Opet iskacuci prozori..

1

Opet iskacuci prozori..

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

Trazim ovde pomoc vec cetvrti put i postaje me malo sramota ali sta cu, moram da trazim pomoc kad drugi cackaju po svakakvim sajtevima pa zaraze komp a ja nzm da ga ocistim bez vase pomoci Neutral Confused Crying or Very sad

Problem se poceo pojavljivati danas i u pitanju su iskacuci prozori.




Internet koneckija je wireless 4mb/s BS Net Beska.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Marko (administrator) on MARKO-PC (28-07-2015 13:39:22)
Running from C:\Users\Marko\Desktop
Loaded Profiles: Marko (Available Profiles: Marko)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
() C:\Programi\RocketDock 1.3.5\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\2\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\10\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\5\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\7\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\8\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\3\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\7\Plugin.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\3\Plugin.exe
() C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe
(Skype Technologies S.A.) C:\Programi\Skype 6.13.0.104\Phone\Skype.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [RocketDock] => C:\Programi\RocketDock 1.3.5\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\...\Run: [Google Update] => C:\Users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-10] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = google.com/search?q={searchTerms}&rlz=1I7GUEA_enRS574
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-04] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-04] (Oracle Corporation)
BHO-x32: Wander Burst -> {0f4e02f8-f10e-493d-a1a7-3aed7ba7b110} -> C:\Program Files (x86)\Wander Burst\Extensions\0f4e02f8-f10e-493d-a1a7-3aed7ba7b110.dll [2015-07-27] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-05] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-05] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 91.226.242.1 91.226.242.2
Tcpip\..\Interfaces\{1BEABF04-4A48-495B-A619-C953ABF97104}: [DhcpNameServer] 91.226.242.1 91.226.242.2
Tcpip\..\Interfaces\{8773A98C-376E-4C2A-A8AD-0A4966440B8F}: [DhcpNameServer] 91.226.242.1 91.226.242.2

FireFox:
========
FF ProfilePath: C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139
FF SelectedSearchEngine:
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Programi\Picasa 3.9 Build 137.81\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Marko\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Programi\Adobe Reader 11.0.06\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-825732486-3746734302-1360109509-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Marko\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-825732486-3746734302-1360109509-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-825732486-3746734302-1360109509-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marko\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-825732486-3746734302-1360109509-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marko\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Extension: YouTube to MP3 - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139\Extensions\youtube2mp3@mondayx.de.xpi [2014-11-26]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-11-26]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-03-08]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\p410xe3x.default-1416857949139\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-03-08]
FF Extension: No Name - C:\Programi\Mozilla Firefox 26.0\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-24]
CHR Extension: (Google Docs) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (YouTube) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-24]
CHR Extension: (Google Search) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Google Sheets) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome.TWS3NT5ZGZX3WROTQ37I4O5U4M - C:\Users\Marko\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-07-02] (Echobit LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Service Mgr WanderBurst; C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe [1091808 2015-07-28] ()
S2 SkypeUpdate; C:\Programi\Skype 6.13.0.104\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
S4 TeamViewer9; C:\Programi\TeamViewer 9.0.25790\TeamViewer_Service.exe [4915040 2014-01-29] (TeamViewer GmbH)
R2 Update Mgr WanderBurst; C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe [1024736 2015-07-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44688 2007-05-09] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [44688 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-04] (Disc Soft Ltd)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed]
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed]
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 XFDriver64; D:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 13:39 - 2015-07-28 13:39 - 00019267 _____ C:\Users\Marko\Desktop\FRST.txt
2015-07-28 13:33 - 2015-07-28 13:26 - 02146816 _____ (Farbar) C:\Users\Marko\Desktop\FRST64.exe
2015-07-28 13:29 - 2015-07-28 13:30 - 00034726 _____ C:\Users\Marko\Downloads\Addition.txt
2015-07-28 13:27 - 2015-07-28 13:39 - 00000000 ____D C:\FRST
2015-07-28 13:27 - 2015-07-28 13:30 - 00049561 _____ C:\Users\Marko\Downloads\FRST.txt
2015-07-28 13:26 - 2015-07-28 13:26 - 02146816 _____ (Farbar) C:\Users\Marko\Downloads\FRST64.exe
2015-07-27 21:40 - 2015-07-28 12:49 - 00000000 ____D C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
2015-07-27 21:40 - 2015-07-27 21:41 - 00000000 ____D C:\Program Files (x86)\Wander Burst
2015-07-27 21:38 - 2015-07-27 21:38 - 00411008 _____ C:\Users\Marko\Downloads\UmmyVD-Web-Loader-[132].exe
2015-07-21 10:13 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:13 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:13 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:13 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:13 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:13 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:13 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:13 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:13 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:13 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 23:11 - 2015-07-20 23:11 - 00057562 _____ C:\Users\Marko\Downloads\203609-the.hobbit.the.battle.of.the.five.armies.2014.brrip.zip
2015-07-20 18:27 - 2015-07-20 18:27 - 00021739 _____ C:\Users\Marko\Downloads\The+Hobbit%3A+The+Battle+of+the+Five+Armies+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-07-15 15:25 - 2015-07-15 15:25 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-15 12:23 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 12:23 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 12:23 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 12:23 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 12:23 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 12:23 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 12:23 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 12:23 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 12:23 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 12:23 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 12:23 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 12:22 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 12:22 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 12:22 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 12:22 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 12:22 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 12:22 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 12:22 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 12:22 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 12:22 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 12:22 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 12:22 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 12:22 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 12:22 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 12:22 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 12:22 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 12:22 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 12:22 - 2015-06-25 10:49 - 03210240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 12:22 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 12:22 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 12:22 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 12:22 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 12:21 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 12:21 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 12:21 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 12:21 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 12:21 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 12:21 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 12:21 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 12:21 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 12:21 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 12:21 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 12:20 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 12:20 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 12:20 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 12:20 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 12:20 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 12:20 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 12:20 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 12:20 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 12:20 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 12:20 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 12:20 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 12:20 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 12:20 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 12:20 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 12:20 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 12:20 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 12:20 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 12:20 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 12:20 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 12:20 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 12:20 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 12:20 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 12:20 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 12:20 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 12:20 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 12:20 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 12:20 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 12:20 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 12:20 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 12:20 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 12:20 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 12:20 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 12:20 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 12:20 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 12:17 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 12:17 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 12:17 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 12:17 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 12:17 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 12:17 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 12:17 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 12:17 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 12:17 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 12:17 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 12:16 - 2015-07-01 20:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 12:16 - 2015-07-01 20:25 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 12:16 - 2015-07-01 20:21 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 12:16 - 2015-07-01 20:21 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 12:16 - 2015-07-01 20:21 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 12:16 - 2015-07-01 20:21 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 12:16 - 2015-07-01 20:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 12:16 - 2015-07-01 20:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 12:16 - 2015-07-01 20:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 12:16 - 2015-07-01 20:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 12:16 - 2015-07-01 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 12:16 - 2015-07-01 20:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 12:16 - 2015-07-01 19:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 12:16 - 2015-07-01 19:51 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 12:16 - 2015-07-01 19:51 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 12:16 - 2015-07-01 19:51 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 12:16 - 2015-07-01 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 12:16 - 2015-07-01 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 12:16 - 2015-07-01 19:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 12:16 - 2015-07-01 18:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 12:16 - 2015-07-01 18:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 12:16 - 2015-07-01 18:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 12:15 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 12:15 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 12:15 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 12:15 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 12:15 - 2015-06-16 00:01 - 00112576 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 12:15 - 2015-06-15 23:56 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 12:15 - 2015-06-15 23:56 - 01942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 12:15 - 2015-06-15 23:56 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 12:15 - 2015-06-15 23:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 12:15 - 2015-06-15 23:51 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 12:15 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 12:15 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 12:15 - 2015-06-15 23:32 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 12:15 - 2015-06-15 23:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 12:15 - 2015-06-15 23:31 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 12:15 - 2015-06-15 23:27 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-10 14:37 - 2015-07-10 14:37 - 00000000 ____D C:\ProgramData\TEMP
2015-07-10 14:36 - 2015-07-10 14:37 - 03223552 _____ (BluetoothInstaller.com) C:\Users\Marko\Downloads\BluetoothDriverInstaller_x64.exe
2015-07-09 20:53 - 2015-07-17 23:32 - 00000000 ____D C:\Users\Marko\Documents\Imperial Glory Savegames
2015-07-09 20:42 - 2015-07-09 20:42 - 05035701 _____ C:\Users\Marko\Downloads\ig_patch_v11.zip
2015-07-09 20:41 - 2015-07-09 20:41 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2015-07-09 20:38 - 2015-07-09 20:38 - 00000000 ____D C:\Windows\Downloaded Installations
2015-07-09 20:38 - 2005-04-26 15:00 - 00040960 ____R C:\Windows\IGLobbyReg.exe
2015-07-09 20:34 - 2015-07-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pyro Studios
2015-07-09 20:06 - 2015-07-09 20:06 - 00000000 ____D C:\Users\Marko\Documents\Bluetooth
2015-07-09 20:06 - 2015-07-09 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil
2015-07-09 20:06 - 2015-07-09 20:06 - 00000000 ____D C:\ProgramData\Bluetooth
2015-07-09 20:04 - 2015-07-09 20:06 - 00000032 _____ C:\Windows\0
2015-07-09 20:04 - 2015-07-09 20:04 - 00000000 ____D C:\Program Files (x86)\IVT Corporation
2015-07-09 20:04 - 2015-07-09 20:04 - 00000000 _____ C:\Windows\SysWOW64\0
2015-07-09 20:04 - 2007-05-11 03:12 - 00038160 _____ (IVT Corporation.) C:\Windows\system32\Drivers\blueletaudio.sys
2015-07-09 20:04 - 2007-05-09 02:00 - 00044688 _____ (IVT Corporation.) C:\Windows\system32\Drivers\btcusb.sys
2015-07-09 20:04 - 2007-05-09 02:00 - 00016144 _____ (IVT Corporation.) C:\Windows\system32\btinstall.dll
2015-07-09 20:04 - 2007-03-05 05:48 - 00037648 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BlueletSCOAudio.sys
2015-07-09 20:04 - 2007-03-05 05:47 - 00025360 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BtNetDrv.sys
2015-07-09 20:04 - 2007-03-05 05:44 - 00023184 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VHIDMini.sys
2015-07-09 20:04 - 2007-03-05 05:42 - 00049680 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BTHidMgr.sys
2015-07-09 20:04 - 2007-03-05 05:41 - 00024976 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VBTEnum.sys
2015-07-09 20:04 - 2007-03-05 05:39 - 00063248 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VcommMgr.sys
2015-07-09 20:04 - 2007-03-05 05:38 - 00047120 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VComm.sys
2015-07-09 20:04 - 2006-10-09 00:29 - 00032832 _____ C:\Windows\system32\Drivers\BTNetFilter.sys
2015-07-05 09:41 - 2015-07-05 09:41 - 00000000 __SHD C:\found.000
2015-07-02 12:33 - 2015-07-02 12:33 - 00002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2015-07-02 12:33 - 2015-07-02 12:33 - 00002034 _____ C:\Users\Public\Desktop\Evolve.lnk
2015-07-02 12:30 - 2015-07-02 12:30 - 00000000 ____D C:\Program Files\Echobit
2015-07-02 12:29 - 2015-07-02 12:29 - 03258328 _____ (Echobit LLC) C:\Users\Marko\Downloads\EvolveSetup.exe
2015-07-02 12:29 - 2015-07-02 12:29 - 00000000 ____D C:\Users\Marko\AppData\Local\Echobit
2015-07-02 12:29 - 2015-07-02 12:29 - 00000000 ____D C:\ProgramData\Echobit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 13:25 - 2014-02-04 11:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-28 13:09 - 2014-02-04 13:32 - 00000000 ____D C:\Users\Marko\AppData\Roaming\Skype
2015-07-28 12:48 - 2014-02-04 13:43 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000UA.job
2015-07-28 12:48 - 2014-02-04 13:43 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000Core.job
2015-07-28 12:45 - 2014-04-10 12:58 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000UA.job
2015-07-28 12:14 - 2014-12-03 15:18 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18DB1137-BAF4-4F45-8B73-FA5CA4662BF8}
2015-07-28 11:45 - 2014-04-10 12:58 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000Core.job
2015-07-28 11:20 - 2015-01-13 21:23 - 01473633 _____ C:\Windows\WindowsUpdate.log
2015-07-28 10:30 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-28 10:30 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-28 09:43 - 2015-01-19 07:58 - 00008508 _____ C:\Windows\PFRO.log
2015-07-28 09:43 - 2015-01-13 22:47 - 00017201 _____ C:\Windows\setupact.log
2015-07-28 09:43 - 2014-03-09 01:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 09:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-27 22:25 - 2014-02-04 12:54 - 00000000 ____D C:\Users\Marko\AppData\Roaming\vlc
2015-07-27 21:40 - 2015-04-10 15:32 - 00000000 ____D C:\Users\Marko\AppData\Roaming\OpenCandy
2015-07-27 18:54 - 2014-02-07 19:50 - 00000000 ____D C:\Users\Marko\AppData\Roaming\TS3Client
2015-07-27 17:01 - 2014-02-04 14:32 - 00000000 ____D C:\Users\Marko\AppData\Roaming\uTorrent
2015-07-25 09:49 - 2015-04-05 00:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 10:24 - 2015-01-13 22:46 - 00420064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 10:06 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-20 23:16 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-19 01:07 - 2014-02-04 11:41 - 00000000 ____D C:\Users\Marko\AppData\Local\Google
2015-07-16 13:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 11:40 - 2014-04-10 12:58 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000UA
2015-07-16 11:40 - 2014-04-10 12:58 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-825732486-3746734302-1360109509-1000Core
2015-07-16 00:28 - 2014-02-04 12:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 00:27 - 2014-12-23 20:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 22:13 - 2014-03-09 01:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 22:13 - 2014-03-09 01:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 22:13 - 2014-03-09 01:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 20:38 - 2014-12-10 21:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 20:38 - 2014-05-05 23:10 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 20:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2015-07-15 20:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2015-07-15 20:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 20:20 - 2014-02-04 10:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 20:10 - 2014-02-04 13:52 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 15:26 - 2014-02-04 11:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 15:26 - 2014-02-04 11:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 15:26 - 2014-02-04 11:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 01:07 - 2015-04-05 00:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-13 12:08 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 09:52 - 2009-07-14 07:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 09:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-10 14:38 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-09 20:39 - 2015-05-03 11:38 - 00000861 _____ C:\Windows\DirectX.log
2015-07-09 20:39 - 2014-02-04 13:03 - 00000000 ____D C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-09 20:35 - 2014-02-04 11:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 18:36 - 2014-02-16 18:40 - 00000000 ____D C:\Users\Marko\Desktop\Ikonice sa desktopa
2015-07-03 13:27 - 2015-01-23 18:12 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 08:43 - 2014-02-04 13:52 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 11:12 - 2014-08-28 21:04 - 00000000 ____D C:\Users\Marko\AppData\Local\Adobe

==================== Files in the root of some directories =======

2014-03-28 19:42 - 2014-03-28 19:42 - 0034816 _____ () C:\Users\Marko\AppData\Roaming\RZR_0020b48743059baa4dde9bf7d3ad.db
2014-07-15 23:29 - 2014-07-15 23:30 - 174596376 _____ () C:\Users\Marko\AppData\Local\ACCCx2_7_0_413.zip.aamdownload
2014-07-15 23:29 - 2014-07-15 23:30 - 0002111 _____ () C:\Users\Marko\AppData\Local\ACCCx2_7_0_413.zip.aamdownload.aamd
2014-07-15 15:01 - 2014-07-15 15:01 - 0005309 _____ () C:\Users\Marko\AppData\Local\recently-used.xbel
2014-02-04 17:10 - 2014-02-04 17:16 - 0000085 ___SH () C:\ProgramData\.zreglib
2014-02-04 11:36 - 2014-02-04 11:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Marko\AppData\Local\Temp\UmmyVideoDownloader.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 19:40

==================== End of log ============================


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Posto imas zastarelu verziju MalwareBytes-a, hajde da skeniramo racunar sa najnovijom.


Deinstalacija stare verzije

Preuzmi MBAM-clean i sacuvaj ga na Desktop.

Desni klik na mbam-clean.exe ikonicu i izaberi Run as Administrator da bi pokrenuo ovaj alat.
Nakon sto zavrsi, zatrazice ti da restartujes racinar.


Nakon toga isprati moje sledeci instrukcije za instalaciju najnovije verzije:


Skeniranje sa MalwareBytes

Preuzmi Malwarebytes Anti-Malware i sacuvaj instalaciju na Desktop.
Instaliraj program standardnim putem, samo sto na kraju instalacije mozes da iskljucis Trial verziju, ali i ne moras. Drugu opciju ostavi, MalwareBytes ce biti pokrenut i azuriran.
Nakon sto je to gotovo, klikni na Settings tab, na levoj strani izaberi Detctions & protection and obelezi Scan for rootkits ukoliko vec nije.
U istom prozoru, ispod PUP and PUM detections postavi da bude Treat detections as malware.
Zatim klikni na Scan tab, Izaberi Threat Scan i na kraju klikni na Scan Now.
Nakon sto i ukoliko je malware detektovan, klikni na Apply Actions. Zatim ce MalwareBytes krenuti sa uklanjanjem infekcije i zatrazice ti da restartujes racunar.
Nakon zavrsetka skeniranja (ili nakon restart), klikni na History tab.
Klikni na Application Logs, a zatim dvoklik na najnoviji Scan Log.
Na dnu prozora klikni na Export i izaberi Text file.

Sacuvaj izvestaj na Desktop i prikaci ga u sledecoj poruci.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Deinstaliraj ovo:

Wander Burst

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

closeprocesses:
emptytemp:
C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150410__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7GUEA_enRS574
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150410__yaie&p={searchTerms}
R2 Update Mgr WanderBurst; C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe [1024736 2015-07-28] ()
R2 Service Mgr WanderBurst; C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe [1091808 2015-07-28] ()
2015-07-27 21:40 - 2015-07-28 12:49 - 00000000 ____D C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
2015-07-27 21:40 - 2015-07-27 21:41 - 00000000 ____D C:\Program Files (x86)\Wander Burst
2015-07-27 21:38 - 2015-07-27 21:38 - 00411008 _____ C:\Users\Marko\Downloads\UmmyVD-Web-Loader-[132].exe


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

Napisano: 28 Jul 2015 19:12

Pozdrav,

Nije pronasao nikakve malware, kad je zavrsio skeniranje izbacio je u donjem desnom cosku Non malware founded. Nije je trazio da nesto uklonim ili da restartujem komp. Poslednji korak ne mogu da uradim jer nema ono sto si ti rekao.




Dopuna: 28 Jul 2015 19:24

Non-Malware Detected*

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odgovorio sam, ali se nesto forum zabagovao, pogledaj prethodnu poruku.

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

U pravu si, ovu drugu poruku uopste nisam bio video.

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Marko at 2015-07-28 22:08:58 Run:1
Running from C:\Users\Marko\Desktop
Loaded Profiles: Marko (Available Profiles: Marko)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = google.com/search?q={searchTerms}&rlz=1I7GUEA_enRS574
SearchScopes: HKU\S-1-5-21-825732486-3746734302-1360109509-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vm.....aie&p={searchTerms}
R2 Update Mgr WanderBurst; C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe [1024736 2015-07-28] ()
R2 Service Mgr WanderBurst; C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe [1091808 2015-07-28] ()
2015-07-27 21:40 - 2015-07-28 12:49 - 00000000 ____D C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
2015-07-27 21:40 - 2015-07-27 21:41 - 00000000 ____D C:\Program Files (x86)\Wander Burst
2015-07-27 21:38 - 2015-07-27 21:38 - 00411008 _____ C:\Users\Marko\Downloads\UmmyVD-Web-Loader-[132].exe
*****************

Processes closed successfully.
C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511 => moved successfully.
C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511 => moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-825732486-3746734302-1360109509-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => key removed successfully
HKCR\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found.
Update Mgr WanderBurst => service removed successfully
Service Mgr WanderBurst => service removed successfully
"C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511" => File/Folder not found.
C:\Program Files (x86)\Wander Burst => moved successfully.
C:\Users\Marko\Downloads\UmmyVD-Web-Loader-[132].exe => moved successfully.
EmptyTemp: => 1.4 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 22:12:24 ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da li je problem resen sada?

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

Nije resen, i dalje mi izbacuje ono za google chrome i da sam srecni dobitnik iili sta vec, a sa strane mi izbacuje ovo sa AVG Related searches.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

chrdefaults;

Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Istoričar
  • Pridružio: 02 Sep 2012
  • Poruke: 86
  • Gde živiš: Moskva, Rusija

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Marko on 29.07.2015 at 13:04:01,99.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marko\Desktop\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

29.07.2015 13:04:52 Zoek.exe System Restore Point Created Successfully.

==== Reset Google Chrome ======================

C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 29.07.2015 at 13:05:14,36 ======================

Ko je trenutno na forumu
 

Ukupno su 682 korisnika na forumu :: 18 registrovanih, 0 sakrivenih i 664 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, bankulen, branko7, Hoegaarden, ILGromovnik, Krusarac, kuntalo, mane123, Nebo_M, nemkea71, Ognjen D., pein, sabros, Snorks, Srki98, USSVoyager, wolf431, zljubomir