safesurfs.net

1

safesurfs.net

offline
  • Pridružio: 19 Avg 2016
  • Poruke: 6

Poz. Skidao sam neki pec za igru i usput sam pokupio neki safesurfs virus na hromu. Pokusao sam ga na razne nacine da uklonim, ali bezuspesno. Da li mi mozete vi pomoci?


mycity.rs/must-login.png

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by user (administrator) on USER-PC (19-08-2016 01:42:37)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [33792 2004-12-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1775139687-1223932604-3724500049-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1775139687-1223932604-3724500049-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-02-16] (Google Inc.)
HKU\S-1-5-21-1775139687-1223932604-3724500049-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
HKU\S-1-5-21-1775139687-1223932604-3724500049-1000\...\MountPoints2: {cecc663a-e487-11e5-bd60-001fd0b5bdb2} - F:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1775139687-1223932604-3724500049-1000] => hxxp://stoppblock.org/wpad.dat?dbe13e8b91566ae04dc6758e95d4241c14674599
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\..\Interfaces\{3B83E64B-E21E-49CA-8346-7C0AA197E979}: [NameServer] 8.8.8.8
ManualProxies: 0hxxp://stoppblock.org/wpad.dat?dbe13e8b91566ae04dc6758e95d4241c14674599

Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2016-02-15] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Profiles\hmpxrxti.default
FF NewTab: hxxp://www.trotux.com/?z=49feac79e74e1c209715904g2zemcg1w7w7wem4b5g&from=epf1&uid=395049983_397234_E09BC691&type=hp
FF DefaultSearchEngine: trotux
FF SelectedSearchEngine: trotux
FF Homepage: hxxp://www.trotux.com/?z=49feac79e74e1c209715904g2zemcg1w7w7wem4b5g&from=epf1&uid=395049983_397234_E09BC691&type=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1775139687-1223932604-3724500049-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1775139687-1223932604-3724500049-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-10] (Google Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Profiles\hmpxrxti.default\searchplugins\x17ewav6.xml [2016-08-18]
FF Extension: GsearchFinder - C:\Users\user\AppData\Roaming\Profiles\hmpxrxti.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-08-18]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
CHR Extension: (facemoji - Stickers and emoji for Facebook) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmeolboeidmfiiingaoifjhjdkgmlgj [2016-05-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
StartMenuInternet: Google Chrome.HTN56533WQHOY6FGNOEZ4PDKI4 - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2016-03-17] (Pandora.TV)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-21] (Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30264 2016-03-24] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 01:39 - 2016-08-19 01:40 - 00022690 _____ C:\Users\user\Downloads\Addition.txt
2016-08-19 01:38 - 2016-08-19 01:42 - 00010702 _____ C:\Users\user\Downloads\FRST.txt
2016-08-19 01:38 - 2016-08-19 01:42 - 00000000 ____D C:\FRST
2016-08-19 01:38 - 2016-08-19 01:38 - 02394624 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-08-19 01:28 - 2016-08-19 01:28 - 03785560 _____ (DLL-Files.com Client ) C:\Users\user\Downloads\clientsetup_vos-0.exe
2016-08-19 01:27 - 2016-08-19 01:27 - 03031384 _____ (Microsoft Corporation) C:\Users\user\Downloads\vcredist_ia64.exe
2016-08-19 01:10 - 2016-08-19 01:10 - 00001679 _____ C:\Users\user\Desktop\Play Football Manager 2014.lnk
2016-08-19 01:06 - 2016-08-19 01:09 - 00000000 ____D C:\Games
2016-08-18 23:53 - 2016-08-18 23:53 - 01847165 _____ C:\Users\user\Downloads\simple_shutdown_timer_setup_v1.1.2.exe
2016-08-18 23:53 - 2016-08-18 23:53 - 00007476 _____ C:\Windows\Simple Shutdown Timer Setup Log.txt
2016-08-18 23:53 - 2016-08-18 23:53 - 00000000 ____D C:\Windows\Simple Shutdown Timer
2016-08-18 23:53 - 2016-08-18 23:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Shutdown Timer
2016-08-18 23:53 - 2016-08-18 23:53 - 00000000 ____D C:\Program Files (x86)\Simple Shutdown Timer
2016-08-18 23:48 - 2016-08-19 00:52 - 00000000 ____D C:\Users\user\Downloads\Football Manager 2014 PC full game v14.2.1 ^^nosTEAM^^
2016-08-18 23:47 - 2016-08-18 23:47 - 00000000 ____D C:\FM14
2016-08-18 23:46 - 2016-08-18 23:47 - 04011526 _____ C:\Users\user\Downloads\FM-2014.exe
2016-08-18 23:29 - 2016-08-18 23:29 - 00000000 ____D C:\Users\user\AppData\Local\rerpephzobayphbck
2016-08-18 23:29 - 2016-08-18 23:29 - 00000000 ____D C:\Program Files (x86)\Plufertnenule
2016-08-18 23:19 - 2016-08-18 23:19 - 01972424 _____ C:\Users\user\Downloads\wrar540.exe
2016-08-18 23:19 - 2016-08-18 23:19 - 00000000 ____D C:\Users\user\AppData\Roaming\WinRAR
2016-08-18 23:19 - 2016-08-18 23:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-18 23:19 - 2016-08-18 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-18 23:19 - 2016-08-18 23:19 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-08-18 22:55 - 2016-08-18 23:18 - 292312274 ____R C:\Users\user\Downloads\FM.2014.v14.1.3.45519.Update.and.(zabranjeno)-3DM.rar
2016-08-18 22:46 - 2016-08-18 22:46 - 00005372 _____ C:\Users\user\Downloads\FM 2014 Real Names Fix.zip
2016-08-18 20:59 - 2016-08-18 20:59 - 00000000 ____D C:\Users\user\AppData\Local\Chromium
2016-08-18 20:54 - 2016-08-18 20:54 - 00000000 ____D C:\Users\user\Documents\Sports Interactive
2016-08-18 20:54 - 2016-08-18 20:54 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2016-08-18 20:53 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-08-18 20:53 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-08-18 20:53 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-08-18 20:53 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-08-18 20:53 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-08-18 20:53 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-08-18 20:53 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-08-18 20:53 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-08-18 20:53 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-08-18 20:53 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-08-18 20:53 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-08-18 20:53 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-08-18 20:53 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-08-18 20:53 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-08-18 20:53 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-08-18 20:53 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-08-18 20:53 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-08-18 20:53 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-08-18 20:53 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-08-18 20:53 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-08-18 20:53 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-08-18 20:53 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-08-18 20:53 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-08-18 20:53 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-08-18 20:53 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-08-18 20:53 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-08-18 20:53 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-08-18 20:53 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-08-18 20:53 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-08-18 20:53 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-08-18 20:53 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-08-18 20:53 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-08-18 20:53 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-08-18 20:53 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-08-18 20:53 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-08-18 20:53 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-08-18 20:53 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-08-18 20:53 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-08-18 20:53 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-08-18 20:53 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-08-18 20:53 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-08-18 20:53 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-08-18 20:53 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-08-18 20:53 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-08-18 20:53 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-08-18 20:53 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-08-18 20:53 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-08-18 20:53 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-08-18 20:53 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-08-18 20:53 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-08-18 20:53 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-08-18 20:53 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-08-18 20:53 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-08-18 20:53 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-08-18 20:53 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-08-18 20:53 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-08-18 20:53 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-08-18 20:53 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-08-18 20:53 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-08-18 20:53 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-08-18 20:52 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-08-18 20:39 - 2013-01-13 23:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 23:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 23:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-08-18 20:39 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-08-18 20:39 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 23:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-08-18 20:39 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-08-18 20:39 - 2013-01-13 22:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-08-18 20:39 - 2013-01-13 22:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-08-18 20:39 - 2013-01-13 22:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-08-18 20:39 - 2013-01-13 22:08 - 01504768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-08-18 20:39 - 2013-01-13 22:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-08-18 20:39 - 2013-01-13 21:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-08-18 20:39 - 2013-01-13 21:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-08-18 20:39 - 2013-01-13 21:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-08-18 20:39 - 2013-01-13 21:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2016-08-18 20:39 - 2013-01-13 21:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-08-18 20:39 - 2013-01-13 21:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-08-18 20:39 - 2013-01-13 21:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-08-18 20:39 - 2013-01-13 21:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-08-18 20:39 - 2013-01-13 21:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-08-18 20:39 - 2013-01-13 21:43 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-08-18 20:39 - 2013-01-13 21:38 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-08-18 20:39 - 2013-01-13 21:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-08-18 20:39 - 2013-01-13 21:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-08-18 20:39 - 2013-01-13 21:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-08-18 20:39 - 2013-01-13 21:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-08-18 20:39 - 2013-01-13 21:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-08-18 20:39 - 2013-01-13 21:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-08-18 20:39 - 2013-01-13 21:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-08-18 20:39 - 2013-01-13 21:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-08-18 20:39 - 2013-01-13 21:15 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-08-18 20:39 - 2013-01-13 21:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-08-18 20:39 - 2013-01-13 21:02 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-08-18 20:39 - 2013-01-13 20:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2016-08-18 20:39 - 2013-01-13 20:32 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-08-18 20:39 - 2013-01-13 20:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-08-18 20:39 - 2013-01-13 19:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2016-08-18 20:39 - 2013-01-13 19:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-08-18 20:39 - 2013-01-04 08:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-08-18 20:39 - 2013-01-04 08:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-08-18 20:37 - 2016-08-18 20:38 - 11840839 _____ C:\Users\user\Downloads\Windows6.1-KB2670838-x64.msu
2016-08-18 20:33 - 2016-08-18 20:33 - 00000000 ____D C:\ProgramData\Steam
2016-08-18 01:44 - 2016-08-18 01:44 - 00000000 ____D C:\Users\user\AppData\Local\Sports Interactive
2016-08-18 01:42 - 2016-08-18 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Football Manager 2014
2016-08-17 23:38 - 2016-08-18 01:30 - 00000000 ____D C:\Users\user\Downloads\FM 2014
2016-08-14 18:03 - 2016-08-14 18:03 - 04500833 _____ C:\Users\user\Downloads\kladioniceOlimp.apk
2016-08-14 18:03 - 2016-08-14 18:03 - 04500833 _____ C:\Users\user\Downloads\kladioniceOlimp (1).apk
2016-08-14 14:24 - 2016-08-14 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-10 23:18 - 2016-08-10 23:18 - 00000014 _____ C:\Users\user\Desktop\sifra wifi.txt
2016-08-10 17:18 - 2016-08-10 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 01:29 - 2016-02-16 20:39 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1775139687-1223932604-3724500049-1000UA.job
2016-08-19 01:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-19 01:06 - 2016-03-04 19:51 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-08-19 00:46 - 2016-02-15 19:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-19 00:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-18 23:59 - 2016-02-15 19:34 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-08-18 23:35 - 2009-07-14 07:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-18 23:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-18 23:29 - 2016-02-28 13:12 - 00001325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-08-18 23:29 - 2016-02-28 13:12 - 00001313 _____ C:\Users\Public\Desktop\Opera.lnk
2016-08-18 23:29 - 2016-02-15 19:32 - 00001361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-18 23:29 - 2016-02-15 19:32 - 00001349 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-18 23:29 - 2016-02-15 19:31 - 00002531 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-18 23:29 - 2016-02-15 19:31 - 00002523 _____ C:\Users\user\Desktop\Google Chrome.lnk
2016-08-18 23:29 - 2016-02-15 17:58 - 00001645 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-18 23:29 - 2016-02-15 17:58 - 00001623 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-08-18 23:27 - 2016-05-22 15:05 - 00000000 ____D C:\Program Files (x86)\Football Manager 2014
2016-08-18 23:23 - 2009-07-14 06:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-18 23:23 - 2009-07-14 06:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-18 22:14 - 2016-02-16 22:03 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2016-08-18 21:46 - 2016-02-16 22:03 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-1775139687-1223932604-3724500049-1000.job
2016-08-18 18:58 - 2016-03-04 19:56 - 00000000 ____D C:\Users\user\Downloads\Football.Manager.2014-RELOADED
2016-08-14 14:24 - 2016-03-06 14:33 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-14 14:24 - 2016-02-28 14:22 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-08-14 00:44 - 2016-02-28 14:38 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-11 15:47 - 2016-07-12 18:46 - 20466368 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-08-11 15:47 - 2016-02-28 14:38 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-08-11 15:47 - 2016-02-15 19:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-08-11 15:47 - 2016-02-15 19:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-11 15:47 - 2016-02-15 19:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-11 15:16 - 2016-02-28 13:12 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1456657960
2016-08-11 15:16 - 2016-02-28 13:11 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-10 17:18 - 2016-02-16 22:03 - 00003258 _____ C:\Windows\System32\Tasks\update-S-1-5-21-1775139687-1223932604-3724500049-1000
2016-08-10 17:18 - 2016-02-16 22:03 - 00000424 _____ C:\Users\user\AppData\Local\UserProducts.xml
2016-08-10 16:24 - 2016-02-16 20:39 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1775139687-1223932604-3724500049-1000UA
2016-08-10 16:24 - 2016-02-16 20:39 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1775139687-1223932604-3724500049-1000Core
2016-08-10 16:24 - 2016-02-16 20:39 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1775139687-1223932604-3724500049-1000Core.job
2016-08-10 14:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2016-05-22 15:08 - 2013-11-01 10:41 - 0000224 _____ () C:\Program Files (x86)\update-FM2014.bat
2016-05-22 15:08 - 2013-10-12 19:47 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2016-02-16 22:03 - 2016-02-16 22:03 - 0000003 _____ () C:\Users\user\AppData\Local\updater.log
2016-02-16 22:03 - 2016-08-10 17:18 - 0000424 _____ () C:\Users\user\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\41dpg6uhpR.exe
C:\Users\user\AppData\Local\Temp\bitool.dll
C:\Users\user\AppData\Local\Temp\DAEMON Tools Lite.exe
C:\Users\user\AppData\Local\Temp\DTProInstaller.exe
C:\Users\user\AppData\Local\Temp\GUR5E83.exe
C:\Users\user\AppData\Local\Temp\hKT0wnAn6f.exe
C:\Users\user\AppData\Local\Temp\PIPInstaller_PTV_.exe
C:\Users\user\AppData\Local\Temp\sdfD5F4.exe
C:\Users\user\AppData\Local\Temp\sSCW5CQU0Y.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-02-15 17:56] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-02-15 17:56] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-16 13:00

==================== End of FRST.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Deinstaliraj Pandora Service.



Arrow

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

AutoConfigURL: [S-1-5-21-1775139687-1223932604-3724500049-1000] => hxxp://stoppblock.org/wpad.dat?dbe13e8b91566ae04dc6758e95d4241c14674599
Hosts: 0.0.0.1 mssplus.mcafee.com
ManualProxies: 0hxxp://stoppblock.org/wpad.dat?dbe13e8b91566ae04dc6758e95d4241c14674599
FF NewTab: hxxp://www.trotux.com/?z=49feac79e74e1c209715904g2zemcg1w7w7wem4b5g&from=epf1&uid=395049983_397234_E09BC691&type=hp
FF DefaultSearchEngine: trotux
FF SelectedSearchEngine: trotux
FF Homepage: hxxp://www.trotux.com/?z=49feac79e74e1c209715904g2zemcg1w7w7wem4b5g&from=epf1&uid=395049983_397234_E09BC691&type=hp
FF SearchPlugin: C:\Users\user\AppData\Roaming\Profiles\hmpxrxti.default\searchplugins\x17ewav6.xml [2016-08-18]
FF Extension: GsearchFinder - C:\Users\user\AppData\Roaming\Profiles\hmpxrxti.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-08-18]
C:\Users\user\AppData\Local\rerpephzobayphbck
C:\Program Files (x86)\Plufertnenule
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 19 Avg 2016
  • Poruke: 6

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php




Arrow

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Pridružio: 19 Avg 2016
  • Poruke: 6

Uploadovao sam RAR fajl kao što ste mi i rekli.
Takođe, evo sada ću vam dati AdwCleaner izveštaj.


mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.


- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.




• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.


• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.




Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 19 Avg 2016
  • Poruke: 6

Evo izveštaja.


mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?

offline
  • Pridružio: 19 Avg 2016
  • Poruke: 6

Okej je sada, ne izbacuje više one sajtove na bilo koji klik na browseru. Tj. ne izbacuje ga nikada.
Hvala puno

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ostaje još samo ovo da uradiš.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 1044 korisnika na forumu :: 39 registrovanih, 4 sakrivenih i 1001 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Asparagus, babaroga, Cassius Clay, darkangel, draganca, FileFinder, Frunze, HrcAk47, hyla, ikan, jackreacher011011, Karla, krkalon, ladro, laurusri, Leonov, ljuba, Luka Blažević, milos.cbr, milutin134, nemkea71, novator, Outis, pein, RJ, S2M, Singidunumac, Sir Budimir, slonic_tonic, Srle993, Toper, tubular, vladulns, yufighter, Yugol33, zillbg, Čivi