Opet iskacuci prozori..

1

Opet iskacuci prozori..

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

Trazim ovde pomoc vec cetvrti put i postaje me malo sramota ali sta cu, moram da trazim pomoc kad drugi cackaju po svakakvim sajtevima pa zaraze komp a ja nzm da ga ocistim bez vase pomoci Neutral Confused Crying or Very sad

Problem se poceo pojavljivati danas i u pitanju su iskacuci prozori.




Internet koneckija je wireless 4mb/s BS Net Beska.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Marko (administrator) on MARKO-PC (28-07-2015 13:39:22)
Running from C:\Users\Marko\Desktop
Loaded Profiles: Marko (Available Profiles: Marko)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
() C:\Programi\RocketDock 1.3.5\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\2\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\10\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\5\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\7\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\8\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\3\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\7\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\3\Plugin.exe
() C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe
(Skype Technologies S.A.) C:\Programi\Skype 6.13.0.104\Phone\Skype.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [RocketDock] => C:\Programi\RocketDock 1.3.5\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [Google Update] => C:\Users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-10] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = google.com/search?q={searchTerms}&rlz=1I7GUEA_enRS574
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-04] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-04] (Oracle Corporation)
BHO-x32: Wander Burst -> {0f4e02f8-f10e-493d-a1a7-3aed7ba7b110} -> C:\Program Files (x86)\Wander Burst\Extensions\0f4e02f8-f10e-493d-a1a7-3aed7ba7b110.dll [2015-07-27] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-05] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-05] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 91.226.242.1 91.226.242.2
Tcpip\..\Interfaces\{1BEABF04-4A48-495B-A619-C953ABF97104}: [DhcpNameServer] 91.226.242.1 91.226.242.2
Tcpip\..\Interfaces\{8773A98C-376E-4C2A-A8AD-0A4966440B8F}: [DhcpNameServer] 91.226.242.1 91.226.242.2

FireFox:
========
FF ProfilePath: C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139
FF SelectedSearchEngine:
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Programi\Picasa 3.9 Build 137.81\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Marko\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Programi\Adobe Reader 11.0.06\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-825732486-3746734302-1360109509-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Marko\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-825732486-3746734302-1360109509-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-825732486-3746734302-1360109509-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marko\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-825732486-3746734302-1360109509-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marko\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Extension: YouTube to MP3 - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139\Extensions\youtube2mp3@mondayx.de.xpi [2014-11-26]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-11-26]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-03-08]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-03-08]
FF Extension: No Name - C:\Programi\Mozilla Firefox 26.0\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-24]
CHR Extension: (Google Docs) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (YouTube) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-24]
CHR Extension: (Google Search) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Google Sheets) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome.TWS3NT5ZGZX3WROTQ37I4O5U4M - C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-07-02] (Echobit LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Service Mgr WanderBurst; C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe [1091808 2015-07-28] ()
S2 SkypeUpdate; C:\Programi\Skype 6.13.0.104\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
S4 TeamViewer9; C:\Programi\TeamViewer 9.0.25790\TeamViewer_Service.exe [4915040 2014-01-29] (TeamViewer GmbH)
R2 Update Mgr WanderBurst; C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe [1024736 2015-07-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44688 2007-05-09] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [44688 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-04] (Disc Soft Ltd)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed]
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed]
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 XFDriver64; D:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 13:39 - 2015-07-28 13:39 - 00019267 _____ C:\Users\Marko\Desktop\FRST.txt
2015-07-28 13:33 - 2015-07-28 13:26 - 02146816 _____ (Farbar) C:\Users\Marko\Desktop\FRST64.exe
2015-07-28 13:29 - 2015-07-28 13:30 - 00034726 _____ C:\Users\Marko\Downloads\Addition.txt
2015-07-28 13:27 - 2015-07-28 13:39 - 00000000 ____D C:\FRST
2015-07-28 13:27 - 2015-07-28 13:30 - 00049561 _____ C:\Users\Marko\Downloads\FRST.txt
2015-07-28 13:26 - 2015-07-28 13:26 - 02146816 _____ (Farbar) C:\Users\Marko\Downloads\FRST64.exe
2015-07-27 21:40 - 2015-07-28 12:49 - 00000000 ____D C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
2015-07-27 21:40 - 2015-07-27 21:41 - 00000000 ____D C:\Program Files (x86)\Wander Burst
2015-07-27 21:38 - 2015-07-27 21:38 - 00411008 _____ C:\Users\Marko\Downloads\UmmyVD-Web-Loader-[132].exe
2015-07-21 10:13 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:13 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:13 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:13 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:13 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:13 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:13 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:13 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:13 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:13 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 23:11 - 2015-07-20 23:11 - 00057562 _____ C:\Users\Marko\Downloads\203609-the.hobbit.the.battle.of.the.five.armies.2014.brrip.zip
2015-07-20 18:27 - 2015-07-20 18:27 - 00021739 _____ C:\Users\Marko\Downloads\The+Hobbit%3A+The+Battle+of+the+Five+Armies+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-07-15 15:25 - 2015-07-15 15:25 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-15 12:23 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 12:23 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 12:23 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 12:23 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 12:23 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 12:23 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 12:23 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 12:23 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 12:23 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 12:23 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 12:22 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 12:22 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 12:22 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 12:22 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 12:22 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 12:22 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 12:22 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 12:22 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 12:22 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 12:22 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 12:22 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 12:22 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 12:22 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 12:22 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 12:22 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 12:22 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 12:22 - 2015-06-25 10:49 - 03210240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 12:22 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 12:22 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 12:22 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 12:22 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 12:21 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 12:21 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 12:21 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 12:21 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 12:21 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 12:21 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 12:21 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 12:21 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 12:21 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 12:21 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 12:20 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 12:20 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 12:20 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 12:20 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 12:20 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 12:20 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 12:20 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 12:20 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 12:20 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 12:20 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 12:20 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 12:20 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 12:20 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 12:20 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 12:20 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 12:20 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 12:20 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 12:20 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 12:20 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 12:20 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 12:20 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 12:20 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 12:20 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 12:20 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 12:20 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 12:20 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 12:20 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 12:20 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 12:20 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 12:20 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 12:20 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 12:20 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 12:20 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 12:20 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 12:17 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 12:17 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 12:17 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 12:17 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 12:17 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 12:17 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 12:17 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 12:17 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 12:17 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 12:17 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 12:16 - 2015-07-01 20:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 12:16 - 2015-07-01 20:25 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 12:16 - 2015-07-01 20:21 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 12:16 - 2015-07-01 20:21 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 12:16 - 2015-07-01 20:21 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 12:16 - 2015-07-01 20:21 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 12:16 - 2015-07-01 20:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 12:16 - 2015-07-01 20:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 12:16 - 2015-07-01 20:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 12:16 - 2015-07-01 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 12:16 - 2015-07-01 20:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 12:16 - 2015-07-01 19:51 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 12:16 - 2015-07-01 19:51 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 12:16 - 2015-07-01 19:51 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 12:16 - 2015-07-01 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 12:16 - 2015-07-01 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 12:16 - 2015-07-01 19:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 12:16 - 2015-07-01 18:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 12:16 - 2015-07-01 18:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 12:16 - 2015-07-01 18:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 12:15 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 12:15 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 12:15 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 12:15 - 2015-06-16 00:01 - 00112576 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 12:15 - 2015-06-15 23:56 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 12:15 - 2015-06-15 23:56 - 01942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 12:15 - 2015-06-15 23:56 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 12:15 - 2015-06-15 23:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 12:15 - 2015-06-15 23:51 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 12:15 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 12:15 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 12:15 - 2015-06-15 23:32 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 12:15 - 2015-06-15 23:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 12:15 - 2015-06-15 23:31 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 12:15 - 2015-06-15 23:27 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-10 14:37 - 2015-07-10 14:37 - 00000000 ____D C:\ProgramData\TEMP
2015-07-10 14:36 - 2015-07-10 14:37 - 03223552 _____ (BluetoothInstaller.com) C:\Users\Marko\Downloads\BluetoothDriverInstaller_x64.exe
2015-07-09 20:53 - 2015-07-17 23:32 - 00000000 ____D C:\Users\Marko\Documents\Imperial Glory Savegames
2015-07-09 20:42 - 2015-07-09 20:42 - 05035701 _____ C:\Users\Marko\Downloads\ig_patch_v11.zip
2015-07-09 20:41 - 2015-07-09 20:41 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2015-07-09 20:38 - 2015-07-09 20:38 - 00000000 ____D C:\Windows\Downloaded Installations
2015-07-09 20:38 - 2005-04-26 15:00 - 00040960 ____R C:\Windows\IGLobbyReg.exe
2015-07-09 20:34 - 2015-07-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pyro Studios
2015-07-09 20:06 - 2015-07-09 20:06 - 00000000 ____D C:\Users\Marko\Documents\Bluetooth
2015-07-09 20:06 - 2015-07-09 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil
2015-07-09 20:06 - 2015-07-09 20:06 - 00000000 ____D C:\ProgramData\Bluetooth
2015-07-09 20:04 - 2015-07-09 20:06 - 00000032 _____ C:\Windows\0
2015-07-09 20:04 - 2015-07-09 20:04 - 00000000 ____D C:\Program Files (x86)\IVT Corporation
2015-07-09 20:04 - 2015-07-09 20:04 - 00000000 _____ C:\Windows\SysWOW64\0
2015-07-09 20:04 - 2007-05-11 03:12 - 00038160 _____ (IVT Corporation.) C:\Windows\system32\Drivers\blueletaudio.sys
2015-07-09 20:04 - 2007-05-09 02:00 - 00044688 _____ (IVT Corporation.) C:\Windows\system32\Drivers\btcusb.sys
2015-07-09 20:04 - 2007-05-09 02:00 - 00016144 _____ (IVT Corporation.) C:\Windows\system32\btinstall.dll
2015-07-09 20:04 - 2007-03-05 05:48 - 00037648 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BlueletSCOAudio.sys
2015-07-09 20:04 - 2007-03-05 05:47 - 00025360 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BtNetDrv.sys
2015-07-09 20:04 - 2007-03-05 05:44 - 00023184 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VHIDMini.sys
2015-07-09 20:04 - 2007-03-05 05:42 - 00049680 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BTHidMgr.sys
2015-07-09 20:04 - 2007-03-05 05:41 - 00024976 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VBTEnum.sys
2015-07-09 20:04 - 2007-03-05 05:39 - 00063248 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VcommMgr.sys
2015-07-09 20:04 - 2007-03-05 05:38 - 00047120 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VComm.sys
2015-07-09 20:04 - 2006-10-09 00:29 - 00032832 _____ C:\Windows\system32\Drivers\BTNetFilter.sys
2015-07-05 09:41 - 2015-07-05 09:41 - 00000000 __SHD C:\found.000
2015-07-02 12:33 - 2015-07-02 12:33 - 00002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2015-07-02 12:33 - 2015-07-02 12:33 - 00002034 _____ C:\Users\Public\Desktop\Evolve.lnk
2015-07-02 12:30 - 2015-07-02 12:30 - 00000000 ____D C:\Program Files\Echobit
2015-07-02 12:29 - 2015-07-02 12:29 - 03258328 _____ (Echobit LLC) C:\Users\Marko\Downloads\EvolveSetup.exe
2015-07-02 12:29 - 2015-07-02 12:29 - 00000000 ____D C:\Users\Marko\AppData\Local\Echobit
2015-07-02 12:29 - 2015-07-02 12:29 - 00000000 ____D C:\ProgramData\Echobit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 13:25 - 2014-02-04 11:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-28 13:09 - 2014-02-04 13:32 - 00000000 ____D C:\Users\Marko\AppData\Roaming\Skype
2015-07-28 12:48 - 2014-02-04 13:43 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000UA.job
2015-07-28 12:48 - 2014-02-04 13:43 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000Core.job
2015-07-28 12:45 - 2014-04-10 12:58 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000UA.job
2015-07-28 12:14 - 2014-12-03 15:18 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18DB1137-BAF4-4F45-8B73-FA5CA4662BF8}
2015-07-28 11:45 - 2014-04-10 12:58 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000Core.job
2015-07-28 11:20 - 2015-01-13 21:23 - 01473633 _____ C:\Windows\WindowsUpdate.log
2015-07-28 10:30 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-28 10:30 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-28 09:43 - 2015-01-19 07:58 - 00008508 _____ C:\Windows\PFRO.log
2015-07-28 09:43 - 2015-01-13 22:47 - 00017201 _____ C:\Windows\setupact.log
2015-07-28 09:43 - 2014-03-09 01:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 09:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-27 22:25 - 2014-02-04 12:54 - 00000000 ____D C:\Users\Marko\AppData\Roaming\vlc
2015-07-27 21:40 - 2015-04-10 15:32 - 00000000 ____D C:\Users\Marko\AppData\Roaming\OpenCandy
2015-07-27 18:54 - 2014-02-07 19:50 - 00000000 ____D C:\Users\Marko\AppData\Roaming\TS3Client
2015-07-27 17:01 - 2014-02-04 14:32 - 00000000 ____D C:\Users\Marko\AppData\Roaming\uTorrent
2015-07-25 09:49 - 2015-04-05 00:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 10:24 - 2015-01-13 22:46 - 00420064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 10:06 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-20 23:16 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-19 01:07 - 2014-02-04 11:41 - 00000000 ____D C:\Users\Marko\AppData\Local\Google
2015-07-16 13:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 11:40 - 2014-04-10 12:58 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000UA
2015-07-16 11:40 - 2014-04-10 12:58 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000Core
2015-07-16 00:28 - 2014-02-04 12:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 00:27 - 2014-12-23 20:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 22:13 - 2014-03-09 01:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 22:13 - 2014-03-09 01:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 22:13 - 2014-03-09 01:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 20:38 - 2014-12-10 21:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 20:38 - 2014-05-05 23:10 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 20:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2015-07-15 20:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2015-07-15 20:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 20:20 - 2014-02-04 10:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 20:10 - 2014-02-04 13:52 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 15:26 - 2014-02-04 11:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 15:26 - 2014-02-04 11:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 15:26 - 2014-02-04 11:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 01:07 - 2015-04-05 00:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-13 12:08 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 09:52 - 2009-07-14 07:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 09:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-10 14:38 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-09 20:39 - 2015-05-03 11:38 - 00000861 _____ C:\Windows\DirectX.log
2015-07-09 20:39 - 2014-02-04 13:03 - 00000000 ____D C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-09 20:35 - 2014-02-04 11:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 18:36 - 2014-02-16 18:40 - 00000000 ____D C:\Users\Marko\Desktop\Ikonice sa desktopa
2015-07-03 13:27 - 2015-01-23 18:12 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 08:43 - 2014-02-04 13:52 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 11:12 - 2014-08-28 21:04 - 00000000 ____D C:\Users\Marko\AppData\Local\Adobe

==================== Files in the root of some directories =======

2014-03-28 19:42 - 2014-03-28 19:42 - 0034816 _____ () C:\Users\Marko\AppData\Roaming\RZR_0020b48743059baa4dde9bf7d3ad.db
2014-07-15 23:29 - 2014-07-15 23:30 - 174596376 _____ () C:\Users\Marko\AppData\Local\ACCCx2_7_0_413.zip.aamdownload
2014-07-15 23:29 - 2014-07-15 23:30 - 0002111 _____ () C:\Users\Marko\AppData\Local\ACCCx2_7_0_413.zip.aamdownload.aamd
2014-07-15 15:01 - 2014-07-15 15:01 - 0005309 _____ () C:\Users\Marko\AppData\Local\recently-used.xbel
2014-02-04 17:10 - 2014-02-04 17:16 - 0000085 ___SH () C:\ProgramData\.zreglib
2014-02-04 11:36 - 2014-02-04 11:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Marko\AppData\Local\Temp\UmmyVideoDownloader.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 19:40

==================== End of log ============================


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Posto imas zastarelu verziju MalwareBytes-a, hajde da skeniramo racunar sa najnovijom.


Deinstalacija stare verzije

Preuzmi MBAM-clean i sacuvaj ga na Desktop.

Desni klik na mbam-clean.exe ikonicu i izaberi Run as Administrator da bi pokrenuo ovaj alat.
Nakon sto zavrsi, zatrazice ti da restartujes racinar.


Nakon toga isprati moje sledeci instrukcije za instalaciju najnovije verzije:


Skeniranje sa MalwareBytes

Preuzmi Malwarebytes Anti-Malware i sacuvaj instalaciju na Desktop.
Instaliraj program standardnim putem, samo sto na kraju instalacije mozes da iskljucis Trial verziju, ali i ne moras. Drugu opciju ostavi, MalwareBytes ce biti pokrenut i azuriran.
Nakon sto je to gotovo, klikni na Settings tab, na levoj strani izaberi Detctions & protection and obelezi Scan for rootkits ukoliko vec nije.
U istom prozoru, ispod PUP and PUM detections postavi da bude Treat detections as malware.
Zatim klikni na Scan tab, Izaberi Threat Scan i na kraju klikni na Scan Now.
Nakon sto i ukoliko je malware detektovan, klikni na Apply Actions. Zatim ce MalwareBytes krenuti sa uklanjanjem infekcije i zatrazice ti da restartujes racunar.
Nakon zavrsetka skeniranja (ili nakon restart), klikni na History tab.
Klikni na Application Logs, a zatim dvoklik na najnoviji Scan Log.
Na dnu prozora klikni na Export i izaberi Text file.

Sacuvaj izvestaj na Desktop i prikaci ga u sledecoj poruci.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Deinstaliraj ovo:

Wander Burst

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

closeprocesses:
emptytemp:
C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150410__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7GUEA_enRS574
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150410__yaie&p={searchTerms}
R2 Update Mgr WanderBurst; C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe [1024736 2015-07-28] ()
R2 Service Mgr WanderBurst; C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe [1091808 2015-07-28] ()
2015-07-27 21:40 - 2015-07-28 12:49 - 00000000 ____D C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
2015-07-27 21:40 - 2015-07-27 21:41 - 00000000 ____D C:\Program Files (x86)\Wander Burst
2015-07-27 21:38 - 2015-07-27 21:38 - 00411008 _____ C:\Users\Marko\Downloads\UmmyVD-Web-Loader-[132].exe


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

Napisano: 28 Jul 2015 19:12

Pozdrav,

Nije pronasao nikakve malware, kad je zavrsio skeniranje izbacio je u donjem desnom cosku Non malware founded. Nije je trazio da nesto uklonim ili da restartujem komp. Poslednji korak ne mogu da uradim jer nema ono sto si ti rekao.




Dopuna: 28 Jul 2015 19:24

Non-Malware Detected*

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odgovorio sam, ali se nesto forum zabagovao, pogledaj prethodnu poruku.

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

U pravu si, ovu drugu poruku uopste nisam bio video.

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Marko at 2015-07-28 22:08:58 Run:1
Running from C:\Users\Marko\Desktop
Loaded Profiles: Marko (Available Profiles: Marko)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = google.com/search?q={searchTerms}&rlz=1I7GUEA_enRS574
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
R2 Update Mgr WanderBurst; C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe [1024736 2015-07-28] ()
R2 Service Mgr WanderBurst; C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe [1091808 2015-07-28] ()
2015-07-27 21:40 - 2015-07-28 12:49 - 00000000 ____D C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
2015-07-27 21:40 - 2015-07-27 21:41 - 00000000 ____D C:\Program Files (x86)\Wander Burst
2015-07-27 21:38 - 2015-07-27 21:38 - 00411008 _____ C:\Users\Marko\Downloads\UmmyVD-Web-Loader-[132].exe
*****************

Processes closed successfully.
C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511 => moved successfully.
C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511 => moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => key removed successfully
HKCR\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found.
Update Mgr WanderBurst => service removed successfully
Service Mgr WanderBurst => service removed successfully
"C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511" => File/Folder not found.
C:\Program Files (x86)\Wander Burst => moved successfully.
C:\Users\Marko\Downloads\UmmyVD-Web-Loader-[132].exe => moved successfully.
EmptyTemp: => 1.4 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 22:12:24 ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da li je problem resen sada?

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

Nije resen, i dalje mi izbacuje ono za google chrome i da sam srecni dobitnik iili sta vec, a sa strane mi izbacuje ovo sa AVG Related searches.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

chrdefaults;

Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Marko on 29.07.2015 at 13:04:01,99.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marko\Desktop\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

29.07.2015 13:04:52 Zoek.exe System Restore Point Created Successfully.

==== Reset Google Chrome ======================

C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 29.07.2015 at 13:05:14,36 ======================

Ko je trenutno na forumu
 

Ukupno su 1042 korisnika na forumu :: 32 registrovanih, 5 sakrivenih i 1005 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, AleksSE, Andrija357, Arahne, Asparagus, Brana01, Cassius Clay, cvrle312, dankisha, draganca, Duh sa sekirom, ivan1973, krangovotelo, Kruger, Leonov, maCvele, Marko Marković, milimoj, Milos ZA, Milos82, miodrag, mkukoleca, NoOneEver Dreams, sevenino, skvara, Stoilkovic, suton, Toper, vasa.93, VJ, Vlada78, vukdra