Windows Base Script Host Virus

1

Windows Base Script Host Virus

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Napisano: 05 Jun 2015 9:05

Postovanje MyCity team.


Pre par meseci su mi javili iz internet provajdera da sam potrosio vise nego dozvoljen limit DATA za mesec dana. Tad je to bilo oko 350GB sto mi je bilo sumljivo jer i kada sam downlodovao filmove nisam toliko trosio. Proverio sam sve uredjaje koji su prikljuceni na moj kucni internet i sve je bilo uredu.

Medjutim tada se poceo pojavljivati upit (slika prikacena) gde Windows me pita pomocu kojeg programa cu da otvorim .js file. To sam ignorisao jer sam mislio da je to neki plugin ili driver..... Antivirusni program McAfee (inace placen i up to date) nije pronasao nista..
U Win.Reg. sam dodao nov reg gde sam disable-ovao Win. Script Base (kao sto su savetovali ljudi po raznim forumima) ali ni ovo nije pomoglo.
Po internetu ga nazivaju kao "VBS/LoveLetter Virus" .

Slucajno sam po google trazio i nasao da ovo moze biti vrsta virusa koji pomocu Windows Script koristi racunar da bi ubacio svoje kodove i tako obavljao svoj rad....itd.

Evo da prikacim scan file kao po upustvu i ovog foruma u nadi da ce mi neko pomoci.

Kada sam pokrenuo Farbar Recovery Scan Tool dobio sam error message (slika prikacena).






mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Ivana (administrator) on IVANAR on 04-06-2015 23:56:02
Running from C:\Users\Ivana\Downloads
Loaded Profiles: Ivana (Available Profiles: Ivana)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.374.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HpDeviceDetection3.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(http://www.ruby-lang.org/) C:\Users\Ivana\AppData\Local\Temp\ocrDCE8.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(http://www.ruby-lang.org/) C:\Users\Ivana\AppData\Local\Temp\ocr8F60.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\...\Run: [Google Update] => C:\Users\Ivana\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-10] (Google Inc.)
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => C:\PROGRA~3\INTERE~1\INTERE~2.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~3\{80E66~1\1170~1.1\site.dll => C:\ProgramData\{80E66825-D064-B9A3-61E2-C921B1601AAF}\1.17.0.1\site.dll [778752 2015-05-03] ()
AppInit_DLLs-x32: c:\progra~3\intere~1\intere~1.dll => "c:\progra~3\intere~1\intere~1.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {94787D09-5B34-424F-953D-D3FBED697D0B} URL = dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {94787D09-5B34-424F-953D-D3FBED697D0B} URL = dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> DefaultScope {94787D09-5B34-424F-953D-D3FBED697D0B} URL = dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> {94787D09-5B34-424F-953D-D3FBED697D0B} URL = dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Solution Real 1.0.0.6 -> {bbae01d2-61fd-4f12-befc-202b09dc09c0} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\h7v60i1r.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1544575880-4100132113-3847230736-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ivana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1544575880-4100132113-3847230736-1001: @talk.google.com/O1DPlugin -> C:\Users\Ivana\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1544575880-4100132113-3847230736-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ivana\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1544575880-4100132113-3847230736-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ivana\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ivana\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ivana\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Firebug - C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\h7v60i1r.default\Extensions\firebug@software.joehewitt.com.xpi [2015-05-22]
FF Extension: Firepicker - C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\h7v60i1r.default\Extensions\firepicker@thedarkone.xpi [2015-05-22]
FF Extension: MeasureIt - C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\h7v60i1r.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2015-05-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-17]

Chrome:
=======
CHR Profile: C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-04]
CHR Extension: (PhotoMania) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajjfnbkfaofifbiflcicanlgaiafcamj [2015-03-13]
CHR Extension: (Google Docs) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04]
CHR Extension: (Google Drive) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-04]
CHR Extension: (YouTube) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-04]
CHR Extension: (Google Search) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-04]
CHR Extension: (Dropbox for Gmail (Beta)) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-05-28]
CHR Extension: (Google Sheets) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-03-13]
CHR Extension: (Bookmark Manager) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-22]
CHR Extension: (PDF Viewer) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jccchjobcggajhnmckffhcahkkbioifn [2015-01-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-04]
CHR Extension: (Google Maps) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-01-27]
CHR Extension: (Gmail) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-04]
CHR Profile: C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-27]
CHR Extension: (Google Docs) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-27]
CHR Extension: (Google Drive) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-27]
CHR Extension: (YouTube) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-27]
CHR Extension: (Google Search) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-27]
CHR Extension: (Tampermonkey) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-01-27]
CHR Extension: (Google Sheets) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-27]
CHR Extension: (Skype Click to Call) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-27]
CHR Extension: (Google Wallet) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-27]
CHR Extension: (Gmail) - C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-27]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-06-17] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-19] (Disc Soft Ltd)
S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows (R) Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 23:56 - 2015-06-04 23:58 - 00031680 _____ C:\Users\Ivana\Downloads\FRST.txt
2015-06-04 23:52 - 2015-06-04 23:56 - 00000000 ____D C:\FRST
2015-06-04 23:43 - 2015-06-04 23:43 - 02108928 _____ (Farbar) C:\Users\Ivana\Downloads\FRST64.exe
2015-06-04 23:36 - 2015-06-04 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-04 23:34 - 2015-06-04 23:34 - 00000000 ___RD C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-04 12:59 - 2015-06-04 12:59 - 00088904 _____ C:\Users\Ivana\Downloads\TL-0day-MAR25-2013.torrent
2015-06-04 12:41 - 2015-06-04 12:41 - 00000000 ____D C:\Users\Ivana\Documents\Ulead VideoStudio
2015-06-04 12:41 - 2015-06-04 12:41 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Ulead Systems
2015-06-04 12:41 - 2015-06-04 12:41 - 00000000 ____D C:\ProgramData\Ulead Systems
2015-06-04 12:40 - 2015-06-04 12:53 - 00000208 _____ C:\Windows\Ulead32.ini
2015-06-04 11:59 - 2015-06-04 11:59 - 00127346 _____ C:\Users\Ivana\Downloads\TL-0day.OCT11-2014.torrent
2015-06-03 11:15 - 2015-06-04 11:16 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-03 11:15 - 2015-06-04 11:15 - 00000000 ____D C:\Windows\AutoKMS
2015-06-03 10:59 - 2015-06-03 11:00 - 00000000 ____D C:\Users\Ivana\Desktop\HP Printer Registration
2015-06-03 10:52 - 2015-06-03 10:52 - 00000000 ____D C:\ProgramData\WEBREG
2015-06-03 10:51 - 2015-06-03 11:02 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\HP
2015-06-03 10:51 - 2015-06-03 10:51 - 00000000 ____D C:\Users\Ivana\AppData\Local\HP
2015-06-03 10:47 - 2015-06-03 10:47 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-06-03 10:46 - 2015-06-03 10:46 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\HpUpdate
2015-06-03 10:46 - 2015-06-03 10:46 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-06-03 10:45 - 2015-06-03 10:45 - 00001343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-06-03 10:45 - 2015-06-03 10:45 - 00001337 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-06-03 10:44 - 2015-06-03 10:44 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-06-03 10:40 - 2015-06-03 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-03 10:37 - 2015-06-03 10:51 - 00182567 _____ C:\Windows\hpwins19.dat
2015-06-03 10:37 - 2015-06-03 10:51 - 00000832 _____ C:\ProgramData\hpzinstall.log
2015-06-03 10:37 - 2012-09-27 13:32 - 00000633 ____N C:\Windows\hpwmdl19.dat
2015-06-03 10:36 - 2015-06-03 10:51 - 00000000 ____D C:\ProgramData\HP
2015-06-03 10:36 - 2007-10-31 03:35 - 00944128 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax4.dll
2015-06-03 10:36 - 2007-10-31 03:35 - 00740864 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtscl3.dll
2015-06-03 10:36 - 2007-01-17 09:38 - 00540672 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2015-06-03 10:36 - 2007-01-17 09:31 - 00488960 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst11.dll
2015-06-03 10:28 - 2015-06-03 10:28 - 00000000 ____D C:\Users\Ivana\AppData\Local\Hewlett-Packard
2015-06-03 10:27 - 2015-06-03 10:46 - 00000000 ____D C:\Program Files (x86)\Hp
2015-06-03 10:27 - 2015-06-03 10:27 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-03 09:42 - 2015-06-03 10:38 - 00000000 ____D C:\Windows\LastGood
2015-06-03 09:42 - 2015-06-03 09:42 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-02 23:16 - 2015-06-02 23:16 - 00001372 _____ C:\Users\Ivana\Desktop\Cover Band needs SInger.txt
2015-06-01 13:34 - 2015-06-01 13:34 - 08346528 _____ C:\Users\Ivana\Downloads\ps2pdf995.exe
2015-06-01 13:32 - 2015-06-01 13:32 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\pdf995
2015-06-01 13:31 - 2015-06-01 13:41 - 00000059 _____ C:\Windows\wpd99.drv
2015-06-01 13:31 - 2015-06-01 13:41 - 00000000 ____D C:\ProgramData\pdf995
2015-06-01 13:31 - 2015-06-01 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
2015-06-01 13:31 - 2015-06-01 13:34 - 00000000 ____D C:\Program Files (x86)\pdf995
2015-06-01 13:31 - 2015-06-01 13:31 - 00040448 _____ C:\Windows\SysWOW64\pdf995mon64.dll
2015-06-01 13:31 - 2014-03-05 11:18 - 00040448 _____ C:\Windows\system32\pdf995mon64.dll
2015-06-01 13:31 - 2014-01-16 11:33 - 02560512 _____ (TODO: <Company name>) C:\Windows\system32\pdfmona64.dll
2015-06-01 13:31 - 2005-06-30 15:29 - 00011264 _____ C:\Windows\system32\pdf995mon64ui.dll
2015-06-01 13:30 - 2015-06-01 13:30 - 05675744 _____ C:\Users\Ivana\Downloads\pdf995s.exe
2015-05-30 01:57 - 2015-05-30 01:58 - 00000000 ____D C:\Users\Ivana\Desktop\Maki-Solo Guitar-Solazee
2015-05-29 23:36 - 2015-05-29 23:37 - 00000000 ____D C:\Users\Ivana\Desktop\Maki Iphone-Slike i Vid
2015-05-29 02:38 - 2015-05-29 02:38 - 06471520 _____ (Tim Kosse) C:\Users\Ivana\Downloads\FileZilla_3.11.0.1_win64-setup.exe
2015-05-28 23:45 - 2015-05-28 23:45 - 00019374 _____ C:\Users\Ivana\AppData\Local\recently-used.xbel
2015-05-28 02:22 - 2015-05-28 02:23 - 102365292 _____ C:\Users\Ivana\Desktop\Something More Live @ The Main Nov 9, 2012.mp4
2015-05-27 00:45 - 2015-01-05 15:54 - 00001071 _____ C:\Users\Ivana\Desktop\Notepad++.lnk
2015-05-25 03:33 - 2015-06-04 23:23 - 01010459 _____ C:\Windows\WindowsUpdate.log
2015-05-25 03:18 - 2015-05-25 03:18 - 00001867 _____ C:\Users\Ivana\Desktop\PTEditor - Shortcut.lnk
2015-05-25 01:43 - 2015-05-25 01:43 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
2015-05-25 01:43 - 2015-05-25 01:43 - 00000000 ____D C:\Program Files (x86)\Power Tab Software
2015-05-21 23:57 - 2015-05-22 00:24 - 00033478 _____ C:\Users\Ivana\Desktop\Van Cameras Price List.xlsx
2015-05-21 09:56 - 2015-05-21 09:56 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2015-05-21 09:55 - 2015-05-21 09:55 - 00527423 _____ ( ) C:\Users\Ivana\Downloads\Lame_v3.99.3_for_Windows.exe
2015-05-20 12:21 - 2015-05-20 12:21 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-20 12:21 - 2015-05-20 12:21 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-20 12:21 - 2015-05-20 12:21 - 00000000 ____D C:\Users\Ivana\AppData\Local\Mozilla
2015-05-20 12:21 - 2015-05-20 12:21 - 00000000 ____D C:\ProgramData\Mozilla
2015-05-20 12:21 - 2015-05-20 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 12:21 - 2015-05-20 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-19 11:18 - 2015-06-03 10:54 - 00000944 _____ C:\Users\Ivana\Desktop\GIMP 2.lnk
2015-05-16 10:57 - 2015-05-16 10:57 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-14 14:03 - 2015-05-14 14:03 - 00000000 ____D C:\Users\Ivana\AppData\Local\webkit
2015-05-10 23:29 - 2015-05-10 23:29 - 04973065 _____ C:\Users\Ivana\Downloads\Content-2015.zip
2015-05-08 15:15 - 2015-05-08 15:16 - 00000000 ____D C:\Users\Ivana\Desktop\Ryan New Band
2015-05-07 23:35 - 2015-05-07 23:40 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-07 23:35 - 2015-05-07 23:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-07 23:35 - 2015-05-07 23:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-05-07 22:51 - 2014-04-15 16:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-05-07 22:51 - 2014-04-15 16:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-05-07 22:39 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-07 22:38 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-07 22:38 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-07 22:38 - 2015-03-12 20:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-07 22:38 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-07 22:38 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-07 22:38 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-07 22:38 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-07 22:38 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-07 22:38 - 2015-03-12 20:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-07 22:38 - 2015-03-12 20:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-07 22:38 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-07 22:38 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-07 22:38 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-07 22:38 - 2015-03-12 19:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-07 22:38 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-07 22:38 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-07 22:38 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-07 22:38 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-07 22:38 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-07 22:38 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-07 22:38 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-07 22:38 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-07 22:38 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-07 22:36 - 2015-03-23 14:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-07 22:36 - 2015-03-23 14:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-07 22:36 - 2015-03-23 14:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-07 22:36 - 2015-03-23 14:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-07 22:36 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-07 22:36 - 2015-03-19 21:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-05-07 22:36 - 2015-03-19 21:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-07 22:36 - 2015-03-19 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-07 22:36 - 2015-03-19 20:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-07 22:36 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-07 22:36 - 2015-03-19 19:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-07 22:36 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-07 22:36 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-07 22:36 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-07 22:36 - 2015-03-12 19:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-05-07 22:36 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-07 22:36 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-05-07 22:35 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-07 22:35 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-07 22:35 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-07 22:35 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-07 22:35 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-07 22:35 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-07 22:35 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-07 22:35 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-07 22:35 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-07 22:35 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-05-07 22:35 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-05-07 22:35 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-07 22:35 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-07 22:35 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-07 22:35 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-07 22:35 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-07 22:35 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-07 22:35 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-07 22:35 - 2015-02-24 01:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-07 22:34 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-07 22:34 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-07 22:34 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-07 22:34 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-07 22:34 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-07 22:34 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-07 22:34 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-07 22:34 - 2015-03-04 03:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-05-07 22:34 - 2015-03-03 20:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-07 22:34 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-07 22:34 - 2014-12-02 16:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-07 11:52 - 2015-05-07 11:52 - 00863943 _____ C:\Users\Ivana\Downloads\VTC.Complete.pack.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 23:58 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-04 23:57 - 2014-12-10 13:41 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544575880-4100132113-3847230736-1001UA.job
2015-06-04 23:57 - 2014-12-10 13:41 - 00000870 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544575880-4100132113-3847230736-1001Core.job
2015-06-04 23:54 - 2015-03-01 13:52 - 01105920 ___SH C:\Users\Ivana\Desktop\Thumbs.db
2015-06-04 23:51 - 2014-10-19 14:18 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1544575880-4100132113-3847230736-1001
2015-06-04 23:48 - 2015-01-08 23:27 - 00870400 ___SH C:\Users\Ivana\Downloads\Thumbs.db
2015-06-04 23:45 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-04 23:40 - 2014-10-19 14:20 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 23:40 - 2014-10-19 14:16 - 00000000 __RDO C:\Users\Ivana\OneDrive
2015-06-04 23:39 - 2014-06-17 12:40 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-06-04 23:36 - 2015-05-03 00:35 - 00000306 _____ C:\Windows\Tasks\Run_dregol.job
2015-06-04 23:34 - 2014-10-19 14:20 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 13:47 - 2014-10-19 19:59 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\uTorrent
2015-06-04 12:53 - 2014-06-17 12:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-04 00:58 - 2015-01-11 15:16 - 00000000 ____D C:\FFOutput
2015-06-03 23:20 - 2014-10-19 14:19 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CBD355DD-3DE7-4A5C-969A-68EC64830397}
2015-06-03 23:19 - 2015-04-19 18:39 - 00000000 ____D C:\Users\Ivana\Desktop\Scott Riddel Band
2015-06-03 19:40 - 2014-12-04 23:53 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\FileZilla
2015-06-03 19:40 - 2014-10-27 12:54 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Winamp
2015-06-03 12:17 - 2015-03-13 15:39 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Audacity
2015-06-03 11:13 - 2014-11-01 09:39 - 00000000 ____D C:\Maki ++++++++++++++
2015-06-03 11:09 - 2014-10-19 21:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-03 10:51 - 2013-08-22 06:25 - 00000234 _____ C:\Windows\win.ini
2015-06-03 09:41 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-02 12:58 - 2015-01-05 17:28 - 00000000 ___RD C:\Users\Ivana\Desktop\HTML Project and Tutorial
2015-05-31 11:10 - 2015-03-03 13:39 - 00000000 ____D C:\Users\Ivana\Desktop\Notes from Iphone
2015-05-30 09:25 - 2014-10-19 20:14 - 00015433 _____ C:\Users\Ivana\Desktop\lozinke sa komp..txt
2015-05-28 23:47 - 2015-04-27 13:28 - 00000000 ____D C:\Users\Ivana\AppData\Local\gtk-2.0
2015-05-28 23:47 - 2015-04-27 12:16 - 00000000 ____D C:\Users\Ivana\.gimp-2.8
2015-05-28 23:04 - 2015-04-30 23:53 - 00000000 ____D C:\Users\Ivana\Desktop\My WEBSITE
2015-05-28 11:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2015-05-25 23:17 - 2015-03-23 10:38 - 00000000 ____D C:\Users\Ivana\Documents\Outlook Files
2015-05-25 23:12 - 2014-10-19 14:20 - 00000000 ____D C:\Users\Ivana\AppData\Local\Deployment
2015-05-25 01:43 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Help
2015-05-25 01:40 - 2014-11-01 21:02 - 00000000 ____D C:\Users\Ivana\Desktop\Maki Torrents
2015-05-24 23:03 - 2014-11-20 11:55 - 00000000 ____D C:\Users\Ivana\AppData\Local\CrashDumps
2015-05-21 11:19 - 2015-02-22 13:13 - 00000000 ____D C:\Users\Ivana\Desktop\Maki Voice Memo
2015-05-21 10:46 - 2014-11-19 12:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-20 12:21 - 2015-04-21 18:52 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Mozilla
2015-05-20 10:20 - 2014-11-19 12:54 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Skype
2015-05-18 23:52 - 2014-12-10 13:41 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1544575880-4100132113-3847230736-1001UA
2015-05-18 23:52 - 2014-12-10 13:41 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1544575880-4100132113-3847230736-1001Core
2015-05-16 10:57 - 2014-10-19 22:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 10:35 - 2014-10-19 14:20 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 10:35 - 2014-10-19 14:20 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 13:07 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-05-08 15:01 - 2014-12-04 00:08 - 00000000 ____D C:\Users\Ivana\Desktop\Maki Pjesme
2015-05-08 00:58 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppCompat
2015-05-07 23:38 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-05-07 23:37 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-05-07 23:35 - 2015-03-10 01:08 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-07 23:13 - 2014-10-25 02:49 - 00000000 ____D C:\Windows\system32\MRT
2015-05-07 23:02 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-05-07 22:56 - 2014-11-19 12:54 - 00000000 ____D C:\ProgramData\Skype
2015-05-07 22:34 - 2014-11-11 22:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll

==================== Files in the root of some directories =======

2015-03-13 14:54 - 2015-03-13 14:55 - 0000003 _____ () C:\Users\Ivana\AppData\Roaming\GS297 Preferences
2015-05-28 23:45 - 2015-05-28 23:45 - 0019374 _____ () C:\Users\Ivana\AppData\Local\recently-used.xbel
2015-02-16 22:53 - 2015-02-16 22:53 - 0007606 _____ () C:\Users\Ivana\AppData\Local\Resmon.ResmonCfg
2014-06-17 11:46 - 2014-06-17 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-03 10:37 - 2015-06-03 10:51 - 0000832 _____ () C:\ProgramData\hpzinstall.log
2014-06-17 12:26 - 2014-06-17 12:27 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-06-17 12:22 - 2014-06-17 12:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-06-17 12:23 - 2014-06-17 12:25 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-06-17 12:25 - 2014-06-17 12:26 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-06-17 12:21 - 2014-06-17 12:22 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 11:34

==================== End of log ============================

mycity.rs/must-login.png

Dopuna: 05 Jun 2015 11:50

Samo da dodam sta sam saznao i da prilozim Error message sto sam dobio...(inace dobijam svakih 30min).

Sa ovog sajta sam saznao jos ponesto o ovom virusu. Pogledao sam file koje su oni sugestirali ali ih nemam kao instalirane.
deletemalware.blogspot.ca/2015/02/what-is-f.....ve-it.html

"Fiber.js is a JavaScript file that comes prepacked with Binkiland browser hijacker and other potentially unwanted programs (PUPs.) The file itself isn't malicious but it clearly indicates that your computer is infected with malware. The Windows Script Host error about missing fiber.js file usually appears every half an hour or so. It's really annoying but at the same time it reveals malware presence on your computer, so I guess it's a good thing."


Molim vas pomozite ako mozete!!!!

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kao što piše na tom linku koji si našao to nije nikakav virus već adware koji si najvjerovatnije sam instalirao nepažnjom.


Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe. Ako neki odbije deinstalaciju preskoči ga i pređi na sljedeći.

Interenet Optimizer
Solution Real



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start

AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => C:\PROGRA~3\INTERE~1\INTERE~2.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~3\{80E66~1\1170~1.1\site.dll => C:\ProgramData\{80E66825-D064-B9A3-61E2-C921B1601AAF}\1.17.0.1\site.dll [778752 2015-05-03] ()
AppInit_DLLs-x32: c:\progra~3\intere~1\intere~1.dll => "c:\progra~3\intere~1\intere~1.dll" File not found
SearchScopes: HKLM -> DefaultScope {94787D09-5B34-424F-953D-D3FBED697D0B} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {94787D09-5B34-424F-953D-D3FBED697D0B} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> DefaultScope {94787D09-5B34-424F-953D-D3FBED697D0B} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> {94787D09-5B34-424F-953D-D3FBED697D0B} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
BHO-x32: Solution Real 1.0.0.6 -> {bbae01d2-61fd-4f12-befc-202b09dc09c0} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll No File
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
Task: {21FC27DA-BCDB-4F70-9F99-76A9AE7C0944} - System32\Tasks\Run_dregol => C:\Users\Ivana\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe [2015-05-03] () <==== ATTENTION
Task: {CB4B8CCC-83C9-41F4-A2F9-EDEC17FD51E4} - System32\Tasks\Dregol site => C:\ProgramData\{80E66825-D064-B9A3-61E2-C921B1601AAF}\1.17.0.1\f
Task: C:\Windows\Tasks\Run_dregol.job => C:\Users\Ivana\AppData\Roaming\RUN_DR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
FirewallRules: [{D1A1520E-A71F-43B7-A58D-7747AD4634B6}] => (Allow) C:\Users\Ivana\AppData\Local\Temp\nsa2B8A.tmp\CnetInstaller-76098611.exe
FirewallRules: [{A8446EED-168C-404F-B5D2-615D68C7B681}] => (Allow) C:\Users\Ivana\AppData\Local\Temp\nsa2B8A.tmp\CnetInstaller-76098611.exe

C:\ProgramData\{80E66825-D064-B9A3-61E2-C921B1601AAF}
C:\Program Files (x86)\Solution Real
c:\Program Files (x86)\Optimizer Pro 3.11
C:\Users\Ivana\AppData\Roaming\Run_dregol

cmd: bitsadmin /reset /allusers
EmptyTemp:

End


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Poz Sass Drake,

Evo ga Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Ivana at 2015-06-05 10:58:38 Run:1
Running from C:\Users\Ivana\Desktop
Loaded Profiles: Ivana (Available Profiles: Ivana)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => C:\PROGRA~3\INTERE~1\INTERE~2.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~3\{80E66~1\1170~1.1\site.dll => C:\ProgramData\{80E66825-D064-B9A3-61E2-C921B1601AAF}\1.17.0.1\site.dll [778752 2015-05-03] ()
AppInit_DLLs-x32: c:\progra~3\intere~1\intere~1.dll => "c:\progra~3\intere~1\intere~1.dll" File not found
SearchScopes: HKLM -> DefaultScope {94787D09-5B34-424F-953D-D3FBED697D0B} URL = dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {94787D09-5B34-424F-953D-D3FBED697D0B} URL = dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> DefaultScope {94787D09-5B34-424F-953D-D3FBED697D0B} URL = dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> {94787D09-5B34-424F-953D-D3FBED697D0B} URL = dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_18&cd=2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0BtCtAyBtByByCyD0ByEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StBtCyC0Azy0C0FyEtGyD0FyDyCtGzztCtAzytGtB0AtDtDtGtByD0BtAyC0EyBtBzy0AtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0DzyyCyEtC0DtAtG0E0FyCtBtGyE0EtAzytGzyyCzy0AtGyEyBtCzy0EyDyBzz0F0EtBtB2QtN0A0LzuyE&cr=1193386762&ir=
SearchScopes: HKU\S-1-5-21-1544575880-4100132113-3847230736-1001 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
BHO-x32: Solution Real 1.0.0.6 -> {bbae01d2-61fd-4f12-befc-202b09dc09c0} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll No File
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
Task: {21FC27DA-BCDB-4F70-9F99-76A9AE7C0944} - System32\Tasks\Run_dregol => C:\Users\Ivana\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe [2015-05-03] () <==== ATTENTION
Task: {CB4B8CCC-83C9-41F4-A2F9-EDEC17FD51E4} - System32\Tasks\Dregol site => C:\ProgramData\{80E66825-D064-B9A3-61E2-C921B1601AAF}\1.17.0.1\f
Task: C:\Windows\Tasks\Run_dregol.job => C:\Users\Ivana\AppData\Roaming\RUN_DR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
FirewallRules: [{D1A1520E-A71F-43B7-A58D-7747AD4634B6}] => (Allow) C:\Users\Ivana\AppData\Local\Temp\nsa2B8A.tmp\CnetInstaller-76098611.exe
FirewallRules: [{A8446EED-168C-404F-B5D2-615D68C7B681}] => (Allow) C:\Users\Ivana\AppData\Local\Temp\nsa2B8A.tmp\CnetInstaller-76098611.exe

C:\ProgramData\{80E66825-D064-B9A3-61E2-C921B1601AAF}
C:\Program Files (x86)\Solution Real
c:\Program Files (x86)\Optimizer Pro 3.11
C:\Users\Ivana\AppData\Roaming\Run_dregol

cmd: bitsadmin /reset /allusers
EmptyTemp:

End
*****************

"C:\PROGRA~3\INTERE~1\INTERE~2.DLL" => value data removed successfully.
"C:\PROGRA~3\{80E66~1\1170~1.1\site.dll" => value data removed successfully.
"c:\progra~3\intere~1\intere~1.dll" => value data removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94787D09-5B34-424F-953D-D3FBED697D0B}" => key removed successfully
HKCR\CLSID\{94787D09-5B34-424F-953D-D3FBED697D0B} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94787D09-5B34-424F-953D-D3FBED697D0B}" => key removed successfully
HKCR\CLSID\{94787D09-5B34-424F-953D-D3FBED697D0B} => key not found.
"HKU\S-1-5-21-1544575880-4100132113-3847230736-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => key removed successfully
HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbae01d2-61fd-4f12-befc-202b09dc09c0}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{bbae01d2-61fd-4f12-befc-202b09dc09c0}" => key removed successfully
51cdb72 => Service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21FC27DA-BCDB-4F70-9F99-76A9AE7C0944}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21FC27DA-BCDB-4F70-9F99-76A9AE7C0944}" => key removed successfully
C:\Windows\System32\Tasks\Run_dregol => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_dregol" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB4B8CCC-83C9-41F4-A2F9-EDEC17FD51E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB4B8CCC-83C9-41F4-A2F9-EDEC17FD51E4}" => key removed successfully
C:\Windows\System32\Tasks\Dregol site => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dregol site" => key removed successfully
C:\Windows\Tasks\Run_dregol.job => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1A1520E-A71F-43B7-A58D-7747AD4634B6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8446EED-168C-404F-B5D2-615D68C7B681} => value removed successfully
C:\ProgramData\{80E66825-D064-B9A3-61E2-C921B1601AAF} => moved successfully.
"C:\Program Files (x86)\Solution Real" => File/Folder not found.
"c:\Program Files (x86)\Optimizer Pro 3.11" => File/Folder not found.
C:\Users\Ivana\AppData\Roaming\Run_dregol => moved successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {2CBDA2B5-B188-4EED-957D-99D4CC0FECFE}.
0 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 1.8 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 11:01:45 ====


Hvala puno na podrsci i upustvu. Reci mi dali trebam jos nesto da uradim?



mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.



Arrow Korak 2

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Napisano: 05 Jun 2015 21:22

Evo uplodovao sam Qurantine and AdwQuarantine rar file na mycity.rs/ambulanta-upload.php

Dopuna: 05 Jun 2015 21:23

Cekam dalja upustva.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Isprati drugi korak koji sam ti postavio.

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Napisano: 08 Jun 2015 10:56

Dva puta sam pokrenuo Mbar i isto se ponasa. Nadje Malware i tu zakoci tako da mi ne daje opciju za ciscenje.

Sta da radim?


Dopuna: 08 Jun 2015 11:10

Posle ovoga windows mi zatvori program i kaze da "windows host has stopped working".

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.


C:\ProgramData\600440862
Reboot:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Evo ga Log file. Dali da skeniram jos jednom sa Mbar?

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Skeniraj, ali prije toga.

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php

Ko je trenutno na forumu
 

Ukupno su 890 korisnika na forumu :: 34 registrovanih, 3 sakrivenih i 853 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Arahne, Bokiboks, Cassius Clay, Dvojac005, Fabius, hologram, ikan, janbo, krkalon, ladro, Lieutenant, Lucije Kvint, Luka Blažević, Magistar78, mercedesamg, Metanoja, milimoj, Nemanja.M, Neretva, NoOneEver Dreams, Panter, procesor, Ripanjac, sap, shone34, stegonosa, Sumadija34, Trpe Grozni, tubular, vathra, VJ, Vlada78, yrraf, Zoca