Problem sa "iskačućim" prozorima

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Имам проблем са искачућим прозорима и колега higuy ме је послао овде на лечење тог проблема.

-проблем који имам се испољава у виду искачућих прозора на сва три интернет претраживача која користим: Мозила, Хром и ИЕ.





-проблем се почео испољивати пре више од 2 недеље

-заштитни софтвер није реаговао приликом појаве тих искачућих прозора

-тип интенет конекције ми је wireless а брзина протока ми је 4 мб/с

-што се тиче стања на рачунару, ту не знам шта би рекао, најбоље да ви питати а ја ћу одговорити

mycity.rs/must-login.png

mycity.rs/must-login.png

Окачио сам и FRST и Addition јер је ФРСТ много обиман.

Надам се да сам све урадио како треба и да ћемо наћи решење за искачуће прозоре.

Поздрав,
МиГ-29 М2




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Marko (administrator) on MARKO-PC on 31-07-2014 13:04:31
Running from C:\Users\Marko\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
() C:\Programi\RocketDock 1.3.5\RocketDock.exe
() C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe
() C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Wargaming.net) D:\Games\World_of_Tanks\WOTLauncher.exe
(Mozilla Corporation) C:\Programi\Mozilla Firefox 26.0\firefox.exe
(Mozilla Corporation) C:\Programi\Mozilla Firefox 26.0\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [RocketDock] => C:\Programi\RocketDock 1.3.5\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [Google Update] => C:\Users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-10] (Google Inc.)
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\MountPoints2: {1f25468e-8d88-11e3-b445-001fd0d8634c} - G:\RoNsetup.exe /autorun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com/ie
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlbho.dll (NetCrawl)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 91.226.242.1 91.226.242.2

FireFox:
========
FF ProfilePath: C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default
FF Homepage: google.rs
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Programi\Picasa 3.9 Build 137.81\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Marko\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Programi\Adobe Reader 11.0.06\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Marko\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marko\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marko\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\user.js
FF Extension: ColorfulTabs - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-07-25]
FF Extension: SearchPreview - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-21]
FF Extension: Tab Scope - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\tabscope@xuldev.org.xpi [2014-02-04]
FF Extension: All-in-One Sidebar - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-02-04]
FF Extension: Download Status Bar - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-02-04]
FF Extension: NetCrawl - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.xpi [2014-07-14]
FF Extension: Showcase - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi [2014-02-04]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-02-04]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-02-04]
FF Extension: Adblock Plus - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-04]
FF Extension: Tab Mix Plus - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-02-04]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF StartMenuInternet: FIREFOX.EXE - C:\Programi\Mozilla Firefox 26.0\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.rs/
CHR StartupUrls: "hxxp://www.google.rs/"
CHR Extension: (Google Docs) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google Search) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Programi\SuperAntiSpyware 5.7.1018 (64bit)\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 SkypeUpdate; C:\Programi\Skype 6.13.0.104\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S4 TeamViewer9; C:\Programi\TeamViewer 9.0.25790\TeamViewer_Service.exe [4915040 2014-01-29] (TeamViewer GmbH)
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [323360 2014-07-29] ()
R2 Util NetCrawl; C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe [323360 2014-07-29] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-04] (Disc Soft Ltd)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed]
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed]
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Programi\SuperAntiSpyware 5.7.1018 (64bit)\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Programi\SuperAntiSpyware 5.7.1018 (64bit)\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 XFDriver64; D:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-07-12] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 13:04 - 2014-07-31 13:05 - 00015739 _____ () C:\Users\Marko\Desktop\FRST.txt
2014-07-31 13:03 - 2014-07-31 13:04 - 00000000 ____D () C:\FRST
2014-07-31 13:02 - 2014-07-31 13:01 - 02094080 _____ (Farbar) C:\Users\Marko\Desktop\FRST64.exe
2014-07-16 15:34 - 2014-07-26 18:27 - 00000000 ____D () C:\Users\Marko\Desktop\za ps
2014-07-15 23:29 - 2014-07-15 23:30 - 174596376 _____ () C:\Users\Marko\AppData\Local\ACCCx2_7_0_413.zip.aamdownload
2014-07-15 23:29 - 2014-07-15 23:30 - 00002111 _____ () C:\Users\Marko\AppData\Local\ACCCx2_7_0_413.zip.aamdownload.aamd
2014-07-15 17:14 - 2014-07-15 17:14 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Marko-PC-Marko
2014-07-15 17:13 - 2014-07-15 17:13 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\PDAppFlex
2014-07-15 17:11 - 2014-07-15 17:11 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-15 17:10 - 2014-07-15 17:10 - 00000812 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2014-07-15 17:04 - 2014-07-15 17:04 - 00001557 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-07-15 16:59 - 2014-07-31 09:46 - 00000000 ____D () C:\Users\Marko\AppData\Local\Adobe
2014-07-15 15:01 - 2014-07-15 15:01 - 00005309 _____ () C:\Users\Marko\AppData\Local\recently-used.xbel
2014-07-15 14:00 - 2014-07-15 15:01 - 00000000 ____D () C:\Users\Marko\AppData\Local\gtk-2.0
2014-07-15 14:00 - 2014-07-15 14:00 - 00000000 ____D () C:\Users\Marko\.thumbnails
2014-07-15 13:57 - 2014-07-15 15:01 - 00000000 ____D () C:\Users\Marko\.gimp-2.8
2014-07-15 13:57 - 2014-07-15 13:57 - 00000000 ____D () C:\Users\Marko\AppData\Local\gegl-0.2
2014-07-15 13:46 - 2014-07-15 13:46 - 00000921 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-15 13:45 - 2014-07-15 13:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-14 13:00 - 2014-07-14 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2014-07-14 12:57 - 2014-07-28 15:01 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\XnView
2014-07-14 11:32 - 2014-07-12 17:15 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-14 10:27 - 2014-07-14 20:54 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-07-14 10:27 - 2014-07-14 10:28 - 03103624 _____ (Adobe Systems Incorporated) C:\Users\Marko\Downloads\CreativeCloudSet-Up.exe
2014-07-11 11:08 - 2014-07-31 10:04 - 00002296 _____ () C:\Windows\setupact.log
2014-07-11 11:08 - 2014-07-11 11:08 - 00423912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 11:08 - 2014-07-11 11:08 - 00113560 _____ () C:\Users\Marko\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-11 11:08 - 2014-07-11 11:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 10:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 10:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 10:21 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 10:21 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 10:21 - 2014-06-18 03:07 - 03161088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 10:21 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 10:21 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 10:20 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 10:20 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 10:20 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 10:20 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 10:20 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 10:20 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 10:20 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 10:20 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 10:20 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 10:20 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 10:20 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 10:20 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 10:20 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 10:20 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 10:20 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 10:20 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 10:20 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:20 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 10:20 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 10:20 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 10:20 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 10:20 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 10:20 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 10:20 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 10:20 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 10:20 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 10:20 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 10:20 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 10:20 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 10:20 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 10:20 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 10:20 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:20 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 10:20 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 10:20 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 10:20 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 10:20 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 10:20 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 10:20 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 10:20 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:20 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 10:20 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 10:20 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:20 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 10:20 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:20 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:20 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 10:20 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:20 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 10:20 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:20 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:20 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 10:20 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 10:20 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:20 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:20 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 10:20 - 2014-05-30 08:41 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 10:18 - 2014-06-05 16:44 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 10:18 - 2014-06-05 16:44 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 10:18 - 2014-06-05 16:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 10:18 - 2014-06-05 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 10:18 - 2014-06-05 16:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 10:18 - 2014-06-05 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 10:18 - 2014-06-05 16:15 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 13:51 - 2014-07-08 13:51 - 00000739 _____ () C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-07-08 13:51 - 2014-07-08 13:51 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\raidcall
2014-07-08 13:51 - 2014-07-08 13:51 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-07-08 13:51 - 2014-07-08 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-07-06 11:08 - 2014-07-10 22:47 - 00000000 ____D () C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 13:05 - 2014-07-31 13:04 - 00015739 _____ () C:\Users\Marko\Desktop\FRST.txt
2014-07-31 13:04 - 2014-07-31 13:03 - 00000000 ____D () C:\FRST
2014-07-31 13:03 - 2009-07-14 06:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 13:03 - 2009-07-14 06:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 13:01 - 2014-07-31 13:02 - 02094080 _____ (Farbar) C:\Users\Marko\Desktop\FRST64.exe
2014-07-31 12:48 - 2014-02-04 13:43 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000UA.job
2014-07-31 12:48 - 2014-02-04 13:43 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000Core.job
2014-07-31 12:25 - 2014-02-04 11:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 12:16 - 2014-04-10 12:58 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000UA.job
2014-07-31 12:09 - 2014-02-07 19:50 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\TS3Client
2014-07-31 12:08 - 2014-03-09 01:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 10:53 - 2014-02-04 16:34 - 01143659 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 10:16 - 2014-04-10 12:58 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000Core.job
2014-07-31 10:05 - 2009-07-14 04:34 - 00000629 _____ () C:\Windows\win.ini
2014-07-31 10:04 - 2014-07-11 11:08 - 00002296 _____ () C:\Windows\setupact.log
2014-07-31 10:04 - 2014-03-09 01:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 10:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 09:46 - 2014-07-15 16:59 - 00000000 ____D () C:\Users\Marko\AppData\Local\Adobe
2014-07-31 09:35 - 2014-02-04 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 18:51 - 2014-02-04 13:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-30 18:51 - 2014-02-04 10:42 - 00000000 ___HD () C:\Programi
2014-07-29 22:13 - 2014-02-04 13:32 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\Skype
2014-07-28 15:01 - 2014-07-14 12:57 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\XnView
2014-07-26 18:27 - 2014-07-16 15:34 - 00000000 ____D () C:\Users\Marko\Desktop\za ps
2014-07-26 18:26 - 2014-02-16 18:40 - 00000000 ____D () C:\Users\Marko\Desktop\Ikonice sa desktopa
2014-07-26 18:26 - 2014-02-04 10:17 - 00000000 ____D () C:\Users\Marko
2014-07-25 10:19 - 2014-02-04 14:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 10:19 - 2014-02-04 14:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 16:37 - 2014-02-04 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 12:30 - 2014-02-04 13:24 - 00000000 ____D () C:\Users\Marko\Documents\Readon Player
2014-07-24 12:30 - 2014-02-04 12:54 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\vlc
2014-07-22 22:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-19 09:23 - 2009-07-14 07:13 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 00:00 - 2014-02-04 12:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-15 23:30 - 2014-07-15 23:29 - 174596376 _____ () C:\Users\Marko\AppData\Local\ACCCx2_7_0_413.zip.aamdownload
2014-07-15 23:30 - 2014-07-15 23:29 - 00002111 _____ () C:\Users\Marko\AppData\Local\ACCCx2_7_0_413.zip.aamdownload.aamd
2014-07-15 17:14 - 2014-07-15 17:14 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Marko-PC-Marko
2014-07-15 17:14 - 2014-02-04 10:17 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\Adobe
2014-07-15 17:13 - 2014-07-15 17:13 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\PDAppFlex
2014-07-15 17:11 - 2014-07-15 17:11 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-15 17:10 - 2014-07-15 17:10 - 00000812 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2014-07-15 17:06 - 2014-02-04 11:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 17:04 - 2014-07-15 17:04 - 00001557 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-07-15 15:01 - 2014-07-15 15:01 - 00005309 _____ () C:\Users\Marko\AppData\Local\recently-used.xbel
2014-07-15 15:01 - 2014-07-15 14:00 - 00000000 ____D () C:\Users\Marko\AppData\Local\gtk-2.0
2014-07-15 15:01 - 2014-07-15 13:57 - 00000000 ____D () C:\Users\Marko\.gimp-2.8
2014-07-15 14:00 - 2014-07-15 14:00 - 00000000 ____D () C:\Users\Marko\.thumbnails
2014-07-15 13:57 - 2014-07-15 13:57 - 00000000 ____D () C:\Users\Marko\AppData\Local\gegl-0.2
2014-07-15 13:46 - 2014-07-15 13:46 - 00000921 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-15 13:46 - 2014-07-15 13:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-14 20:54 - 2014-07-14 10:27 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-07-14 13:00 - 2014-07-14 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2014-07-14 10:28 - 2014-07-14 10:27 - 03103624 _____ (Adobe Systems Incorporated) C:\Users\Marko\Downloads\CreativeCloudSet-Up.exe
2014-07-12 17:15 - 2014-07-14 11:32 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-11 16:03 - 2014-02-04 13:44 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\Thunderbird
2014-07-11 11:09 - 2014-02-04 12:48 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\DAEMON Tools Lite
2014-07-11 11:08 - 2014-07-11 11:08 - 00423912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 11:08 - 2014-07-11 11:08 - 00113560 _____ () C:\Users\Marko\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-11 11:08 - 2014-07-11 11:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-10 22:52 - 2014-02-04 13:44 - 00000000 ____D () C:\Users\Marko\AppData\Local\Thunderbird
2014-07-10 22:47 - 2014-07-06 11:08 - 00000000 ____D () C:\Windows\Minidump
2014-07-10 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 10:50 - 2014-05-05 23:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 10:50 - 2011-04-12 10:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 10:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 10:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 10:47 - 2014-02-04 13:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 10:45 - 2014-02-04 13:52 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 10:44 - 2014-02-04 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 00:25 - 2014-02-04 11:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:25 - 2014-02-04 11:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 00:25 - 2014-02-04 11:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 13:51 - 2014-07-08 13:51 - 00000739 _____ () C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-07-08 13:51 - 2014-07-08 13:51 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\raidcall
2014-07-08 13:51 - 2014-07-08 13:51 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-07-08 13:51 - 2014-07-08 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-07-04 21:22 - 2009-07-14 07:08 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-02 22:08 - 2014-02-04 14:32 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\uTorrent
2014-07-02 22:08 - 2014-02-04 13:32 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Marko\AppData\Local\Temp\AdobeApplicationManager.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-29 10:47

==================== End Of Log ============================

• 1Ovo se svidja korisniku: MiG-29M2
  
  Registruj se da bi pohvalio/la poruku!

Idi u Control Panel - Program and Features i deinstaliraj:
NetCrawl




1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

:() C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
() C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe
() C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe
() C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
BHO-x32: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlbho.dll (NetCrawl)
FF Extension: NetCrawl - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.xpi [2014-07-14]
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [323360 2014-07-29] ()
R2 Util NetCrawl; C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe [323360 2014-07-29] ()
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-07-12] (StdLib)
2014-07-14 11:32 - 2014-07-12 17:15 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-14 10:27 - 2014-07-14 20:54 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
FF user.js: detected! => C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\user.js

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.






Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 31 Jul 2014 15:38

Ево ти Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 01
Ran by Marko at 2014-07-31 15:32:09 Run:1
Running from C:\Users\Marko\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
) C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
() C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe
() C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe
() C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
BHO-x32: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlbho.dll (NetCrawl)
FF Extension: NetCrawl - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.xpi [2014-07-14]
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [323360 2014-07-29] ()
R2 Util NetCrawl; C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe [323360 2014-07-29] ()
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-07-12] (StdLib)
2014-07-14 11:32 - 2014-07-12 17:15 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-14 10:27 - 2014-07-14 20:54 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
FF user.js: detected! => C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\user.js
*****************

) C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe => Error: No automatic fix found for this entry.
C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe => No running process found
C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe => No running process found
C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe => No running process found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769a91da-209f-47fe-88b9-b0321b0982c8}" => Key not found.
"HKCR\Wow6432Node\CLSID\{769a91da-209f-47fe-88b9-b0321b0982c8}" => Key not found.
C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\Extensions\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.xpi not found.
Update NetCrawl => Service not found.
Util NetCrawl => Service not found.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64 => Service stopped successfully.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64 => Service deleted successfully.
C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys => Moved successfully.
"C:\Program Files (x86)\NetCrawl" => File/Directory not found.
C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\dl3qruwo.default\user.js => Moved successfully.

==== End of Fixlog ====

У следећој поруци ћу ти послати онај други фајл што морам да прикачим.

Dopuna: 31 Jul 2014 15:47

mycity.rs/must-login.png

Evo ti ovog fajla sto mi rekao da ga prikacim.

• 1Ovo se svidja korisniku: MiG-29M2
  
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje, da li i dalje imaš isti problem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Проблем решен! Нема више искачућих прозора!

Захваљујем колега!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebno je da izvršimo još jednu dodatnu proveru.



Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Није било малвера

mbar log:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
malwarebytes.org

Database version: v2014.07.31.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17207
Marko :: MARKO-PC [administrator]

31.07.2014 16:54:22
mbar-log-2014-07-31 (16-54-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 326178
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To bi bilo to, kompjuter je čist.


• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Одрађено, оћеш да окачим последњи Дел Фикс извештај?

• 1Ovo se svidja korisniku: MiG-29M2
  
  Registruj se da bi pohvalio/la poruku!

Ne, nema potrebe, on je samo počistio alate koje smo koristili.