Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
- Ran by MARKO (administrator) on MARKO-PC (04-10-2015 17:54:24)
- Running from C:\Users\MARKO\Downloads
- Loaded Profiles: MARKO (Available Profiles: MARKO)
- Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Engleski (Sjedinjene Države)
- Internet Explorer Version 10 (Default browser: FF)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
- (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
- (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
- (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
- () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
- (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
- (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
- (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- (Microsoft Corporation) C:\Windows\System32\dllhost.exe
- ==================== Registry (Whitelisted) ===========================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2013-09-04] (Realtek Semiconductor)
- HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-10-03] (COMODO)
- HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
- HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-01-05] (Advanced Micro Devices, Inc.)
- HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2015-04-05] ()
- HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-10-04] (Malwarebytes Corporation)
- HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe
- HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [uTorrent] => C:\Users\MARKO\AppData\Roaming\uTorrent\uTorrent.exe [1439144 2015-03-24] (BitTorrent Inc.)
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [Facebook Update] => C:\Users\MARKO\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-24] (Facebook Inc.)
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [Viber] => C:\Users\MARKO\AppData\Local\Viber\Viber.exe [72389840 2015-08-21] ()
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2015-06-29] (Comfort Software Group)
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\MountPoints2: {2462968d-fc6e-11e4-8a39-00304f7fe9c9} - H:\HTC_Sync_Manager_PC.exe
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\MountPoints2: {eeda6a11-0503-11e5-be9f-00304f7fe9c9} - F:\HTC_Sync_Manager_PC.exe
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\MountPoints2: {fc83f6c0-166d-11e3-ae31-806e6f6e6963} - G:\autorun.exe
- HKU\S-1-5-18\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe
- HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-01-05] (Advanced Micro Devices, Inc.)
- Startup: C:\Users\MARKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-11-01] ()
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
- Tcpip\..\Interfaces\{561B1418-DC0F-43A3-888B-063430E82863}: [DhcpNameServer] 172.30.3.254
- Tcpip\..\Interfaces\{7946A9F1-5143-451C-9A7E-F51476A3CED4}: [NameServer] 85.114.32.7,85.114.32.8
- Tcpip\..\Interfaces\{9C546357-891C-491D-8500-8EFCD1EA5E1C}: [DhcpNameServer] 192.168.1.1
- Internet Explorer:
- ==================
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
- HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
- HKU\S-1-5-21-704505325-1926296974-3857051907-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
- SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKU\S-1-5-21-704505325-1926296974-3857051907-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKU\S-1-5-21-704505325-1926296974-3857051907-1000 -> OldSearch URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
- BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
- BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
- BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
- BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
- BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
- BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-09] (Oracle Corporation)
- BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
- BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
- BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
- BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-09] (Oracle Corporation)
- Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
- Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
- FireFox:
- ========
- FF ProfilePath: C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default
- FF SelectedSearchEngine: Default
- FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
- FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
- FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
- FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-06-26] (Adobe Systems, Inc.)
- FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
- FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-09] (Oracle Corporation)
- FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-09] (Oracle Corporation)
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
- FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
- FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [No File]
- FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
- FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
- FF Plugin HKU\S-1-5-21-704505325-1926296974-3857051907-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\MARKO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
- FF Plugin HKU\S-1-5-21-704505325-1926296974-3857051907-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MARKO\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
- FF Plugin HKU\S-1-5-21-704505325-1926296974-3857051907-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MARKO\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
- FF SearchPlugin: C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\searchplugins\default.xml [2015-10-04]
- FF Extension: Avira Browser Safety - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\abs@avira.com [2015-10-04]
- FF Extension: TrafficLight - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\trafficlight@bitdefender.com.xpi [2015-10-04]
- FF Extension: FlashGot - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-09-06]
- FF Extension: Adblock Plus - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]
- FF Extension: Roll Around - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\{f03d5e04-efef-4fbf-9c50-0079529383b9}.xpi [2015-03-19]
- FF Extension: Adblock Edge - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-06-06]
- FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-03]
- Chrome:
- =======
- CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcAgAVFxHFxgTIlsKTA0TFwEOIQ0BWRREFg0SIwtZWAlHFwYFIk0FA1oDB0VXfV5bFElXTwhxL1VUIEseVFtH"
- CHR Plugin: (Shockwave Flash) - C:\Users\MARKO\AppData\Local\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
- CHR Plugin: (Native Client) - C:\Users\MARKO\AppData\Local\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
- CHR Plugin: (Chrome PDF Viewer) - C:\Users\MARKO\AppData\Local\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
- CHR Profile: C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default
- CHR Extension: (Google Docs) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2012-09-05]
- CHR Extension: (Google disk) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-05]
- CHR Extension: (YouTube) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-05]
- CHR Extension: (WhatsWeb) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebcbiddpikadcfodbjihffmddoohdma [2015-04-22]
- CHR Extension: (Google pretraživanje) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-05]
- CHR Extension: (Google dokumenti izvanmrežno) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
- CHR Extension: (AdBlock) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-10]
- CHR Extension: (Skype Click to Call) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-04]
- CHR Extension: (Plaćanja u web-trgovini Chrome) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
- CHR Extension: (Gmail) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-05]
- CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
- StartMenuInternet: Google Chrome.VSOYH6XW2T4XTOMIUO35XEGASE - C:\Users\MARKO\AppData\Local\Google\Chrome\Application\chrome.exe
- ==================== Services (Whitelisted) ========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-01-05] (Advanced Micro Devices, Inc.) [File not signed]
- S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2010-03-12] ()
- R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-06-10] (Microsoft Corporation)
- R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-06-10] (Microsoft Corporation)
- R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-10-03] (COMODO)
- S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-10-03] (COMODO)
- S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-29] (Comodo)
- S3 GSService; C:\Windows\SysWOW64\GSService.exe [490208 2013-07-26] ()
- S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-10-04] (Malwarebytes Corporation)
- R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2015-05-17] () [File not signed]
- S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)
- S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
- S2 Privacy Content Firewall; "C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe" [X]
- S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
- ===================== Drivers (Whitelisted) ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R1 admnfd; C:\Windows\system32\Drivers\admnfd.sys [49496 2014-12-04] (Windows (R) Win 7 DDK provider)
- R3 AODDriver; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
- R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
- R1 browserMon; C:\Windows\System32\DRIVERS\browserMon.sys [20728 2015-03-03] (Windows (R) Win 7 DDK provider)
- R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
- R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
- R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
- S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
- R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-10-04] ()
- R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
- R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
- S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-08-19] (RapidSolution Software AG)
- R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-08-19] (RapidSolution Software AG)
- R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
- S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
- R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-05] (Duplex Secure Ltd.)
- R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
- S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6408704 2010-11-29] (Etron)
- U3 a0snau1f; C:\Windows\System32\Drivers\a0snau1f.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
- S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
- S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
- S3 VGPU; System32\drivers\rdvgkmd.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-10-04 17:54 - 2015-10-04 17:54 - 00019209 _____ C:\Users\MARKO\Downloads\FRST.txt
- 2015-10-04 17:53 - 2015-10-04 17:54 - 00000000 ____D C:\FRST
- 2015-10-04 17:52 - 2015-10-04 17:53 - 02193408 _____ (Farbar) C:\Users\MARKO\Downloads\FRST64.exe
- 2015-10-04 17:52 - 2015-10-04 17:52 - 01697280 _____ (Farbar) C:\Users\MARKO\Downloads\FRST.exe
- 2015-10-04 17:30 - 2015-10-04 17:30 - 00002569 _____ C:\Users\MARKO\Desktop\JRT.txt
- 2015-10-04 17:13 - 2015-10-04 17:13 - 01801288 _____ (Malwarebytes) C:\Users\MARKO\Downloads\JRT(1).exe
- 2015-10-04 17:03 - 2015-10-04 17:03 - 02865192 _____ (Malwarebytes ) C:\Users\MARKO\Downloads\mbae-setup-1.07.1.1015.exe
- 2015-10-04 17:03 - 2015-10-04 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
- 2015-10-04 17:03 - 2015-10-04 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
- 2015-10-04 17:03 - 2015-10-04 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
- 2015-10-04 16:57 - 2015-10-04 17:11 - 00000000 ____D C:\AdwCleaner
- 2015-10-04 16:57 - 2015-10-04 16:58 - 01801288 _____ (Malwarebytes) C:\Users\MARKO\Downloads\JRT.exe
- 2015-10-04 16:57 - 2015-10-04 16:57 - 01681408 _____ C:\Users\MARKO\Downloads\AdwCleaner.exe
- 2015-10-04 02:52 - 2015-10-04 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
- 2015-10-03 17:40 - 2015-10-03 18:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
- 2015-09-30 19:37 - 2015-09-30 20:03 - 00857558 _____ C:\Users\MARKO\Downloads\Tanja Savic - Za moje dobro - (Audio 2010).mp3.part
- 2015-09-12 09:01 - 2015-09-12 09:01 - 00576909 _____ C:\Users\MARKO\Downloads\aZN8q96_460sv.mp4
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-10-04 17:50 - 2013-09-06 04:00 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
- 2015-10-04 17:45 - 2013-09-05 22:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
- 2015-10-04 17:39 - 2014-02-21 02:35 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000UA.job
- 2015-10-04 17:36 - 2013-09-04 12:48 - 01763492 _____ C:\Windows\WindowsUpdate.log
- 2015-10-04 17:06 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2015-10-04 17:06 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2015-10-04 17:01 - 2013-09-06 02:43 - 00000000 ____D C:\Users\MARKO\AppData\Roaming\uTorrent
- 2015-10-04 17:01 - 2013-09-06 02:33 - 00000000 ____D C:\Users\MARKO\AppData\Roaming\Skype
- 2015-10-04 17:01 - 2013-09-05 23:16 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
- 2015-10-04 17:01 - 2013-09-05 23:16 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
- 2015-10-04 17:00 - 2015-07-07 17:50 - 00003968 _____ C:\Windows\PFRO.log
- 2015-10-04 17:00 - 2015-05-25 22:57 - 00020334 _____ C:\Windows\setupact.log
- 2015-10-04 17:00 - 2014-12-21 15:05 - 00000000 ____D C:\Users\MARKO\AppData\Roaming\ViberPC
- 2015-10-04 17:00 - 2013-09-05 22:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
- 2015-10-04 17:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
- 2015-10-04 15:26 - 2014-10-24 15:21 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000UA.job
- 2015-10-04 15:26 - 2014-10-24 15:21 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000Core.job
- 2015-10-04 02:52 - 2015-04-05 22:03 - 00000424 _____ C:\Users\MARKO\AppData\Local\UserProducts.xml
- 2015-10-03 23:39 - 2014-02-21 02:35 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000Core.job
- 2015-10-03 18:24 - 2013-09-06 10:42 - 02492512 _____ C:\Windows\system32\Drivers\fvstore.dat
- 2015-10-02 16:56 - 2009-07-14 07:13 - 00781480 _____ C:\Windows\system32\PerfStringBackup.INI
- 2015-09-30 08:51 - 2015-05-26 01:15 - 00000000 ____D C:\Users\MARKO\Documents\The Witcher 3
- 2015-09-24 14:36 - 2015-08-17 18:15 - 00000000 ____D C:\Users\MARKO\Documents\Lightshot
- 2015-09-23 13:10 - 2015-05-15 11:24 - 00000000 ____D C:\Users\MARKO\AppData\Local\Microsoft Games
- 2015-09-22 14:52 - 2013-09-05 22:54 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
- 2015-09-22 14:52 - 2013-09-05 22:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
- 2015-09-22 14:52 - 2013-09-05 22:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
- 2015-09-19 14:21 - 2012-09-05 22:41 - 00000000 ____D C:\Users\MARKO\AppData\Local\Google
- 2015-09-14 23:34 - 2014-02-21 02:35 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000UA
- 2015-09-14 23:34 - 2014-02-21 02:35 - 00003536 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000Core
- 2015-09-07 23:38 - 2009-09-21 01:43 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_mdm.sys
- 2015-09-07 23:38 - 2009-09-21 01:43 - 00127488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bus.sys
- 2015-09-07 23:38 - 2009-09-21 01:43 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_mdfl.sys
- 2015-09-07 23:38 - 2009-09-21 01:43 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_whnt.sys
- 2015-09-07 23:38 - 2009-09-21 01:43 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_wh.sys
- 2015-09-07 23:38 - 2009-09-21 01:43 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_cmnt.sys
- 2015-09-07 23:38 - 2009-09-21 01:43 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_cm.sys
- ==================== Files in the root of some directories =======
- 2014-09-17 21:42 - 2014-09-17 21:42 - 1177208 _____ () C:\Users\MARKO\AppData\Roaming\AndyCleanupTool.exe
- 2014-09-17 21:42 - 2014-09-17 21:42 - 1176696 _____ () C:\Users\MARKO\AppData\Roaming\AndyCleanVM.exe
- 2013-09-05 23:34 - 2013-09-05 23:34 - 0000331 _____ () C:\Users\MARKO\AppData\Roaming\burnaware.ini
- 2013-09-06 01:56 - 2015-04-17 10:32 - 0099384 _____ () C:\Users\MARKO\AppData\Roaming\inst.exe
- 2013-09-06 01:56 - 2015-04-17 10:32 - 0007859 _____ () C:\Users\MARKO\AppData\Roaming\pcouffin.cat
- 2013-09-06 01:56 - 2015-04-17 10:32 - 0001167 _____ () C:\Users\MARKO\AppData\Roaming\pcouffin.inf
- 2013-09-06 01:56 - 2015-04-17 10:32 - 0000055 _____ () C:\Users\MARKO\AppData\Roaming\pcouffin.log
- 2013-09-06 01:56 - 2015-04-17 10:32 - 0082816 _____ (VSO Software) C:\Users\MARKO\AppData\Roaming\pcouffin.sys
- 2015-03-25 18:01 - 2015-03-25 18:01 - 0007844 _____ () C:\Users\MARKO\AppData\Local\CleanupUninstall.txt
- 2015-05-15 10:32 - 2015-05-15 10:32 - 0003584 _____ () C:\Users\MARKO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
- 2015-04-05 22:03 - 2015-04-05 22:03 - 0000003 _____ () C:\Users\MARKO\AppData\Local\updater.log
- 2015-04-05 22:03 - 2015-10-04 02:52 - 0000424 _____ () C:\Users\MARKO\AppData\Local\UserProducts.xml
- Some files in TEMP:
- ====================
- C:\Users\MARKO\AppData\Local\Temp\{6CA47808-7565-42DB-8009-A1FDDD834B33}.dll
- ==================== Bamital & volsnap =================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\system32\winlogon.exe => File is digitally signed
- C:\Windows\system32\wininit.exe => File is digitally signed
- C:\Windows\SysWOW64\wininit.exe => File is digitally signed
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\SysWOW64\explorer.exe => File is digitally signed
- C:\Windows\system32\svchost.exe => File is digitally signed
- C:\Windows\SysWOW64\svchost.exe => File is digitally signed
- C:\Windows\system32\services.exe => File is digitally signed
- C:\Windows\system32\User32.dll => File is digitally signed
- C:\Windows\SysWOW64\User32.dll => File is digitally signed
- C:\Windows\system32\userinit.exe => File is digitally signed
- C:\Windows\SysWOW64\userinit.exe => File is digitally signed
- C:\Windows\system32\rpcss.dll => File is digitally signed
- C:\Windows\system32\dnsapi.dll => File is digitally signed
- C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
- C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2015-10-01 01:45
- ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement