_1] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\PC\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e85ae97085d447d2a8fa759276564f55-2cf349c5e6e81fde74a7ac794b1e60cb6b9f4876 /CMPID=0214c
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [LightShot] => C:\Users\PC\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [BitTorrent] => C:\Users\PC\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [SearchProtection] => C:\Users\PC\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [3211776 2014-08-07] ()
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\MountPoints2: {473807e0-a6c1-11e3-ba2d-201a067497bd} - F:\autorun.exe
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = myhoome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myhoome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x345D7ED90B6FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {720D312E-B02D-4558-9B9F-C6002FABAEA4} URL = search.yahoo.com/search?fr=chr-greentree_i.....549&p={searchTerms}
SearchScopes: HKCU - {720D312E-B02D-4558-9B9F-C6002FABAEA4} URL = search.yahoo.com/search?fr=chr-greentree_i.....549&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PodoWeb -> {980b8a8f-ea0b-4c24-a2e9-70635e2502e9} -> C:\Program Files (x86)\PodoWeb\PodoWebbho.dll ()
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 178.79.20.6 178.79.0.3

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default
FF Keyword.URL: search.yahoo.com/search?fr=greentree_ff1&a.....549&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\PC\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\user.js
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pik.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tajpi.xml
FF Extension: Shopper-Pro - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-08-23]
FF Extension: Firebug - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-12]
FF Extension: PodoWeb - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{00c97d86-accb-4288-9972-6d929c1fe93a}.xpi [2014-08-23]
FF Extension: Adblock Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-19]

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: search.yahoo.com/search?fr=chr-greentree_g.....549&p={searchTerms}
CHR DefaultSuggestURL: ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Extension: (Google документи) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-20]
CHR Extension: (Google диск) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-20]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-20]
CHR Extension: (Google претрага) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-20]
CHR Extension: (Google новчаник) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-20]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-23] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-23] (globalUpdate) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-08-07] (ShopperPro)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-09] (Disc Soft Ltd)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-08-07] ()
R2 SPDRIVER_1.37.0.486; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.sys [52584 2014-08-07] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 04:20 - 2014-08-24 04:22 - 00018619 _____ () C:\Users\PC\Desktop\FRST.txt
2014-08-24 04:20 - 2014-08-24 04:21 - 00000000 ____D () C:\FRST
2014-08-24 04:19 - 2014-08-24 04:19 - 02103296 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-08-23 20:44 - 2014-08-23 20:44 - 00000000 ____D () C:\Users\PC\AppData\Roaming\raidcall
2014-08-23 20:43 - 2014-08-23 20:46 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-08-23 20:43 - 2014-08-23 20:43 - 00001031 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-08-23 20:43 - 2014-08-23 20:43 - 00001007 _____ () C:\Users\PC\Desktop\RaidCall.lnk
2014-08-23 20:43 - 2014-08-23 20:43 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-08-23 20:43 - 2014-08-23 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-08-23 20:42 - 2014-08-23 20:43 - 05777120 _____ () C:\Users\PC\Downloads\raidcall_7.3.6.exe
2014-08-23 16:21 - 2014-08-24 04:21 - 00002420 _____ () C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job
2014-08-23 16:21 - 2014-08-23 22:26 - 00000902 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-23 16:21 - 2014-08-23 16:26 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-23 16:21 - 2014-08-23 16:21 - 00005450 _____ () C:\Windows\System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4
2014-08-23 16:21 - 2014-08-23 16:21 - 00003900 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-23 16:21 - 2014-08-23 16:21 - 00003646 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Users\PC\AppData\Local\globalUpdate
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Program Files (x86)\iWebar
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-23 15:51 - 2014-08-24 04:21 - 00000000 ____D () C:\Program Files (x86)\PodoWeb
2014-08-23 15:51 - 2014-08-23 15:51 - 00003412 _____ () C:\Windows\System32\Tasks\Math Problem Solver Optimize
2014-08-23 15:51 - 2014-08-23 15:51 - 00003262 _____ () C:\Windows\System32\Tasks\Math Problem Solver CPU
2014-08-23 15:51 - 2014-08-23 15:51 - 00000000 ____D () C:\Users\PC\AppData\Local\Math Problem Solver
2014-08-23 15:51 - 2014-08-23 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\ProgramData\YTAHelper
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator
2014-08-23 15:50 - 2014-08-23 15:50 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-08-23 15:50 - 2014-08-23 15:50 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2014-08-23 15:49 - 2014-08-23 15:49 - 00004630 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00004286 _____ () C:\Windows\System32\Tasks\Installer_sense
2014-08-23 15:49 - 2014-08-23 15:49 - 00004216 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234
2014-08-23 15:49 - 2014-08-23 15:49 - 00003556 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-08-23 15:49 - 2014-08-23 15:49 - 00003480 _____ () C:\Windows\System32\Tasks\SPDriver
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashRpt
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2014-08-23 15:48 - 2014-08-23 15:51 - 00000000 ____D () C:\Users\PC\AppData\Local\WebPlayer
2014-08-23 15:48 - 2014-08-23 15:48 - 00225256 _____ () C:\Users\PC\Downloads\FLVPlayerSetup-Nc3lH7BfR.exe
2014-08-23 15:48 - 2014-08-23 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-08-23 15:43 - 2014-08-23 15:43 - 00225256 _____ () C:\Users\PC\Downloads\OnlineWeatherSetup-Na6vGmFga.exe
2014-08-22 22:58 - 2014-08-22 22:58 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-08-22 22:58 - 2014-08-22 22:58 - 00001780 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-08-22 22:56 - 2014-08-22 22:57 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-08-22 22:56 - 2014-08-22 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-08-22 22:56 - 2014-08-22 22:56 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-08-22 22:52 - 2014-08-22 22:52 - 00000000 ____D () C:\Users\PC\AppData\Local\Bluestacks
2014-08-22 22:50 - 2014-08-22 22:51 - 13141248 _____ (BlueStack Systems Inc.) C:\Users\PC\Downloads\BlueStacks-SplitInstaller_native(2).exe
2014-08-22 02:50 - 2014-08-22 03:14 - 159066779 _____ () C:\Users\PC\Downloads\KoreanRandom_contoured_2014.04.20.rar
2014-08-15 17:18 - 2014-08-16 08:54 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-08-14 23:40 - 2014-08-14 23:45 - 00000000 ____D () C:\Users\PC\AppData\Roaming\TeamViewer
2014-08-14 23:36 - 2014-08-14 23:36 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-08-14 23:36 - 2014-08-14 23:36 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-08-14 23:36 - 2014-08-14 23:36 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-14 23:34 - 2014-08-14 23:34 - 06952512 _____ (TeamViewer GmbH) C:\Users\PC\Downloads\teamviewer_setup.exe
2014-08-14 22:48 - 2014-08-14 22:48 - 07239140 _____ () C:\Users\PC\Downloads\J1mB0_s_XVM_Config_v5.3.3_Test_1(1).zip
2014-08-14 17:37 - 2014-08-14 17:39 - 00034816 _____ () C:\Users\PC\AppData\Roaming\RZR_00607753483ab95086c56f8d0543.db
2014-08-13 23:01 - 2014-08-21 20:26 - 00000237 _____ () C:\Users\PC\Desktop\fsdfs.txt
2014-08-13 22:23 - 2014-08-13 22:26 - 72711592 _____ (Razer Inc.) C:\Users\PC\Downloads\RazerComms2.0.83(1).exe
2014-08-13 22:16 - 2014-08-13 22:19 - 72711592 _____ (Razer Inc.) C:\Users\PC\Downloads\RazerComms2.0.83.exe
2014-08-11 21:49 - 2014-08-11 21:49 - 00000000 __SHD () C:\Users\PC\AppData\Local\EmieUserList
2014-08-11 21:49 - 2014-08-11 21:49 - 00000000 __SHD () C:\Users\PC\AppData\Local\EmieSiteList
2014-08-11 21:43 - 2014-08-11 21:43 - 00893031 _____ () C:\Users\PC\Downloads\Deegie_cross.rar
2014-08-09 04:39 - 2014-08-09 04:39 - 00345906 _____ () C:\Users\PC\Downloads\20140807_2013_uk-GB21_Cromwell_07_lakeville.wotreplay
2014-08-09 04:35 - 2014-08-09 04:35 - 00766076 _____ () C:\Users\PC\Downloads\replay_last_battle.wotreplay
2014-08-08 19:42 - 2014-08-08 19:40 - 01118149 _____ () C:\Users\PC\Desktop\replay_last_battle.wotreplay
2014-08-06 00:52 - 2014-08-06 00:52 - 00040936 _____ () C:\Users\PC\Downloads\183074-vampire.academy.2014.bdrip.x264sparks.zip
2014-08-02 00:13 - 2014-08-02 00:14 - 07239140 _____ () C:\Users\PC\Downloads\J1mB0_s_XVM_Config_v5.3.3_Test_1.zip
2014-07-31 04:33 - 2014-07-31 04:33 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-07-31 04:33 - 2014-07-31 04:33 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-07-30 22:20 - 2014-07-30 22:20 - 00023963 _____ () C:\Users\PC\Downloads\187310-6eaf9d81d4e01630da0e1b667624b02e0ece013d.zip
2014-07-30 15:43 - 2014-07-30 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 01:23 - 2014-07-29 01:23 - 00036097 _____ () C:\Users\PC\Downloads\187941-the.expendables.3.dvdscr.zip
2014-07-25 02:19 - 2014-07-25 03:31 - 419607080 _____ () C:\Users\PC\Downloads\1401786488_hitbox-wot-0.9.1.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 04:22 - 2014-08-24 04:20 - 00018619 _____ () C:\Users\PC\Desktop\FRST.txt
2014-08-24 04:22 - 2014-02-27 22:24 - 00000382 _____ () C:\Windows\Tasks\update-sys.job
2014-08-24 04:21 - 2014-08-24 04:20 - 00000000 ____D () C:\FRST
2014-08-24 04:21 - 2014-08-23 16:21 - 00002420 _____ () C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job
2014-08-24 04:21 - 2014-08-23 15:51 - 00000000 ____D () C:\Program Files (x86)\PodoWeb
2014-08-24 04:20 - 2014-02-19 19:17 - 00000000 ____D () C:\Users\PC\AppData\Roaming\BitTorrent
2014-08-24 04:19 - 2014-08-24 04:19 - 02103296 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-08-24 04:17 - 2014-02-12 19:30 - 02043037 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 03:42 - 2014-05-20 23:35 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 03:36 - 2014-02-12 11:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 03:31 - 2014-02-27 22:24 - 00000382 _____ () C:\Windows\Tasks\update-S-1-5-21-558768503-1695780235-3176175885-1000.job
2014-08-24 02:40 - 2014-02-12 11:57 - 00000000 ____D () C:\Users\PC\AppData\Roaming\vlc
2014-08-24 02:00 - 2014-02-20 21:06 - 00000000 ____D () C:\Users\PC\AppData\Local\Adobe
2014-08-23 22:26 - 2014-08-23 16:21 - 00000902 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-23 20:57 - 2014-08-23 15:50 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2014-08-23 20:57 - 2014-08-23 15:50 - 00000000 ____D () C:\ProgramData\YTAHelper
2014-08-23 20:57 - 2014-08-23 15:50 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-23 20:57 - 2014-08-23 15:50 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator
2014-08-23 20:46 - 2014-08-23 20:43 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-08-23 20:44 - 2014-08-23 20:44 - 00000000 ____D () C:\Users\PC\AppData\Roaming\raidcall
2014-08-23 20:43 - 2014-08-23 20:43 - 00001031 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-08-23 20:43 - 2014-08-23 20:43 - 00001007 _____ () C:\Users\PC\Desktop\RaidCall.lnk
2014-08-23 20:43 - 2014-08-23 20:43 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-08-23 20:43 - 2014-08-23 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-08-23 20:43 - 2014-08-23 20:42 - 05777120 _____ () C:\Users\PC\Downloads\raidcall_7.3.6.exe
2014-08-23 20:39 - 2014-07-14 23:51 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashDumps
2014-08-23 17:57 - 2014-02-12 12:09 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-23 16:26 - 2014-08-23 16:21 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-23 16:21 - 2014-08-23 16:21 - 00005450 _____ () C:\Windows\System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4
2014-08-23 16:21 - 2014-08-23 16:21 - 00003900 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-23 16:21 - 2014-08-23 16:21 - 00003646 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Users\PC\AppData\Local\globalUpdate
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Program Files (x86)\iWebar
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-23 15:51 - 2014-08-23 15:51 - 00003412 _____ () C:\Windows\System32\Tasks\Math Problem Solver Optimize
2014-08-23 15:51 - 2014-08-23 15:51 - 00003262 _____ () C:\Windows\System32\Tasks\Math Problem Solver CPU
2014-08-23 15:51 - 2014-08-23 15:51 - 00000000 ____D () C:\Users\PC\AppData\Local\Math Problem Solver
2014-08-23 15:51 - 2014-08-23 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-08-23 15:51 - 2014-08-23 15:48 - 00000000 ____D () C:\Users\PC\AppData\Local\WebPlayer
2014-08-23 15:50 - 2014-08-23 15:50 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-08-23 15:50 - 2014-08-23 15:50 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2014-08-23 15:49 - 2014-08-23 15:49 - 00004630 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00004286 _____ () C:\Windows\System32\Tasks\Installer_sense
2014-08-23 15:49 - 2014-08-23 15:49 - 00004216 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234
2014-08-23 15:49 - 2014-08-23 15:49 - 00003556 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-08-23 15:49 - 2014-08-23 15:49 - 00003480 _____ () C:\Windows\System32\Tasks\SPDriver
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashRpt
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2014-08-23 15:48 - 2014-08-23 15:48 - 00225256 _____ () C:\Users\PC\Downloads\FLVPlayerSetup-Nc3lH7BfR.exe
2014-08-23 15:48 - 2014-08-23 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-08-23 15:43 - 2014-08-23 15:43 - 00225256 _____ () C:\Users\PC\Downloads\OnlineWeatherSetup-Na6vGmFga.exe
2014-08-23 14:50 - 2014-05-20 23:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-22 22:58 - 2014-08-22 22:58 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-08-22 22:58 - 2014-08-22 22:58 - 00001780 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-08-22 22:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-22 22:57 - 2014-08-22 22:56 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-08-22 22:56 - 2014-08-22 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-08-22 22:56 - 2014-08-22 22:56 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-08-22 22:52 - 2014-08-22 22:52 - 00000000 ____D () C:\Users\PC\AppData\Local\Bluestacks
2014-08-22 22:52 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-08-22 22:51 - 2014-08-22 22:50 - 13141248 _____ (BlueStack Systems Inc.) C:\Users\PC\Downloads\BlueStacks-SplitInstaller_native(2).exe
2014-08-22 19:24 - 2009-07-14 06:51 - 00046073 _____ () C:\Windows\setupact.log
2014-08-22 03:14 - 2014-08-22 02:50 - 159066779 _____ () C:\Users\PC\Downloads\KoreanRandom_contoured_2014.04.20.rar
2014-08-21 20:26 - 2014-08-13 23:01 - 00000237 _____ () C:\Users\PC\Desktop\fsdfs.txt
2014-08-20 00:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-19 17:44 - 2014-02-12 11:39 - 00000000 ____D () C:\Users\PC\AppData\Roaming\AIMP3
2014-08-19 16:01 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-16 09:06 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 09:06 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 08:58 - 2014-05-09 18:20 - 00000000 ____D () C:\ProgramData\MCShield
2014-08-16 08:58 - 2014-02-12 11:15 - 00071504 _____ () C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-16 08:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 08:58 - 2009-07-14 06:45 - 04988160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 08:57 - 2014-07-09 21:20 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-08-16 08:57 - 2010-11-21 05:47 - 00089346 _____ () C:\Windows\PFRO.log
2014-08-16 08:55 - 2014-07-09 21:21 - 00000000 ____D () C:\Users\PC\AppData\Local\Razer
2014-08-16 08:54 - 2014-08-15 17:18 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-08-16 08:54 - 2014-07-09 21:20 - 00000000 ____D () C:\ProgramData\Razer
2014-08-15 05:57 - 2014-05-20 23:36 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 23:45 - 2014-08-14 23:40 - 00000000 ____D () C:\Users\PC\AppData\Roaming\TeamViewer
2014-08-14 23:36 - 2014-08-14 23:36 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-08-14 23:36 - 2014-08-14 23:36 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-08-14 23:36 - 2014-08-14 23:36 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-14 23:34 - 2014-08-14 23:34 - 06952512 _____ (TeamViewer GmbH) C:\Users\PC\Downloads\teamviewer_setup.exe
2014-08-14 22:48 - 2014-08-14 22:48 - 07239140 _____ () C:\Users\PC\Downloads\J1mB0_s_XVM_Config_v5.3.3_Test_1(1).zip
2014-08-14 17:39 - 2014-08-14 17:37 - 00034816 _____ () C:\Users\PC\AppData\Roaming\RZR_00607753483ab95086c56f8d0543.db
2014-08-13 22:26 - 2014-08-13 22:23 - 72711592 _____ (Razer Inc.) C:\Users\PC\Downloads\RazerComms2.0.83(1).exe
2014-08-13 22:19 - 2014-08-13 22:16 - 72711592 _____ (Razer Inc.) C:\Users\PC\Downloads\RazerComms2.0.83.exe
2014-08-11 21:49 - 2014-08-11 21:49 - 00000000 __SHD () C:\Users\PC\AppData\Local\EmieUserList
2014-08-11 21:49 - 2014-08-11 21:49 - 00000000 __SHD () C:\Users\PC\AppData\Local\EmieSiteList
2014-08-11 21:43 - 2014-08-11 21:43 - 00893031 _____ () C:\Users\PC\Downloads\Deegie_cross.rar
2014-08-09 04:39 - 2014-08-09 04:39 - 00345906 _____ () C:\Users\PC\Downloads\20140807_2013_uk-GB21_Cromwell_07_lakeville.wotreplay
2014-08-09 04:35 - 2014-08-09 04:35 - 00766076 _____ () C:\Users\PC\Downloads\replay_last_battle.wotreplay
2014-08-08 19:40 - 2014-08-08 19:42 - 01118149 _____ () C:\Users\PC\Desktop\replay_last_battle.wotreplay
2014-08-06 16:45 - 2014-02-12 11:51 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Skype
2014-08-06 00:52 - 2014-08-06 00:52 - 00040936 _____ () C:\Users\PC\Downloads\183074-vampire.academy.2014.bdrip.x264sparks.zip
2014-08-05 23:33 - 2014-02-12 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-02 00:14 - 2014-08-02 00:13 - 07239140 _____ () C:\Users\PC\Downloads\J1mB0_s_XVM_Config_v5.3.3_Test_1.zip
2014-07-31 04:33 - 2014-07-31 04:33 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-07-31 04:33 - 2014-07-31 04:33 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-07-30 22:20 - 2014-07-30 22:20 - 00023963 _____ () C:\Users\PC\Downloads\187310-6eaf9d81d4e01630da0e1b667624b02e0ece013d.zip
2014-07-30 15:43 - 2014-07-30 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 01:23 - 2014-07-29 01:23 - 00036097 _____ () C:\Users\PC\Downloads\187941-the.expendables.3.dvdscr.zip
2014-07-26 18:47 - 2014-07-06 17:28 - 00000000 ____D () C:\Users\PC\AppData\Roaming\WOT Statistics
2014-07-25 03:31 - 2014-07-25 02:19 - 419607080 _____ () C:\Users\PC\Downloads\1401786488_hitbox-wot-0.9.1.rar

Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\airC8C.exe
C:\Users\PC\AppData\Local\Temp\appshat_generic.exe
C:\Users\PC\AppData\Local\Temp\cabex.dll
C:\Users\PC\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\PC\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\PC\AppData\Local\Temp\PartnerInstaller_smtyc.exe
C:\Users\PC\AppData\Local\Temp\PodoWebSetup.exe
C:\Users\PC\AppData\Local\Temp\setup.exe
C:\Users\PC\AppData\Local\Temp\SRLDetectionLibrary6762901158051205342.dll
C:\Users\PC\AppData\Local\Temp\tu17p84.exe
C:\Users\PC\AppData\Local\Temp\unelevate.exe
C:\Users\PC\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 21:42

==================== End Of Log ============================

mycity.rs/must-login.png

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Korak 1 - Deinstalacija programa

Arrow Idi u Start - Control Panel - Program and Features i deinstaliraj sledeće:
AppsHat Mobile Apps
iWebar
Math Problem Solver
PodoWeb
Search Protection
Shopper-Pro





Korak 2 - Uklanjanje malware-a
Arrow
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
() C:\Users\PC\AppData\Local\Installer\Installsense_31623\delay.exe
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [SearchProtection] => C:\Users\PC\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [3211776 2014-08-07] ()
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\MountPoints2: {473807e0-a6c1-11e3-ba2d-201a067497bd} - F:\autorun.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com/
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\user.js
FF Extension: Shopper-Pro - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-08-23]
FF Extension: PodoWeb - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{00c97d86-accb-4288-9972-6d929c1fe93a}.xpi [2014-08-23]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-23] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-23] (globalUpdate) [File not signed]
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-08-07] (ShopperPro)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-08-07] ()
R2 SPDRIVER_1.37.0.486; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.sys [52584 2014-08-07] ()
2014-08-23 16:21 - 2014-08-24 04:21 - 00002420 _____ () C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job
2014-08-23 16:21 - 2014-08-23 22:26 - 00000902 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-23 16:21 - 2014-08-23 16:26 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-23 16:21 - 2014-08-23 16:21 - 00005450 _____ () C:\Windows\System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4
2014-08-23 16:21 - 2014-08-23 16:21 - 00003900 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-23 16:21 - 2014-08-23 16:21 - 00003646 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Users\PC\AppData\Local\globalUpdate
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Program Files (x86)\iWebar
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-23 15:51 - 2014-08-24 04:21 - 00000000 ____D () C:\Program Files (x86)\PodoWeb
2014-08-23 15:51 - 2014-08-23 15:51 - 00003412 _____ () C:\Windows\System32\Tasks\Math Problem Solver Optimize
2014-08-23 15:51 - 2014-08-23 15:51 - 00003262 _____ () C:\Windows\System32\Tasks\Math Problem Solver CPU
2014-08-23 15:51 - 2014-08-23 15:51 - 00000000 ____D () C:\Users\PC\AppData\Local\Math Problem Solver
2014-08-23 15:51 - 2014-08-23 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\ProgramData\YTAHelper
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator
2014-08-23 15:50 - 2014-08-23 15:50 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2014-08-23 15:49 - 2014-08-23 15:49 - 00004630 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00004286 _____ () C:\Windows\System32\Tasks\Installer_sense
2014-08-23 15:49 - 2014-08-23 15:49 - 00004216 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234
2014-08-23 15:49 - 2014-08-23 15:49 - 00003556 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-08-23 15:49 - 2014-08-23 15:49 - 00003480 _____ () C:\Windows\System32\Tasks\SPDriver
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashRpt
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2014-08-23 15:48 - 2014-08-23 15:51 - 00000000 ____D () C:\Users\PC\AppData\Local\WebPlayer
C:\Users\PC\AppData\Roaming\Search Protection
C:\Users\PC\AppData\Local\Installer\Installsense_31623
Task: {070F8E7C-2340-4E59-BDE8-B96E9928D0DB} - System32\Tasks\Math Problem Solver CPU => C:\Users\PC\AppData\Local\Math Problem Solver\cpu\Solve.exe [2014-01-23] ()
Task: {0CF8BE64-D130-45D0-9032-1E32433217C7} - System32\Tasks\Math Problem Solver Optimize => C:\Users\PC\AppData\Local\Math Problem Solver\Optimize.exe [2014-01-20] ()
Task: {5B32DBC6-B296-4554-8FB4-26F7B518F5E8} - System32\Tasks\Installer_sense => C:\Users\PC\AppData\Local\Installer\Installsense_31623\delay.exe [2014-08-23] ()
Task: {60650715-E844-42C4-87C1-CED9F94B1DE0} - System32\Tasks\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0
Task: {6F4A4F89-6F1B-4B90-A7FD-A68DE2234A77} - System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4 => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.exe [2014-08-23] (iWebar) <==== ATTENTION
Task: {71642396-60D5-4E44-BF04-CD82B0D52142} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [2014-08-07] () <==== ATTENTION
Task: {8A60BA1B-C2D6-4590-BE11-A5803382192A} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-23] (globalUpdate)
Task: {8FEDF96A-F817-427C-9679-CFC188E2EA5D} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2014-08-07] (Goobzo) <==== ATTENTION
Task: {E47CD2AA-F14C-4BE8-9656-A3CE8DF16131} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-23] (globalUpdate)
Task: {E5CC9933-26BF-4350-B29A-CF0C710619A5} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2014-08-07] (Goobzo LTD) <==== ATTENTION
Task: C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 08 Maj 2014
  • Poruke: 95

Zaboravio sam da napomenem u prvom postu da povremeno izbaci JsDriver stopped working, mozzila stalno izbacuje takodje


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014
Ran by PC at 2014-08-24 18:00:44 Run:1
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
() C:\Users\PC\AppData\Local\Installer\Installsense_31623\delay.exe
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [SearchProtection] => C:\Users\PC\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [3211776 2014-08-07] ()
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\...\MountPoints2: {473807e0-a6c1-11e3-ba2d-201a067497bd} - F:\autorun.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = myhoome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myhoome.com/
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\user.js
FF Extension: Shopper-Pro - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-08-23]
FF Extension: PodoWeb - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{00c97d86-accb-4288-9972-6d929c1fe93a}.xpi [2014-08-23]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-23] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-23] (globalUpdate) [File not signed]
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-08-07] (ShopperPro)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-08-07] ()
R2 SPDRIVER_1.37.0.486; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.sys [52584 2014-08-07] ()
2014-08-23 16:21 - 2014-08-24 04:21 - 00002420 _____ () C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job
2014-08-23 16:21 - 2014-08-23 22:26 - 00000902 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-23 16:21 - 2014-08-23 16:26 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-23 16:21 - 2014-08-23 16:21 - 00005450 _____ () C:\Windows\System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4
2014-08-23 16:21 - 2014-08-23 16:21 - 00003900 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-23 16:21 - 2014-08-23 16:21 - 00003646 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Users\PC\AppData\Local\globalUpdate
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Program Files (x86)\iWebar
2014-08-23 16:21 - 2014-08-23 16:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-23 15:51 - 2014-08-24 04:21 - 00000000 ____D () C:\Program Files (x86)\PodoWeb
2014-08-23 15:51 - 2014-08-23 15:51 - 00003412 _____ () C:\Windows\System32\Tasks\Math Problem Solver Optimize
2014-08-23 15:51 - 2014-08-23 15:51 - 00003262 _____ () C:\Windows\System32\Tasks\Math Problem Solver CPU
2014-08-23 15:51 - 2014-08-23 15:51 - 00000000 ____D () C:\Users\PC\AppData\Local\Math Problem Solver
2014-08-23 15:51 - 2014-08-23 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\ProgramData\YTAHelper
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-23 15:50 - 2014-08-23 20:57 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator
2014-08-23 15:50 - 2014-08-23 15:50 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2014-08-23 15:49 - 2014-08-23 15:49 - 00004630 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00004286 _____ () C:\Windows\System32\Tasks\Installer_sense
2014-08-23 15:49 - 2014-08-23 15:49 - 00004216 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234
2014-08-23 15:49 - 2014-08-23 15:49 - 00003556 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-08-23 15:49 - 2014-08-23 15:49 - 00003480 _____ () C:\Windows\System32\Tasks\SPDriver
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashRpt
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-08-23 15:49 - 2014-08-23 15:49 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2014-08-23 15:48 - 2014-08-23 15:51 - 00000000 ____D () C:\Users\PC\AppData\Local\WebPlayer
C:\Users\PC\AppData\Roaming\Search Protection
C:\Users\PC\AppData\Local\Installer\Installsense_31623
Task: {070F8E7C-2340-4E59-BDE8-B96E9928D0DB} - System32\Tasks\Math Problem Solver CPU => C:\Users\PC\AppData\Local\Math Problem Solver\cpu\Solve.exe [2014-01-23] ()
Task: {0CF8BE64-D130-45D0-9032-1E32433217C7} - System32\Tasks\Math Problem Solver Optimize => C:\Users\PC\AppData\Local\Math Problem Solver\Optimize.exe [2014-01-20] ()
Task: {5B32DBC6-B296-4554-8FB4-26F7B518F5E8} - System32\Tasks\Installer_sense => C:\Users\PC\AppData\Local\Installer\Installsense_31623\delay.exe [2014-08-23] ()
Task: {60650715-E844-42C4-87C1-CED9F94B1DE0} - System32\Tasks\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0
Task: {6F4A4F89-6F1B-4B90-A7FD-A68DE2234A77} - System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4 => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.exe [2014-08-23] (iWebar) <==== ATTENTION
Task: {71642396-60D5-4E44-BF04-CD82B0D52142} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [2014-08-07] () <==== ATTENTION
Task: {8A60BA1B-C2D6-4590-BE11-A5803382192A} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-23] (globalUpdate)
Task: {8FEDF96A-F817-427C-9679-CFC188E2EA5D} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2014-08-07] (Goobzo) <==== ATTENTION
Task: {E47CD2AA-F14C-4BE8-9656-A3CE8DF16131} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-23] (globalUpdate)
Task: {E5CC9933-26BF-4350-B29A-CF0C710619A5} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2014-08-07] (Goobzo LTD) <==== ATTENTION
Task: C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
EmptyTemp:
*****************

C:\Program Files\Common Files\ShopperPro\spbiu.exe => No running process found
[4976] C:\Users\PC\AppData\Local\Installer\Installsense_31623\delay.exe => Process closed successfully.
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value not found.
HKU\S-1-5-21-558768503-1695780235-3176175885-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => Value not found.
"HKU\S-1-5-21-558768503-1695780235-3176175885-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{473807e0-a6c1-11e3-ba2d-201a067497bd}" => Key deleted successfully.
"HKCR\CLSID\{473807e0-a6c1-11e3-ba2d-201a067497bd}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key not found.
"HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\user.js => Moved successfully.
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} not found.
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\c407as5w.default\Extensions\{00c97d86-accb-4288-9972-6d929c1fe93a}.xpi not found.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
SPBIUpd => Service not found.
SPBIUpdd => Service not found.
SPDRIVER_1.37.0.486 => Unable to stop service
SPDRIVER_1.37.0.486 => Error deleting Service
"C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job" => File/Directory not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
"C:\Windows\System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4" => File/Directory not found.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
C:\Users\PC\AppData\Local\globalUpdate => Moved successfully.
"C:\Program Files (x86)\iWebar" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
"C:\Program Files (x86)\PodoWeb" => File/Directory not found.
"C:\Windows\System32\Tasks\Math Problem Solver Optimize" => File/Directory not found.
"C:\Windows\System32\Tasks\Math Problem Solver CPU" => File/Directory not found.
"C:\Users\PC\AppData\Local\Math Problem Solver" => File/Directory not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat => Moved successfully.
C:\Users\Public\Documents\GOOBZO => Moved successfully.
C:\ProgramData\YTAHelper => Moved successfully.
C:\ProgramData\TEMP => Moved successfully.
C:\Program Files (x86)\YouTube Accelerator => Moved successfully.
C:\Users\Public\Documents\YTAHelper => Moved successfully.
"C:\Windows\System32\Tasks\ShopperPro" => File/Directory not found.
C:\Windows\System32\Tasks\Installer_sense => Moved successfully.
"C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234" => File/Directory not found.
"C:\Windows\System32\Tasks\ShopperProJSUpd" => File/Directory not found.
"C:\Windows\System32\Tasks\SPDriver" => File/Directory not found.
C:\Users\Public\Documents\ShopperPro => Moved successfully.
C:\Users\PC\AppData\Local\CrashRpt => Moved successfully.
"C:\ProgramData\ShopperPro" => File/Directory not found.
"C:\Program Files\Common Files\ShopperPro" => File/Directory not found.
C:\Program Files (x86)\ShopperPro => Moved successfully.
C:\Users\PC\AppData\Local\WebPlayer => Moved successfully.
"C:\Users\PC\AppData\Roaming\Search Protection" => File/Directory not found.
C:\Users\PC\AppData\Local\Installer\Installsense_31623 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070F8E7C-2340-4E59-BDE8-B96E9928D0DB}" => Key not found.
C:\Windows\System32\Tasks\Math Problem Solver CPU not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Math Problem Solver CPU" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF8BE64-D130-45D0-9032-1E32433217C7}" => Key not found.
C:\Windows\System32\Tasks\Math Problem Solver Optimize not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Math Problem Solver Optimize" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B32DBC6-B296-4554-8FB4-26F7B518F5E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B32DBC6-B296-4554-8FB4-26F7B518F5E8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Installer_sense not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60650715-E844-42C4-87C1-CED9F94B1DE0}" => Key not found.
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333736383433393034312d2a55456c2d5a34575b413234" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F4A4F89-6F1B-4B90-A7FD-A68DE2234A77}" => Key not found.
C:\Windows\System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71642396-60D5-4E44-BF04-CD82B0D52142}" => Key not found.
C:\Windows\System32\Tasks\SPDriver not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A60BA1B-C2D6-4590-BE11-A5803382192A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A60BA1B-C2D6-4590-BE11-A5803382192A}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FEDF96A-F817-427C-9679-CFC188E2EA5D}" => Key not found.
C:\Windows\System32\Tasks\ShopperProJSUpd not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E47CD2AA-F14C-4BE8-9656-A3CE8DF16131}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E47CD2AA-F14C-4BE8-9656-A3CE8DF16131}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5CC9933-26BF-4350-B29A-CF0C710619A5}" => Key not found.
C:\Windows\System32\Tasks\ShopperPro not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro" => Key not found.
C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
"C:\ProgramData\TEMP" => ":56E2E879" ADS not found.
"C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job" => File/Directory not found.
"C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job" => File/Directory not found.
"C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job" => File/Directory not found.
EmptyTemp: => Removed 837.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Kakvo je sada stanje, bolje je?

offline
  • Pridružio: 08 Maj 2014
  • Poruke: 95

Nema bagovanja, do sada nije me izbacila mozzila niti mi je iskocilo da JsDriver prestao raditi Very Happy

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Moramo samo još neke provere da izvršimo.

Arrow
Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt






Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.


- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.




• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.


• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.




Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 08 Maj 2014
  • Poruke: 95

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Arrow To je to, tvoj kompjuter je sada čist što se malware-a tiče. I problem smo rešili, ostaje samo da počistimo alate.




Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 854 korisnika na forumu :: 45 registrovanih, 9 sakrivenih i 800 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajsa.huseini, Apok, atrkulja, babaroga, BSD, calvi, comi_pfc, danilopu, darkangel, darkstar101, Denaya, djboj, dogodine, Dusan Medojevic, Faki-Valjevo, glada, HrcAk47, ivicasimo, kovinacc, Krusarac, lovac12, madza, Marko Marković, Mercury, MIg, milan47, milos.cbr, Misirac, Ognjen D., operniki, pein, pera12345, perko91, proleter373, repac, rovac, Skiper1, vasa.93, vilotic, virked, Vlad000, Vlada1389, VladaKG1980, vladas87, voja64