Provjera da li ima virusa?

1

Provjera da li ima virusa?

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

Pozdrav,
Imam problem sa pretrazivacem iskacu mi tolbari, usporen je internet, kad gledam yt.
U pitanju je Windows 8.1 64-bit
Evo izvjestaja

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Sandra (administrator) on SANDRA (09-11-2015 12:11:41)
Running from C:\Users\Sandra\Desktop
Loaded Profiles: Sandra (Available Profiles: Sandra & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [27024 2013-01-18] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-21] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\...\MountPoints2: {fb6d4f44-0942-11e5-bee8-60a44c6f6348} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-21] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3B6DF291-AD7C-4E0A-B3DA-8651F8628FCD}: [DhcpNameServer] 13.5.0.66
Tcpip\..\Interfaces\{F1BA02C2-4ED3-43B5-9BF8-9069650020D4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1439707929-2427184225-1161348364-1001 -> {1051932C-989E-4104-B8B3-D9718E92681D} URL = hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq&q={searchTerms}&r=854
SearchScopes: HKU\S-1-5-21-1439707929-2427184225-1161348364-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-01] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-01] (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-1439707929-2427184225-1161348364-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default
FF NewTab: hxxp://searchsimple-a.akamaihd.net/?m=tab&affID=mt-dq
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq
FF Keyword.URL: hxxp://searchsimple-a.akamaihd.net/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\ask-web-search.xml [2014-12-10]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\dsrlte1.xml [2015-09-22]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\google-avast.xml [2015-08-13]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\istartsurf.xml [2015-08-13]
FF Extension: Pine Tree 1.0.1 - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\Extensions\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}.xpi [2015-10-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => not found
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\deskCutv2@gmail.com => not found

Chrome:
=======
CHR Profile: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-21] (AVAST Software)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [39824 2013-01-18] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-21] (AVAST Software)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [97680 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 {04f4591f-794f-4cd3-bd44-605ca9a098e2}Gw64; C:\Windows\System32\drivers\{04f4591f-794f-4cd3-bd44-605ca9a098e2}Gw64.sys [48776 2015-09-17] (StdLib)
R1 {0f8b6559-f83b-4fe1-988e-fd7ce3f6fd44}Gw64; C:\Windows\System32\drivers\{0f8b6559-f83b-4fe1-988e-fd7ce3f6fd44}Gw64.sys [48776 2015-09-11] (StdLib)
R1 {126336c7-4a78-4328-80f9-e30008142a02}Gw64; C:\Windows\System32\drivers\{126336c7-4a78-4328-80f9-e30008142a02}Gw64.sys [48776 2015-09-26] (StdLib)
R1 {27134153-7909-46db-a364-f96d5c07d5e7}Gw64; C:\Windows\System32\drivers\{27134153-7909-46db-a364-f96d5c07d5e7}Gw64.sys [48776 2015-10-14] (StdLib)
R1 {346beb56-fb1b-4f10-bd51-a3fbe4feb706}Gw64; C:\Windows\System32\drivers\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}Gw64.sys [48776 2015-10-05] (StdLib)
R1 {42bf1881-d939-41ff-84e1-479f2a1fb795}Gw64; C:\Windows\System32\drivers\{42bf1881-d939-41ff-84e1-479f2a1fb795}Gw64.sys [48776 2015-08-20] (StdLib)
R1 {47ed07d3-68fa-4ddf-ab7f-f49b3b3825a3}Gw64; C:\Windows\System32\drivers\{47ed07d3-68fa-4ddf-ab7f-f49b3b3825a3}Gw64.sys [48776 2015-08-24] (StdLib)
R1 {4f694d8d-6bd5-42d9-be6d-91b3dbf4a2e1}Gw64; C:\Windows\System32\drivers\{4f694d8d-6bd5-42d9-be6d-91b3dbf4a2e1}Gw64.sys [48776 2015-08-17] (StdLib)
R1 {58a5ae40-f38d-4727-8812-8b35b8e5c83f}Gw64; C:\Windows\System32\drivers\{58a5ae40-f38d-4727-8812-8b35b8e5c83f}Gw64.sys [48776 2015-08-14] (StdLib)
R1 {80e57e04-2dd7-4ce8-9ec3-2ffa9b73012c}Gw64; C:\Windows\System32\drivers\{80e57e04-2dd7-4ce8-9ec3-2ffa9b73012c}Gw64.sys [48776 2015-08-13] (StdLib)
R1 {814b70f2-89de-4982-b4fb-8ca0819c757d}Gw64; C:\Windows\System32\drivers\{814b70f2-89de-4982-b4fb-8ca0819c757d}Gw64.sys [48776 2015-10-03] (StdLib)
R1 {894ab836-f565-449b-a5e4-2c51b897cb3c}Gw64; C:\Windows\System32\drivers\{894ab836-f565-449b-a5e4-2c51b897cb3c}Gw64.sys [48776 2015-09-29] (StdLib)
R1 {9ffa1362-5a89-4483-ab53-e729971bb7cf}Gw64; C:\Windows\System32\drivers\{9ffa1362-5a89-4483-ab53-e729971bb7cf}Gw64.sys [48776 2015-08-28] (StdLib)
R1 {a5b4a5b4-74b5-494b-a6fd-2cfe081bbca9}Gw64; C:\Windows\System32\drivers\{a5b4a5b4-74b5-494b-a6fd-2cfe081bbca9}Gw64.sys [48776 2015-09-14] (StdLib)
R1 {c7908ed8-e375-4125-97a1-cce7ce60fe1a}Gw64; C:\Windows\System32\drivers\{c7908ed8-e375-4125-97a1-cce7ce60fe1a}Gw64.sys [48776 2015-09-01] (StdLib)
R1 {f9345fd3-b976-4de7-89b6-b3ba7c6aaf5b}Gw64; C:\Windows\System32\drivers\{f9345fd3-b976-4de7-89b6-b3ba7c6aaf5b}Gw64.sys [48776 2015-09-20] (StdLib)
R1 {fc639c50-6948-4825-bb5f-f873b3b3cc25}Gw64; C:\Windows\System32\drivers\{fc639c50-6948-4825-bb5f-f873b3b3cc25}Gw64.sys [48776 2015-09-23] (StdLib)
R1 {fcb340ad-66dd-4ad6-b5a6-cf198aae06ea}Gw64; C:\Windows\System32\drivers\{fcb340ad-66dd-4ad6-b5a6-cf198aae06ea}Gw64.sys [48776 2015-10-09] (StdLib)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 12:11 - 2015-11-09 12:12 - 00020287 _____ C:\Users\Sandra\Desktop\FRST.txt
2015-11-09 12:11 - 2015-11-09 12:11 - 00000000 ____D C:\FRST
2015-11-09 12:05 - 2015-11-09 12:05 - 02198528 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2015-11-09 12:01 - 2015-11-09 12:01 - 00000000 _____ C:\Users\Sandra\Desktop\New Text Document.txt
2015-11-01 08:05 - 2015-11-01 08:05 - 00000077 _____ C:\WINDOWS\setupact.log
2015-11-01 08:05 - 2015-11-01 08:05 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-01 08:04 - 2015-11-01 08:04 - 00003286 _____ C:\WINDOWS\PFRO.log
2015-10-15 23:01 - 2015-11-09 11:14 - 01198179 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-15 18:49 - 2015-10-15 19:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 18:49 - 2015-10-15 18:49 - 00000000 ____D C:\Users\Sandra\AppData\Local\Microsoft Help
2015-10-15 18:43 - 2015-10-15 18:45 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\BSplayer PRO
2015-10-15 18:43 - 2015-10-15 18:43 - 00001272 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2015-10-15 18:43 - 2015-10-15 18:43 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2015-10-15 18:43 - 2015-10-15 18:43 - 00001165 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk
2015-10-15 18:43 - 2015-10-15 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2015-10-15 18:43 - 2015-10-15 18:43 - 00000000 ____D C:\Program Files (x86)\Webteh
2015-10-15 18:41 - 2015-10-15 18:41 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-15 18:41 - 2015-10-15 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-15 18:41 - 2015-10-15 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-10-15 18:41 - 2015-10-15 18:41 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-10-15 18:40 - 2015-10-15 18:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-15 18:40 - 2015-10-15 18:41 - 00000000 ____D C:\Program Files\WinRAR
2015-10-15 18:40 - 2015-10-15 18:40 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-15 18:40 - 2015-10-15 18:40 - 00001049 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-10-15 18:10 - 2015-10-15 19:01 - 00000000 ____D C:\Users\Sandra\Desktop\Microsoft Toolkit 2.5.2 Official Torrent
2015-10-15 18:08 - 2015-10-15 19:01 - 00000000 ____D C:\Users\Sandra\Desktop\MICROSOFT OFFICE WORD 2010
2015-10-15 17:55 - 2015-10-15 17:55 - 00001095 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-10-15 17:55 - 2015-10-15 17:55 - 00000000 ____D C:\Users\Sandra\AppData\Local\VS Revo Group
2015-10-15 17:55 - 2015-10-15 17:55 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-10-15 17:55 - 2015-10-15 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-10-15 17:55 - 2015-10-15 17:55 - 00000000 ____D C:\Program Files\VS Revo Group
2015-10-15 17:55 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-10-15 16:43 - 2015-10-15 16:43 - 00000000 ____D C:\Users\Sandra\AppData\Local\Intel_Corporation
2015-10-15 07:18 - 2015-10-14 18:54 - 00048776 _____ (StdLib) C:\WINDOWS\system32\Drivers\{27134153-7909-46db-a364-f96d5c07d5e7}Gw64.sys
2015-10-14 19:44 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-14 19:44 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-14 19:44 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-14 19:44 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-14 19:44 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-14 19:44 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-14 19:44 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 08:10 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 08:10 - 2015-09-29 13:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 08:10 - 2015-09-29 13:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 08:10 - 2015-09-29 13:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 08:10 - 2015-09-29 13:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 08:10 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 08:10 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 08:10 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 08:10 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 08:10 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 08:10 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 08:10 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 08:10 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 08:10 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 08:10 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 08:10 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 08:10 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 08:10 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 08:10 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 08:10 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 08:10 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 08:10 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 08:10 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 08:10 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 08:10 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 08:10 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 08:10 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 08:10 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 08:10 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 08:10 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 08:10 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 08:10 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 08:10 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 08:10 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 08:10 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 08:10 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 08:10 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 08:10 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-14 08:09 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 08:09 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 08:09 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 08:09 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 08:09 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 08:09 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 08:09 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 08:09 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 08:09 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 08:09 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 08:09 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 08:09 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 08:09 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 08:09 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 08:09 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 08:09 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 08:09 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 08:09 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 08:09 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 08:09 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 08:09 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 08:09 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 08:09 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 08:09 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 08:09 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 08:09 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 08:09 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 08:09 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 08:09 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 08:09 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 08:09 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 08:09 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 08:09 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:09 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 12:10 - 2014-12-07 16:43 - 03736064 ___SH C:\Users\Sandra\Downloads\Thumbs.db
2015-11-09 12:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-09 11:28 - 2014-04-09 22:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-09 09:11 - 2014-12-01 08:28 - 00000000 ___RD C:\Users\Sandra\OneDrive
2015-11-09 09:10 - 2013-07-29 19:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 08:20 - 2015-05-26 14:59 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{608CC930-56B0-456A-977D-F2FE1705973E}
2015-11-06 15:59 - 2013-07-29 18:56 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-06 15:59 - 2013-07-29 18:56 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-06 07:59 - 2013-07-29 18:56 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-05 16:43 - 2014-12-01 17:59 - 00816128 ___SH C:\Users\Sandra\Desktop\Thumbs.db
2015-11-05 16:12 - 2013-07-19 13:19 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1439707929-2427184225-1161348364-1001
2015-11-05 13:40 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-02 23:40 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-02 17:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-01 09:41 - 2014-09-24 08:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-01 08:05 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-01 08:05 - 2013-08-22 15:44 - 00389680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-01 08:04 - 2014-10-06 08:29 - 00000000 ____D C:\Program Files\Google
2015-11-01 08:04 - 2013-07-29 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-01 08:04 - 2013-07-29 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-01 01:21 - 2013-08-22 14:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-10-20 21:01 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-17 09:28 - 2014-04-09 22:10 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-16 20:32 - 2015-04-25 06:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-16 05:51 - 2015-07-17 11:20 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 05:51 - 2015-07-17 11:20 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 19:02 - 2014-09-24 07:53 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-15 19:01 - 2013-08-22 14:25 - 00000178 _____ C:\WINDOWS\win.ini
2015-10-15 18:24 - 2014-12-01 08:06 - 00000000 ____D C:\Users\Sandra
2015-10-15 18:24 - 2013-07-29 19:25 - 00000000 ____D C:\Users\Sandra\AppData\Local\Google
2015-10-15 18:22 - 2012-11-23 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-10-15 18:22 - 2012-11-23 16:08 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-10-15 17:39 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-15 14:26 - 2014-12-10 07:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 14:26 - 2014-09-24 10:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-15 14:26 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-14 09:07 - 2013-09-10 21:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 09:01 - 2013-07-30 21:34 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2012-11-23 16:07 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-23 16:07 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-23 16:07 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\ose00000.exe
C:\Users\Sandra\AppData\Local\Temp\ose00001.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-06 08:54

==================== End of FRST.txt ============================

https://www.mycity.rs/must-login.png

Unaprijed Hvala Ziveli

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6096

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
File: C:\ProgramData\SetStretch.exe
VerifySignature: C:\Windows\System32\drivers\{0f8b6559-f83b-4fe1-988e-fd7ce3f6fd44}Gw64.sys
VerifySignature: C:\Windows\System32\drivers\{fc639c50-6948-4825-bb5f-f873b3b3cc25}Gw64.sys

CreateRestorePoint:
Folder: C:\ProgramData\Avg_Update_0215pit

Hosts:
C:\WINDOWS\Tasks\0215pitUpdateInfo.job
C:\ProgramData\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe

RemoveProxy:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1439707929-2427184225-1161348364-1001 -> {1051932C-989E-4104-B8B3-D9718E92681D} URL = hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq&q={searchTerms}&r=854
SearchScopes: HKU\S-1-5-21-1439707929-2427184225-1161348364-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
FF NewTab: hxxp://searchsimple-a.akamaihd.net/?m=tab&affID=mt-dq
FF Homepage: hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq
FF Keyword.URL: hxxp://searchsimple-a.akamaihd.net/?q=
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\ask-web-search.xml [2014-12-10]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\dsrlte1.xml [2015-09-22]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\istartsurf.xml [2015-08-13]
FF Extension: Pine Tree 1.0.1 - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\Extensions\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}.xpi [2015-10-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\deskCutv2@gmail.com => not found
Task: C:\WINDOWS\Tasks\0215pitUpdateInfo.job => C:\ProgramData\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe

EmptyTemp:
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\ask-web-search.xml
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\dsrlte1.xml
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\istartsurf.xml
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\Extensions\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}.xpi
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\defsearchp@gmail.com
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\deskCutv2@gmail.com
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Sandra (2015-11-09 13:57:08) Run:1
Running from C:\Users\Sandra\Desktop
Loaded Profiles: Sandra (Available Profiles: Sandra & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
File: C:\ProgramData\SetStretch.exe
VerifySignature: C:\Windows\System32\drivers\{0f8b6559-f83b-4fe1-988e-fd7ce3f6fd44}Gw64.sys
VerifySignature: C:\Windows\System32\drivers\{fc639c50-6948-4825-bb5f-f873b3b3cc25}Gw64.sys

CreateRestorePoint:
Folder: C:\ProgramData\Avg_Update_0215pit

Hosts:
C:\WINDOWS\Tasks\0215pitUpdateInfo.job
C:\ProgramData\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe

RemoveProxy:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1439707929-2427184225-1161348364-1001 -> {1051932C-989E-4104-B8B3-D9718E92681D} URL = hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq&q={searchTerms}&r=854
SearchScopes: HKU\S-1-5-21-1439707929-2427184225-1161348364-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=tugs&uid=ST500LT012-9WS142_S0V4S2RKXXXXS0V4S2RK
FF NewTab: hxxp://searchsimple-a.akamaihd.net/?m=tab&affID=mt-dq
FF Homepage: hxxp://searchsimple-a.akamaihd.net/?affID=mt-dq
FF Keyword.URL: hxxp://searchsimple-a.akamaihd.net/?q=
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\ask-web-search.xml [2014-12-10]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\dsrlte1.xml [2015-09-22]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\istartsurf.xml [2015-08-13]
FF Extension: Pine Tree 1.0.1 - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\Extensions\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}.xpi [2015-10-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\deskCutv2@gmail.com => not found
Task: C:\WINDOWS\Tasks\0215pitUpdateInfo.job => C:\ProgramData\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe

EmptyTemp:
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\ask-web-search.xml
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\dsrlte1.xml
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\istartsurf.xml
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\Extensions\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}.xpi
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\defsearchp@gmail.com
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\deskCutv2@gmail.com
End
*****************


========================= File: C:\ProgramData\SetStretch.exe ========================

File not signed
MD5: 4A93070098539B54FDA391D4D551C880
Creation and modification date: 2012-11-23 16:07 - 2009-07-22 11:04
Size: 0024576
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

"C:\Windows\System32\drivers\{0f8b6559-f83b-4fe1-988e-fd7ce3f6fd44}Gw64.sys" => File is digitally signed
"C:\Windows\System32\drivers\{fc639c50-6948-4825-bb5f-f873b3b3cc25}Gw64.sys" => File is digitally signed
Restore point was successfully created.

========================= Folder: C:\ProgramData\Avg_Update_0215pit ========================

2015-05-16 21:05 - 2015-02-17 14:31 - 2794520 _____ () C:\ProgramData\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
C:\WINDOWS\Tasks\0215pitUpdateInfo.job => moved successfully
C:\ProgramData\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe => moved successfully

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1051932C-989E-4104-B8B3-D9718E92681D}" => key removed successfully
HKCR\CLSID\{1051932C-989E-4104-B8B3-D9718E92681D} => key not found.
"HKU\S-1-5-21-1439707929-2427184225-1161348364-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\ask-web-search.xml => moved successfully
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\dsrlte1.xml => moved successfully
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\istartsurf.xml => moved successfully
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\Extensions\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}.xpi => moved successfully
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\Extensions\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}.xpi => path removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => value removed successfully
C:\WINDOWS\Tasks\0215pitUpdateInfo.job => not found.
"C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\ask-web-search.xml" => not found.
"C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\dsrlte1.xml" => not found.
"C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\istartsurf.xml" => not found.
"C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\Extensions\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}.xpi" => not found.
"C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\defsearchp@gmail.com" => not found.
"C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\extensions\deskCutv2@gmail.com" => not found.
EmptyTemp: => 891.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:57:58 ====

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6096

U redu, sada idemo na dodatnu proveru;

Zoek-ov izvestaj prikaci uz poruku jer rezultat moze biti poduzi.





Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

Uninstall-List;
searchsimple-a.akamaihd;z
istartsurf;z
searchsimple-a.akamaihd;a
istartsurf;a
AutoClean;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Sadrzaj tog loga prikaci u poruku koristeci Prikači fajl opciju.

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

https://www.mycity.rs/must-login.png





Zoek.exe v5.0.0.1 Updated 09-November-2015
Tool run by Sandra on Mon 11/09/2015 at 19:31:08.68.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sandra\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-11-09-182347.log 394 bytes

==== Empty Folders Check ======================

C:\Program Files\Google deleted successfully
C:\PROGRA~3\Avg_Update_0215pit deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Sandra\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Sandra\AppData\Local\EmieSiteList deleted successfully
C:\Users\Sandra\AppData\Local\EmieUserList deleted successfully
C:\Users\Sandra\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.selectedEngine", "Yahoo Search");
---- Lines mindspark removed from prefs.js ----
user_pref("extensions.toolbar.mindspark._4zMembers_.browser.version.last", "39.0");
user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":221584481,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221584482,
user_pref("extensions.toolbar.mindspark._4zMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":6048000
user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.83.5.42204");
user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "http://home.tb.ask.com/index.jhtml?n=780d0d02&p2=^HJ^xpi000^YYA^");
user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2014121218");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xpi000^YYA^");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.83.5.42204");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "radmila vojvodic||jovan ivovic vitez iz topole||prolaz kroz ~i\ranu ogradu||~i\ra
user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "http://videodownloadconverter.dl.tb.ask.com/installComplete.jhtml");
user_pref("extensions.toolbar.mindspark._4zMembers_.toolbar.versionChanged", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
---- Lines quick_start removed from prefs.js ----
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- Lines istart removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "istartsurf");
user_pref("browser.search.searchengine.iconURL", "http://www.istartsurf.com/favicon.ico");
user_pref("browser.search.searchengine.name", "istartsurf");
user_pref("browser.search.searchengine.url", "http://www.istartsurf.com/web/?type=ds&ts=1439481176&z=468bb72d3026d8a7fd318f9g4zcc2tfz7bag2ecb2t&from=t
---- FireFox user.js and prefs.js backups ----

prefs_20151109_0748_.backup

==== Deleting Files \ Folders ======================

C:\windows\SysNative\Tasks\ASUS Patch for Touch Panel deleted
C:\Users\Sandra\AppData\Roaming\istartsurf deleted
C:\PROGRA~3\SetStretch.VBS deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\Yahoo! Search Updater deleted
C:\windows\SysNative\drivers\{04f4591f-794f-4cd3-bd44-605ca9a098e2}Gw64.sys deleted
C:\windows\SysNative\drivers\{0f8b6559-f83b-4fe1-988e-fd7ce3f6fd44}Gw64.sys deleted
C:\windows\SysNative\drivers\{126336c7-4a78-4328-80f9-e30008142a02}Gw64.sys deleted
C:\windows\SysNative\drivers\{27134153-7909-46db-a364-f96d5c07d5e7}Gw64.sys deleted
C:\windows\SysNative\drivers\{346beb56-fb1b-4f10-bd51-a3fbe4feb706}Gw64.sys deleted
C:\windows\SysNative\drivers\{42bf1881-d939-41ff-84e1-479f2a1fb795}Gw64.sys deleted
C:\windows\SysNative\drivers\{47ed07d3-68fa-4ddf-ab7f-f49b3b3825a3}Gw64.sys deleted
C:\windows\SysNative\drivers\{4f694d8d-6bd5-42d9-be6d-91b3dbf4a2e1}Gw64.sys deleted
C:\windows\SysNative\drivers\{58a5ae40-f38d-4727-8812-8b35b8e5c83f}Gw64.sys deleted
C:\windows\SysNative\drivers\{80e57e04-2dd7-4ce8-9ec3-2ffa9b73012c}Gw64.sys deleted
C:\windows\SysNative\drivers\{814b70f2-89de-4982-b4fb-8ca0819c757d}Gw64.sys deleted
C:\windows\SysNative\drivers\{894ab836-f565-449b-a5e4-2c51b897cb3c}Gw64.sys deleted
C:\windows\SysNative\drivers\{9ffa1362-5a89-4483-ab53-e729971bb7cf}Gw64.sys deleted
C:\windows\SysNative\drivers\{a5b4a5b4-74b5-494b-a6fd-2cfe081bbca9}Gw64.sys deleted
C:\windows\SysNative\drivers\{c7908ed8-e375-4125-97a1-cce7ce60fe1a}Gw64.sys deleted
C:\windows\SysNative\drivers\{f9345fd3-b976-4de7-89b6-b3ba7c6aaf5b}Gw64.sys deleted
C:\windows\SysNative\drivers\{fc639c50-6948-4825-bb5f-f873b3b3cc25}Gw64.sys deleted
C:\windows\SysNative\drivers\{fcb340ad-66dd-4ad6-b5a6-cf198aae06ea}Gw64.sys deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\google-avast.xml deleted
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\VideoDownloadConverter_4z deleted

==== Folders Found ======================

2015-10-15 17:25:51 2015-10-15 17:25:51 -------- d-----w- C:\Users\Sandra\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\istartsurf uninstall-15102015-192551
2015-11-09 18:48:12 2015-11-09 18:48:12 -------- d---a-w- C:\zoek_backup\C_Users_Sandra_AppData_Roaming_istartsurf

==== Files Found ======================


--- C:\FRST\Quarantine\C\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default\searchplugins\istartsurf.xml.xBAD ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 2225
Created time: 2015-08-13 15:53:19
Modified time: 2015-08-13 16:14:09
MD5: 0387B3C889F5994588E0C637F1B396B9
SHA1: 0501653AAFD4683E0B21283C79470148333AFBB1


==== Registry Search Results for "searchsimple-a.akamaihd" ======================

No instances of string "searchsimple-a.akamaihd" found.

==== Registry Search Results for "istartsurf" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware]

[HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware\istartsurfhp]

[HKEY_USERS\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com]

[HKEY_USERS\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "Google (avast)");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"ff-bmboc@bytemobile.com"="C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\xx64iwxk.default
863AF0003392FEBC2667A8A790DED955 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll - Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.80

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/17/2015 04:06 PM]

Avast Online Security - Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ff-bmboc@bytemobile.com deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Public\Desktop\BS.Player PRO.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe
C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Users\Public\Desktop\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Users\Public\Desktop\Virtual CloneDrive.lnk - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast antivirus.lnk -
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=14394811.....XXS0V4S2RK
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Manual.lnk - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\HelpLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Uninstall.lnk - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive Revision History.lnk - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\manual\changes_vcd.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive.lnk - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller Pro\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh\BS.Player PRO\BS.Player PRO capture.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe -capture
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh\BS.Player PRO\BS.Player PRO subtitle editor.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe -subedit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh\BS.Player PRO\BS.Player PRO.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh\BS.Player PRO\Uninstall BS.Player PRO.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\uninstall.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS Install.lnk - C:\eSupport\eDriver\AsInsWiz.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player PRO.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=14394811.....XXS0V4S2RK
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== shortcuts After Repair ======================

C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== Uninstall List x64 ======================

Adobe Flash Player 19 NPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI]
Adobe Reader X (10.1.15) MUI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}]
Adobe Refresh Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824147215}]
Alcor Micro USB Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F9D72742-0351-447C-B160-F0A5AC9D87BF}]
Alcor Micro USB Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AmUStor]
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3108C217-BE83-42E4-AE9E-A56A2A92E549}]
ATK Package [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}]
Avast Free Antivirus [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\avast]
BS.Player PRO [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayerp]
CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Intel(R) Dynamic Platform and Thermal Framework [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C]
Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}]
Intel(R) Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Intel(R) SDK for OpenCL - CPU Only Runtime Package [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}]
Intelr Trusted Connect Service Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}]
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BABDA39-61CF-41EE-992D-4054B6649A9B}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}]
Mozilla Firefox 41.0.2 (x86 en-US) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 41.0.2 (x86 en-US)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}]
MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}]
Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D888F114-7537-4D48-AF03-5DA9C82D7540}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30F99474-EBE3-4134-A02B-F6CD38CFE243}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC6C7107-7D72-41A1-A031-3CE751159BAB}]
Qualcomm Atheros Client Installation Program [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28006915-2739-4EBE-B5E8-49B25D32EB33}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
Revo Uninstaller Pro 3.1.4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1]
TeamViewer 10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer]
VirtualCloneDrive [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VirtualCloneDrive]
Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}]
Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C034A6F9-6569-491B-B3BF-F5D15221A708}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18272881-CFC0-434D-A975-E5BE44206AA0}]
WinFlash [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8F21291E-0444-4B1D-B9F9-4370A73E346D}]
WinRAR 5.21 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\IE\BAWA9JVA will be deleted at reboot
C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\IE\Y4RWHWGG will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=28 folders=3 1101661 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Sandra\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Sandra\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\IE\BAWA9JVA" not found
"C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\IE\Y4RWHWGG" not found

==== EOF on Mon 11/09/2015 at 19:59:09.82 ======================

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6096

Pozdrav,

Arrow Sada izvrsi ovaj zoek script, znaci na isti nacin kao sto si to malopre uradio;
Restore;|C:\windows\SysNative\Tasks\ASUS Patch for Touch Panel
[-HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware\istartsurfhp];r
[-HKEY_USERS\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com];r
[-HKEY_USERS\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com];r
Reboot;

Iskopiraj sveze postavljen Zoek izvestaj.




Arrow Postavi Firefox na default podesavanja;
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings




Arrow Sada zapakuj (zip-uj/rar-uj) i uploaduj mi oba foldera na analizu;

C:\FRST\Quarantine
C:\zoek_backup

Koristi ovu formu za upload;
http://www.mycity.rs/ambulanta-upload.php

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

Zoek.exe v5.0.0.1 Updated 09-November-2015
Tool run by Sandra on Tue 11/10/2015 at 14:59:31.80.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sandra\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-11-09-182347.log 394 bytes
C:\zoek-results2015-11-09-185909.log 29405 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware\istartsurfhp]
[-HKEY_USERS\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com]
[-HKEY_USERS\S-1-5-21-1439707929-2427184225-1161348364-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=28 folders=3 1101661 bytes)

==== After Reboot ======================

==== EOF on Tue 11/10/2015 at 15:04:15.24 ======================

Morao sam da stavim u dva rara FRST zato sto je bio 14mb

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6096

Stanje?

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

Stanje je sada mnogo bolje.
Hvala puno Ziveli

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6096

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 596 korisnika na forumu :: 8 registrovanih, 2 sakrivenih i 586 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, alkatraz080, cikadeda, havoc995, nemkea71, sale755, Srki94, VJ