Poslao: 13 Okt 2014 23:07
|
offline
- Marko Srbin
- Ugledni građanin
- Pridružio: 13 Feb 2012
- Poruke: 364
|
https://www.mycity.rs/must-login.png
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by Markovic (administrator) on MARKOVIC-PC on 13-10-2014 22:57:57
Running from C:\Users\Markovic\Desktop
Loaded Profile: Markovic (Available profiles: Markovic)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2014-02-03] (Power Software Ltd)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-24] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2763985286-3645719700-1425198300-1001\...\Run: [Viber] => "C:\Users\Markovic\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-2763985286-3645719700-1425198300-1001\...\Run: [99F46D0887681C29F21B983FA02E70E05C9BFDA1._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
HKU\S-1-5-21-2763985286-3645719700-1425198300-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [603648 2012-06-22] (MyCity)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0319C13CDF2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-24]
Chrome:
=======
CHR Profile: C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Stylish) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-10-12]
CHR Extension: (Google новчаник) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-24] (AVAST Software)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-04-19] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-04-19] ()
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2014-02-03] (Power Software Ltd)
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-13 22:53 - 2014-10-13 22:53 - 00000000 _____ () C:\Users\Markovic\Desktop\New Text Document (2).txt
2014-10-13 16:49 - 2014-10-13 16:49 - 00022052 _____ () C:\Users\Markovic\Documents\Addition.txt
2014-10-13 16:49 - 2014-10-13 16:49 - 00015429 _____ () C:\Users\Markovic\Documents\zoek-results.txt
2014-10-13 16:47 - 2014-10-13 16:47 - 00022052 _____ () C:\Users\Markovic\Desktop\Addition.txt
2014-10-13 16:45 - 2014-10-13 22:57 - 00011934 _____ () C:\Users\Markovic\Desktop\FRST.txt
2014-10-13 16:45 - 2014-10-13 16:45 - 00000000 ____D () C:\Users\Markovic\Desktop\FRST-OlderVersion
2014-10-13 16:45 - 2014-10-12 20:17 - 00028005 _____ () C:\zoek-results2014-10-12-181757.log
2014-10-12 20:23 - 2014-10-12 20:24 - 00000052 _____ () C:\Users\Markovic\Desktop\New Text Document.txt
2014-10-12 20:21 - 2014-10-12 20:21 - 00028005 _____ () C:\Users\Markovic\Downloads\270792_150215035_zoek-results.txt
2014-10-12 20:21 - 2014-10-12 20:21 - 00000300 _____ () C:\Users\Markovic\Downloads\270792_1043880075_fixlist.txt.txt
2014-10-12 20:00 - 2014-10-13 16:49 - 00015429 _____ () C:\zoek-results.log
2014-10-12 19:38 - 2014-10-12 20:13 - 00000000 ____D () C:\zoek_backup
2014-10-12 19:37 - 2014-10-12 19:38 - 04256073 _____ () C:\Users\Markovic\Downloads\zoek.rar
2014-10-12 19:35 - 2014-10-12 19:36 - 00024872 _____ () C:\Users\Markovic\Downloads\FRST.txt
2014-10-12 19:35 - 2014-10-12 19:35 - 00000000 ____D () C:\Users\Markovic\Downloads\FRST-OlderVersion
2014-10-12 19:32 - 2014-10-12 19:32 - 00028576 _____ () C:\Users\Markovic\Downloads\270792_1370098270_FRST (1).txt
2014-10-10 22:50 - 2014-10-10 22:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-10 22:50 - 2014-10-10 22:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-10 22:49 - 2014-10-10 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-10 22:49 - 2014-10-10 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-10 22:49 - 2014-10-10 22:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-10 22:49 - 2014-10-10 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-10 22:49 - 2014-10-10 22:49 - 00000000 ____D () C:\Program Files\Java
2014-10-10 22:44 - 2014-10-10 22:44 - 00918440 _____ (Oracle Corporation) C:\Users\Markovic\Downloads\chromeinstall-7u67.exe
2014-10-10 22:20 - 2014-10-10 22:20 - 00028576 _____ () C:\Users\Markovic\Downloads\270792_1370098270_FRST.txt
2014-10-10 22:18 - 2014-10-10 22:18 - 00018300 _____ () C:\Users\Markovic\Downloads\Addition.txt
2014-10-10 22:14 - 2014-10-13 22:58 - 00000000 ____D () C:\FRST
2014-10-10 22:12 - 2014-10-13 16:45 - 01101824 _____ (Farbar) C:\Users\Markovic\Desktop\FRST.exe
2014-10-10 22:12 - 2014-10-12 19:35 - 01101824 _____ (Farbar) C:\Users\Markovic\Downloads\FRST.exe
2014-10-10 10:01 - 2014-10-10 10:01 - 00002804 _____ () C:\Users\Markovic\Desktop\JRT.txt
2014-10-10 09:56 - 2014-10-10 09:57 - 01705755 _____ (Thisisu) C:\Users\Markovic\Downloads\JRT.exe
2014-10-10 09:52 - 2014-10-10 09:52 - 01375089 _____ () C:\Users\Markovic\Downloads\AdwCleaner.exe
2014-10-10 09:41 - 2014-10-10 09:57 - 00000000 ____D () C:\Windows\ERUNT
2014-10-10 09:41 - 2014-10-10 09:41 - 00000526 _____ () C:\DelFix.txt
2014-10-09 13:34 - 2014-10-09 13:34 - 00109280 _____ () C:\Users\Markovic\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 13:33 - 2014-10-13 15:47 - 00001344 _____ () C:\Windows\setupact.log
2014-10-09 13:33 - 2014-10-12 20:17 - 00040258 _____ () C:\Windows\PFRO.log
2014-10-09 13:33 - 2014-10-09 13:33 - 00409440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-09 13:33 - 2014-10-09 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-09 12:28 - 2014-10-09 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-10-09 12:27 - 2014-10-13 15:48 - 00000000 ____D () C:\ProgramData\MCShield
2014-10-09 12:27 - 2014-10-09 12:28 - 00000000 ____D () C:\Program Files\MCShield
2014-10-09 12:12 - 2014-10-09 12:12 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-09 12:12 - 2014-10-09 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-09 12:12 - 2014-10-09 12:12 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-09 12:12 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 12:11 - 2014-10-09 12:11 - 00000000 ____D () C:\Users\Markovic\Downloads\MalwareBytes AntiMalware[arMa]
2014-10-06 22:57 - 2014-10-09 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-03 20:06 - 2014-10-03 20:06 - 00000000 ____D () C:\Users\Markovic\Desktop\Muzika za Mp3
2014-10-01 14:28 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:42 - 2014-10-12 22:48 - 00000000 ____D () C:\Users\Markovic\Desktop\STAMPAC NE BRISI !!!
2014-09-24 16:23 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 00:11 - 2014-09-24 00:11 - 00002083 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-24 00:11 - 2014-09-24 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-24 00:10 - 2014-09-24 00:09 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-24 00:10 - 2014-09-24 00:09 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-24 00:10 - 2014-09-24 00:09 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-24 00:09 - 2014-09-24 00:11 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-24 00:09 - 2014-09-24 00:09 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-24 00:09 - 2014-09-24 00:09 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-24 00:09 - 2014-09-24 00:09 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-24 00:09 - 2014-09-24 00:09 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-24 00:09 - 2014-09-24 00:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-24 00:09 - 2014-09-24 00:09 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-24 00:07 - 2014-09-24 00:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-22 23:00 - 2014-09-24 00:11 - 00000000 ____D () C:\Users\Markovic\AppData\Roaming\AVAST Software
2014-09-21 19:19 - 2014-09-21 19:19 - 00000000 ____D () C:\Users\Markovic\AppData\Local\VS Revo Group
2014-09-21 19:19 - 2014-09-21 19:19 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-20 10:46 - 2014-09-22 23:02 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Markovic\AppData\Local\Comodo
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Guest
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Administrator
2014-09-15 19:43 - 2014-09-15 22:13 - 03012304 _____ () C:\Users\Markovic\Desktop\New Microsoft Office PowerPoint Presentation.pptx
2014-09-15 19:43 - 2014-09-15 19:43 - 00000165 ____H () C:\Users\Markovic\Desktop\~$New Microsoft Office PowerPoint Presentation.pptx
2014-09-13 22:20 - 2014-09-24 19:08 - 00000000 ____D () C:\Users\Markovic\Desktop\Muzika Najnovije
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-13 22:25 - 2014-06-30 15:20 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 22:04 - 2014-03-14 22:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 18:44 - 2014-05-20 21:02 - 01866931 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 15:55 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 15:55 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 15:47 - 2014-06-30 15:20 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 15:47 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 20:12 - 2013-12-06 23:48 - 00000000 ____D () C:\Users\Markovic
2014-10-12 13:56 - 2014-06-26 15:55 - 00000000 ____D () C:\Users\Markovic\Documents\Euro Truck Simulator 2
2014-10-11 00:27 - 2014-08-25 14:29 - 00000000 ____D () C:\Users\Markovic\Desktop\Slike za stampanje
2014-10-10 10:02 - 2014-07-05 10:24 - 00000000 ____D () C:\AdwCleaner
2014-10-09 20:32 - 2013-12-06 23:53 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 13:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-10-09 12:26 - 2014-06-18 15:21 - 00000000 ____D () C:\ProgramData\Skype
2014-10-09 12:23 - 2014-09-07 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-10-09 12:23 - 2014-06-19 17:50 - 00000000 ____D () C:\Users\Markovic\AppData\Roaming\uTorrent
2014-10-09 12:22 - 2014-02-21 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-10-09 12:22 - 2013-12-07 16:50 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 12:17 - 2013-12-06 23:56 - 00000000 ____D () C:\Users\Markovic\AppData\Local\Google
2014-10-06 22:58 - 2014-02-23 20:51 - 00000000 ___HD () C:\Users\Markovic\Desktop\.picasaoriginals
2014-10-06 22:56 - 2013-12-06 23:56 - 00000000 ____D () C:\Program Files\Google
2014-10-04 14:03 - 2014-01-05 11:16 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-04 13:31 - 2014-01-05 11:16 - 00001112 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-10-04 13:31 - 2014-01-05 11:16 - 00000000 ____D () C:\Users\Markovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-04 13:31 - 2014-01-05 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-02 04:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-02 04:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-09-28 13:24 - 2009-07-14 06:53 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 19:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-25 13:15 - 2014-08-20 22:44 - 00000000 ____D () C:\Users\Markovic\Desktop\slike
2014-09-24 20:04 - 2013-12-06 23:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 20:04 - 2013-12-06 23:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 00:35 - 2014-08-01 16:56 - 00000000 ____D () C:\Users\Markovic\AppData\Roaming\Dropbox
2014-09-24 00:07 - 2013-12-07 13:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-24 00:05 - 2009-07-14 04:04 - 00002577 _____ () C:\Windows\system32\config.nt
2014-09-22 23:01 - 2014-09-03 22:48 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-09-21 14:14 - 2014-09-09 21:46 - 00000000 ____D () C:\Users\Markovic\Desktop\Linkovi za S.N
2014-09-20 10:46 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-17 13:59 - 2013-12-08 13:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 22:20 - 2014-06-19 19:20 - 00000000 ____D () C:\Users\Markovic\AppData\Local\Microsoft Help
2014-09-15 22:19 - 2014-09-02 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-15 09:06 - 2013-12-07 00:32 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 14:13
==================== End Of Log ============================
|
|
|
|
Poslao: 13 Okt 2014 23:19
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
spentez, zoek-backup.rar je uspesno uploadovan.
Molim te sada zapakuj (zip/rar-uj) sledeci folder ...
C:\Program files (x86)\Google
...i posalji ga na analizu preko ove forme:
http://www.mycity.rs/ambulanta-upload.php
Javi ovde u temi kada to uradis.
Isto tako, cisto da te podsetim na ovo:
magna86 ::Molim te, pazljivo razmisli i reci mi sta si tacno skidao, preuzimao, radio pre nego sto su pocela ova upozorenja od avast!-a. Linkovi takodje znace.
Ovo mozes da uradis i preko privatne poruke ako ti je tako lakse. Voleo bih da nadjem izvor infekcije, sam installer (droper) ako je to ikako moguce.
Molim te da se setis jer bilo bi dobro kada bismo pronasli sam adware installer, originalnu infekciju. Ovu informaciju mozes proslediti meni na privatnu poruku, mene samo zanima sam malware, instalacija (link) ...sta god.
Ocekuj moj odgovor sutra, sada je vec kasno.
|
|
|
|
|
Poslao: 13 Okt 2014 23:59
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
Zasticen je. Prvo ga iskopiraj na Desktop a potom ga zapakuj. To bi trebalo da radi.
|
|
|
|
|
Poslao: 14 Okt 2014 22:26
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
Mozes li to ponoviti jos jednom? Posto zadnje sto imam od tebe je zoek-backup.rar.
Sutra cu pregledati upload i proslediti fix za ovo.
|
|
|
|
Poslao: 15 Okt 2014 23:18
|
offline
- Marko Srbin
- Ugledni građanin
- Pridružio: 13 Feb 2012
- Poruke: 364
|
Nesto nece ovo da se uploduje,pokazuje da se uplodovalo,dodje do 100% i nista,nego prijatelju krenuo mi je nesto cesto da mi se restartuje sam komp,sam od sebe sta bi to moglo biti?
|
|
|
|
|
Poslao: 17 Okt 2014 17:59
|
offline
- Marko Srbin
- Ugledni građanin
- Pridružio: 13 Feb 2012
- Poruke: 364
|
Zoek.exe v5.0.0.0 Updated 16-10-2014
Tool run by Markovic on ??? 17.10.2014 at 17:17:09,92.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Markovic\AppData\Local\Temp\Rar$DIa0.048\zoek.scr [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-10-12-181757.log 28005 bytes
C:\zoek-results2014-10-13-144919.log 15429 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Markovic\AppData\Local\Comodo deleted
C:\Users\HomeGroupUser$\AppData\Local\Comodo deleted
C:\Users\Guest\AppData\Local\Comodo deleted
C:\Users\Administrator\AppData\Local\Comodo deleted
C:\Users\HomeGroupUser$\AppData\Local\Google deleted
C:\Users\Guest\AppData\Local\Google deleted
C:\Users\Administrator\AppData\Local\Google deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [24.09.2014 00:09]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24.09.2014 00:09]
Stylish - Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
Google Wallet - Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GoSavei - Markovic\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eokgpaaebfecebhhpbnnnhhdaclibold
==== Chromium Fix ======================
C:\Users\Markovic\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eokgpaaebfecebhhpbnnnhhdaclibold deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Markovic\Desktop\Computer - Shortcut.lnk -
C:\Users\Markovic\Desktop\Easy MP3 Cutter.lnk - C:\Program Files\Easy MP3 Cutter\mp3_cutter.exe
C:\Users\Markovic\Desktop\Euro Truck Simulator 2.lnk - C:\2-click run\Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East)\bin\win_x86\eurotrucks2.exe
C:\Users\Markovic\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files\Winamp\winamp.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Markovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Markovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files\WinRAR\WhatsNew.txt
C:\Users\Markovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Markovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\MCShield Control Center.lnk - C:\Program Files\MCShield\MCShieldCC.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\MCShield Real-Time Monitor.lnk - C:\Program Files\MCShield\MCShieldRTM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\MCShield Website.lnk - C:\Program Files\MCShield\MCShield website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Logs\All scans.lnk - C:\ProgramData\MCShield\AllScans.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Logs\Last scan.lnk - C:\ProgramData\MCShield\LastScan.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Logs\Summary.lnk - C:\ProgramData\MCShield\Summary.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Uninstall\Uninstall MCShield.lnk - C:\Program Files\MCShield\MCS-uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Markovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Users\Markovic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Markovic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=232 folders=130 4481853 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Markovic\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Markovic\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ??? 17.10.2014 at 17:33:02,04 ======================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014
Ran by Markovic (administrator) on MARKOVIC-PC on 17-10-2014 17:50:06
Running from C:\Users\Markovic\Desktop
Loaded Profile: Markovic (Available profiles: Markovic)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2014-02-03] (Power Software Ltd)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-24] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2763985286-3645719700-1425198300-1001\...\Run: [Viber] => "C:\Users\Markovic\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-2763985286-3645719700-1425198300-1001\...\Run: [99F46D0887681C29F21B983FA02E70E05C9BFDA1._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
HKU\S-1-5-21-2763985286-3645719700-1425198300-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [603648 2012-06-22] (MyCity)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0319C13CDF2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-24]
Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M055D48CE-4157-41BA-A327-C96D09717E88&SearchSource=55&CUI=&UM=5&UP=SP564B6EDA-5CDC-45A0-9734-2BA9ACE39AD9&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M055D48CE-4157-41BA-A327-C96D09717E88&SearchSource=55&CUI=&UM=5&UP=SP564B6EDA-5CDC-45A0-9734-2BA9ACE39AD9&SSPV=", "hxxp://search.babylon.com/?affID=109217&tt=3012_5&babsrc=HP_ss&mntrId=a4b26cab000000000000002618e58424", "https://isearch.avg.com/?cid={CCA6C59E-D85B-4C97-92BA-837EF1275504}&mid=4e4099e0c85f47d0a8b4d16f5e016dd7-69f8be8508645891cb5cb782037c6f3fd1105d74&lang=en&ds=gl011&pr=sa&d=2012-07-25%2012:43:47&v=12.1.0.21&sap=hp", "https://isearch.avg.com/?cid={3CEDFEB5-FA59-4BAE-92E6-B0E475D525DF}&mid=17985eb0dd134f0fadf86725373eab8a-69f8be8508645891cb5cb782037c6f3fd1105d74&lang=en&ds=pl011&pr=sa&d=2012-08-03%2023:57:43&v=12.1.0.21&sap=hp", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=n12521-334&t=4", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchURL: Default -> http://search.conduit.com/Results.aspx?gd=&ctid=CT.....CE39AD9&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17]
CHR Extension: (Google документи) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
CHR Extension: (Google диск) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17]
CHR Extension: (YouTube) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]
CHR Extension: (Google претрага) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]
CHR Extension: (Google табеле) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17]
CHR Extension: (avast! Online Security) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-17]
CHR Extension: (Nimbus Notes) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\haafigbapbpbpnmgcknnmilaaaimggpk [2014-10-17]
CHR Extension: (Sky and Forest [FVD]) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabingleedfgfnnkebeaciehlcjjlkka [2014-10-17]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2014-10-17]
CHR Extension: (Google новчаник) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-17]
CHR Extension: (Gmail) - C:\Users\Markovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-24]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-24] (AVAST Software)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-04-19] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-04-19] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2014-02-03] (Power Software Ltd)
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-17 17:50 - 2014-10-17 17:50 - 00014004 _____ () C:\Users\Markovic\Desktop\FRST.txt
2014-10-17 17:49 - 2014-10-17 17:49 - 00000000 ____D () C:\Users\Markovic\Desktop\FRST-OlderVersion
2014-10-17 17:44 - 2014-10-17 17:44 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-17 17:44 - 2014-10-17 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-17 17:43 - 2014-10-17 17:43 - 00880272 _____ (Google Inc.) C:\Users\Markovic\Downloads\ChromeSetup.exe
2014-10-17 17:33 - 2014-10-17 17:33 - 00011440 _____ () C:\Users\Markovic\Documents\zoek-results.txt
2014-10-17 17:31 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-17 17:17 - 2014-10-13 16:49 - 00015429 _____ () C:\zoek-results2014-10-13-144919.log
2014-10-16 19:46 - 2014-10-16 19:46 - 00003765 _____ () C:\Users\Markovic\Desktop\Pansport.txt
2014-10-15 19:48 - 2014-10-15 19:48 - 00050118 _____ () C:\Users\Markovic\Downloads\Родословно дърво баба Кева - за Марко Враня.xlsx
2014-10-15 19:46 - 2014-10-15 19:46 - 00880272 _____ (Google Inc.) C:\Users\Markovic\Downloads\googledrivesync.exe
2014-10-15 14:19 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 14:19 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 14:19 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 14:19 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 14:19 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 14:19 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 14:19 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 14:19 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 14:19 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 14:19 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 14:19 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 14:19 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 14:19 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 14:19 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 14:19 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 14:19 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 14:19 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 14:19 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 14:19 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 14:19 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 14:19 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 14:19 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 14:19 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 14:19 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 14:19 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 14:19 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 14:19 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 14:19 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 14:19 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 14:19 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 14:19 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 14:19 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 14:19 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 14:19 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 14:19 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 14:19 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 14:19 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 14:19 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 14:19 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 14:19 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 14:19 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 14:19 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 14:19 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 14:19 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 14:19 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 14:19 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 14:18 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 14:18 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 14:17 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 14:17 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 14:17 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 14:17 - 2014-08-19 04:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 14:17 - 2014-08-19 04:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 14:17 - 2014-08-19 04:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 14:17 - 2014-08-19 04:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 14:17 - 2014-08-19 03:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 14:17 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 14:17 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 14:17 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 14:17 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 14:17 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 14:17 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 14:17 - 2014-07-07 03:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 14:17 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 14:17 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 14:17 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 14:17 - 2014-07-07 03:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 14:17 - 2014-06-28 02:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 14:17 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 14:17 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-13 23:57 - 2014-10-13 23:58 - 00000000 ____D () C:\Users\Markovic\Desktop\Google
2014-10-13 16:45 - 2014-10-12 20:17 - 00028005 _____ () C:\zoek-results2014-10-12-181757.log
2014-10-12 20:21 - 2014-10-12 20:21 - 00028005 _____ () C:\Users\Markovic\Downloads\270792_150215035_zoek-results.txt
2014-10-12 20:21 - 2014-10-12 20:21 - 00000300 _____ () C:\Users\Markovic\Downloads\270792_1043880075_fixlist.txt.txt
2014-10-12 20:00 - 2014-10-17 17:33 - 00011440 _____ () C:\zoek-results.log
2014-10-12 19:38 - 2014-10-17 17:29 - 00000000 ____D () C:\zoek_backup
2014-10-12 19:37 - 2014-10-12 19:38 - 04256073 _____ () C:\Users\Markovic\Downloads\zoek.rar
2014-10-12 19:35 - 2014-10-12 19:36 - 00024872 _____ () C:\Users\Markovic\Downloads\FRST.txt
2014-10-12 19:35 - 2014-10-12 19:35 - 00000000 ____D () C:\Users\Markovic\Downloads\FRST-OlderVersion
2014-10-12 19:32 - 2014-10-12 19:32 - 00028576 _____ () C:\Users\Markovic\Downloads\270792_1370098270_FRST (1).txt
2014-10-10 22:50 - 2014-10-10 22:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-10 22:50 - 2014-10-10 22:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-10 22:49 - 2014-10-10 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-10 22:49 - 2014-10-10 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-10 22:49 - 2014-10-10 22:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-10 22:49 - 2014-10-10 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-10 22:49 - 2014-10-10 22:49 - 00000000 ____D () C:\Program Files\Java
2014-10-10 22:44 - 2014-10-10 22:44 - 00918440 _____ (Oracle Corporation) C:\Users\Markovic\Downloads\chromeinstall-7u67.exe
2014-10-10 22:20 - 2014-10-10 22:20 - 00028576 _____ () C:\Users\Markovic\Downloads\270792_1370098270_FRST.txt
2014-10-10 22:18 - 2014-10-10 22:18 - 00018300 _____ () C:\Users\Markovic\Downloads\Addition.txt
2014-10-10 22:14 - 2014-10-17 17:50 - 00000000 ____D () C:\FRST
2014-10-10 22:12 - 2014-10-17 17:49 - 01102848 _____ (Farbar) C:\Users\Markovic\Desktop\FRST.exe
2014-10-10 22:12 - 2014-10-12 19:35 - 01101824 _____ (Farbar) C:\Users\Markovic\Downloads\FRST.exe
2014-10-10 09:56 - 2014-10-10 09:57 - 01705755 _____ (Thisisu) C:\Users\Markovic\Downloads\JRT.exe
2014-10-10 09:52 - 2014-10-10 09:52 - 01375089 _____ () C:\Users\Markovic\Downloads\AdwCleaner.exe
2014-10-10 09:41 - 2014-10-10 09:57 - 00000000 ____D () C:\Windows\ERUNT
2014-10-10 09:41 - 2014-10-10 09:41 - 00000526 _____ () C:\DelFix.txt
2014-10-09 13:34 - 2014-10-09 13:34 - 00109280 _____ () C:\Users\Markovic\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 13:33 - 2014-10-17 17:39 - 00002688 _____ () C:\Windows\setupact.log
2014-10-09 13:33 - 2014-10-17 17:32 - 00040938 _____ () C:\Windows\PFRO.log
2014-10-09 13:33 - 2014-10-16 13:05 - 00409440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-09 13:33 - 2014-10-09 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-09 12:28 - 2014-10-09 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-10-09 12:27 - 2014-10-17 17:39 - 00000000 ____D () C:\ProgramData\MCShield
2014-10-09 12:27 - 2014-10-09 12:28 - 00000000 ____D () C:\Program Files\MCShield
2014-10-09 12:12 - 2014-10-09 12:12 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-09 12:12 - 2014-10-09 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-09 12:12 - 2014-10-09 12:12 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-09 12:12 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 12:11 - 2014-10-09 12:11 - 00000000 ____D () C:\Users\Markovic\Downloads\MalwareBytes AntiMalware[arMa]
2014-10-06 22:57 - 2014-10-09 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-03 20:06 - 2014-10-03 20:06 - 00000000 ____D () C:\Users\Markovic\Desktop\Muzika za Mp3
2014-10-01 14:28 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:42 - 2014-10-15 23:19 - 00000000 ____D () C:\Users\Markovic\Desktop\STAMPAC NE BRISI !!!
2014-09-24 16:23 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 00:11 - 2014-09-24 00:11 - 00002083 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-24 00:11 - 2014-09-24 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-24 00:10 - 2014-09-24 00:09 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-24 00:10 - 2014-09-24 00:09 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-24 00:10 - 2014-09-24 00:09 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-24 00:09 - 2014-09-24 00:11 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-24 00:09 - 2014-09-24 00:09 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-24 00:09 - 2014-09-24 00:09 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-24 00:09 - 2014-09-24 00:09 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-24 00:09 - 2014-09-24 00:09 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-24 00:09 - 2014-09-24 00:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-24 00:09 - 2014-09-24 00:09 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-24 00:07 - 2014-09-24 00:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-22 23:00 - 2014-09-24 00:11 - 00000000 ____D () C:\Users\Markovic\AppData\Roaming\AVAST Software
2014-09-21 19:19 - 2014-09-21 19:19 - 00000000 ____D () C:\Users\Markovic\AppData\Local\VS Revo Group
2014-09-21 19:19 - 2014-09-21 19:19 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-20 10:46 - 2014-10-17 17:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Guest
2014-09-20 10:46 - 2014-09-20 10:46 - 00000000 ____D () C:\Users\Administrator
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-17 17:48 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 17:48 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 17:44 - 2014-05-20 21:02 - 01675107 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 17:44 - 2013-12-06 23:56 - 00000000 ____D () C:\Users\Markovic\AppData\Local\Google
2014-10-17 17:44 - 2013-12-06 23:56 - 00000000 ____D () C:\Program Files\Google
2014-10-17 17:39 - 2014-06-30 15:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 17:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 17:29 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-17 17:04 - 2014-03-14 22:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 16:51 - 2014-06-30 15:20 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 21:57 - 2014-06-26 15:55 - 00000000 ____D () C:\Users\Markovic\Documents\Euro Truck Simulator 2
2014-10-16 19:47 - 2013-12-06 23:53 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 17:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 14:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 13:03 - 2014-05-05 23:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 00:08 - 2013-12-15 02:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 00:06 - 2013-12-15 02:43 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 22:35 - 2014-08-20 22:44 - 00000000 ____D () C:\Users\Markovic\Desktop\slike
2014-10-15 18:56 - 2014-08-25 14:29 - 00000000 ____D () C:\Users\Markovic\Desktop\Slike za stampanje
2014-10-14 00:22 - 2014-06-19 17:50 - 00000000 ____D () C:\Users\Markovic\AppData\Roaming\uTorrent
2014-10-12 20:12 - 2013-12-06 23:48 - 00000000 ____D () C:\Users\Markovic
2014-10-10 10:02 - 2014-07-05 10:24 - 00000000 ____D () C:\AdwCleaner
2014-10-09 13
https://www.mycity.rs/must-login.png
|
|
|
|
|